Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

laptop screen & startup menu freezing, possible malware [Solved]


  • This topic is locked This topic is locked

#1
mango_nj

mango_nj

    Member

  • Member
  • PipPipPip
  • 206 posts

Laptop screen freezing at the desktop and while surfing. Startup menu freezing as well. Have to depress power button to shut down. Been going on a week and gotten progressively worse and can't stay up past my icons loading.  Ran FRST in safe mode...otherwise it froze. Also ran Malwarebytes [safe mode]. It picked up 2 infected hijack objects and deleted them. Ran Kaspersky AV [safe mode]....performed 1 full scan and 1 critical area scan...found nothing.  In addition---did a disk cleanup, system scan and defrag. Afterwards laptop ran fine for awhile, no freezing. When I shut down for the evening and restarted, it began freezing all over again. Maybe infected with malware that my programs are not detecting. Very frustrating. Pls be patient with my replies, difficult to say connected. Any programs you need me to run, I have to do in safe mode. Appreciate the help.




Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015
Ran by Owner (administrator) on OWNER-PC on 12-07-2015 00:51:12
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Guest)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [lxdfmon.exe] => "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
HKLM\...\Run: [lxdfamon] => "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
HKLM\...\Run: [Logitech Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [56080 2007-04-11] (Logitech Inc.)
HKLM\...\Run: [LMADImon] => C:\Program Files\Lexmark Pro710 Series\LMADImon.exe [952496 2012-09-07] ()
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [58928 2006-11-29] ()
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [56080 2007-04-11] (Logitech Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [239288 2013-09-26] (WinZip Computing International, LLC)
HKLM\...\Run: [Corel Photo Downloader] => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll [2010-10-05] (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2014-07-10]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [2010-10-05] (Kaspersky Lab ZAO)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-09] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-03-20] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll [2014-05-13] (Simon Bünzli)
FF Extension: ImageBlock - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\[email protected] [2015-07-09]
FF Extension: YouTube mp3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\[email protected] [2014-11-03]
FF Extension: YesScript - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\[email protected] [2014-09-06]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2015-07-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013-11-12]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013-11-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-07] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [44224 2006-10-06] (BVRP Software) [File not signed]
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [132184 2010-06-09] (Kaspersky Lab ZAO)
S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2010-06-09] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488536 2010-10-01] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [22104 2010-04-22] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [311808 2006-11-02] (Realtek)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-11-07] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 00:51 - 2015-07-12 00:52 - 00011118 _____ C:\Users\Owner\Desktop\FRST.txt
2015-07-12 00:31 - 2015-07-12 00:51 - 00000000 ____D C:\FRST
2015-07-12 00:23 - 2015-07-12 00:24 - 01634816 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2015-07-11 21:41 - 2015-07-11 21:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Aimersoft
2015-07-08 20:55 - 2015-07-08 20:55 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1DF94514.sys
2015-07-08 05:37 - 2015-07-11 23:07 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-08 05:36 - 2015-07-08 19:15 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-08 05:36 - 2015-07-08 05:36 - 00000899 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-08 05:36 - 2015-07-08 05:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-08 05:36 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-08 05:36 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-08 05:36 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-08 05:06 - 2015-07-08 05:08 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-04 00:23 - 2015-07-04 08:10 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 00:38 - 2013-06-18 23:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 00:30 - 2013-12-19 14:28 - 00000000 ____D C:\Users\Owner\Desktop\Important
2015-07-11 23:50 - 2006-11-02 05:49 - 01676153 _____ C:\Windows\WindowsUpdate.log
2015-07-11 23:40 - 2006-11-02 05:45 - 00004048 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 23:40 - 2006-11-02 05:45 - 00004048 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 21:47 - 2013-11-12 17:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-11 21:41 - 2007-10-08 13:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-07-11 21:40 - 2007-10-08 20:15 - 01636096 _____ C:\Windows\PFRO.log
2015-07-11 21:40 - 2006-11-02 05:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 20:02 - 2008-04-05 20:47 - 00000000 ____D C:\ProgramData\TEMP
2015-07-11 19:28 - 2008-12-23 21:52 - 00000000 ____D C:\Windows\Minidump
2015-07-11 16:25 - 2006-11-02 05:58 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-10 04:01 - 2014-06-26 05:43 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2015-07-10 03:23 - 2014-12-20 23:39 - 00002377 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-10 02:25 - 2014-12-20 18:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2015-07-09 07:39 - 2012-04-05 19:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-09 07:39 - 2012-04-05 19:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-08 04:50 - 2010-01-26 14:22 - 00001356 _____ C:\Users\Owner\AppData\Local\d3d9caps.dat
2015-07-05 19:23 - 2011-12-01 22:30 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-07-03 22:18 - 2014-12-20 18:40 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 22:17 - 2014-12-20 23:39 - 00000000 ___RD C:\Program Files\Skype
2015-06-29 16:37 - 2013-03-10 04:59 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2013-11-07 10:26 - 2013-11-07 14:10 - 0000100 _____ () C:\Users\Owner\AppData\Roaming\Camdata.ini
2013-11-07 10:26 - 2013-11-07 14:10 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamLayout.ini
2013-11-07 10:26 - 2013-11-07 14:10 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamShapes.ini
2013-11-07 10:20 - 2013-11-07 14:01 - 0000096 _____ () C:\Users\Owner\AppData\Roaming\version2.xml
2007-10-11 02:04 - 2009-08-08 08:31 - 0000682 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2010-01-26 14:22 - 2015-07-08 04:50 - 0001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2007-10-14 19:26 - 2013-01-17 08:25 - 0005632 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-22 20:58 - 2010-12-12 22:22 - 0000114 ____H () C:\Users\Owner\AppData\Local\tokdet56.dat
2011-08-20 22:57 - 2011-08-20 22:57 - 0017408 _____ () C:\Users\Owner\AppData\Local\WebpageIcons.db
2013-01-19 02:52 - 2013-01-19 02:52 - 0000022 ____N () C:\Users\Owner\AppData\Local\xftredahs.dat
2013-04-20 00:27 - 2015-04-29 21:35 - 0004290 _____ () C:\ProgramData\LMADIscan.log
2008-12-13 14:59 - 2009-09-30 01:28 - 0000560 _____ () C:\ProgramData\lxdf
2010-07-09 12:36 - 2010-07-09 12:36 - 0008064 _____ () C:\ProgramData\SPL6FBC.tmp
2013-04-19 23:53 - 2013-04-19 23:53 - 0000596 _____ () C:\ProgramData\tmpFA04.tmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-12 00:51

==================== End of log ============================



_________________________________________________________________________________________________






Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2015
Ran by Owner at 2015-07-12 00:53:19
Running from C:\Users\Owner\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2753939306-2592966707-3986022943-500 - Administrator - Disabled)
Guest (S-1-5-21-2753939306-2592966707-3986022943-501 - Limited - Disabled) => C:\Users\Guest
Owner (S-1-5-21-2753939306-2592966707-3986022943-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.595.5857 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.00.595.5857 - ABBYY) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.1.0 - Auslogics Labs Pty Ltd)
Daum PotPlayer 1.6.47995 (HKLM\...\PotPlayer) (Version:  - )
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
File Association Helper (HKLM\...\{936B9029-265A-45CB-88DA-B00EAB4DD14C}) (Version: 1.1.6.53763 - WinZip Computing International, LLC)
Kaspersky Anti-Virus 2011 (HKLM\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.2.556 - Kaspersky Lab)
Kaspersky Anti-Virus 2011 (Version: 11.0.2.556 - Kaspersky Lab) Hidden
Lexmark Pro710 Series Uninstaller (HKLM\...\Lexmark Pro710 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 (HKLM\...\PictureItSuiteTrial_v12) (Version: 11.0.2018 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2407.0 - CyberLink Corporation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{01B90D9A-8209-47F7-9C52-E1244BF50CED}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{02835AE8-A267-4B1F-A05C-36D2DEA350DC}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\PSP.EXE (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{44CD0A52-D0B4-4D03-A572-A9BDAD6E2D33}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA6-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA7-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA9-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAA-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAD-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAF-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAB0-D393-11D0-9A56-00C04FB68B66}\InprocServer32 -> C:\Windows\system32\hhctrl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{5D02926A-212E-11D0-9DF9-00A0C922E6EC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{6F13DD2E-EBEE-4DD5-A72E-850B2087F5DD}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{8FA0D5A8-DEDF-11D0-9A61-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{A38B883C-1682-497E-97B0-0A3A9E801682}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{BBAC09B1-05A9-4E4F-93BA-1E409D52A268}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D0A03AD0-F49C-4E01-9C1D-CA3B7B73B08E}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D3C25535-8D07-4A8E-B24F-B917CCD78A0F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F76812F0-44A9-C582-41AC-C3484F5D58AA}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{FF4FF418-2C5B-455E-B4E6-B530FABF04AF}\InprocServer32 -> No Filepath

==================== Restore Points =========================

09-07-2015 07:18:20 Scheduled Checkpoint
10-07-2015 11:46:45 Scheduled Checkpoint
11-07-2015 15:14:22 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2013-09-03 17:19 - 00000759 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3CCE3500-3535-4D3C-8D17-622428EF09A6} - System32\Tasks\{05734DEB-4D1E-4AA1-B07D-56C1132012F9} => Firefox.exe http://ui.skype.com/...;page=tsInstall
Task: {56C94910-4FEE-4F74-9D18-93DE1F4F3FFF} - System32\Tasks\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => pcalua.exe -a "C:\windows\temp\apps\app000888\install flash player 9 ax.exe" -d C:\Windows\Temp\APPS\APP000888\ -c /S
Task: {5CB197ED-456C-4E00-A110-6E52063BCB13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {E207AF04-F765-4C45-8114-465EDF713F42} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
Task: {ED301A62-27FF-4617-8C13-B026C47AD28E} - System32\Tasks\{A3FFDBAF-6F3A-4B4B-BFA8-141C3CF2BB87} => pcalua.exe -a C:\Users\Owner\Desktop\cdex_151.exe -d C:\Users\Owner\Desktop
Task: {ED83284D-EAAF-44B9-83EA-A3A292494E9D} - System32\Tasks\{DD73897A-DD92-4BDC-8F7F-8ED3679D10E8} => Firefox.exe http://ui.skype.com/...?LastError=1601

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 12685 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BigFix => c:\program files\Bigfix\bigfix.exe /atstartup
MSCONFIG\startupreg: DW6 => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: NapsterShell => C:\Program Files\Napster\napster.exe /systray

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{6A7803E5-4B62-494A-932A-5C4273DAF7AC}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{577D8142-2C28-4698-B875-DBB5AD4300C5}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{1CF315ED-8986-49CE-9893-96579A5B6F4D}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{509DD2D9-6892-4EEE-9B6F-885B867AACAA}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [TCP Query User{F9DB4E3E-AA91-45A3-8795-5FD2767886DA}C:\kav\kav7\setup.exe] => (Allow) C:\kav\kav7\setup.exe
FirewallRules: [UDP Query User{E8EC4CE2-8951-48FB-B05A-7802C676C73C}C:\kav\kav7\setup.exe] => (Allow) C:\kav\kav7\setup.exe
FirewallRules: [{CE397E70-5250-4EB9-838A-0516FC90DA93}] => (Allow) C:\Windows\System32\lxdfcoms.exe
FirewallRules: [{A2608910-52B6-4DB3-AEBF-BC20C68B97CE}] => (Allow) C:\Windows\System32\lxdfcoms.exe
FirewallRules: [{C24CD31C-B8EA-439B-86F6-E5592D0AE2DB}] => (Allow) C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
FirewallRules: [{39DD502B-A790-44B4-977B-347CDD81477F}] => (Allow) C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
FirewallRules: [{A5C0E5DF-6FF0-48A4-9E74-0FB4F620F8D6}] => (Allow) C:\Program Files\Lexmark 6500 Series\frun.exe
FirewallRules: [{A0FA1305-C834-4570-815A-7C929B8E3837}] => (Allow) C:\Program Files\Lexmark 6500 Series\frun.exe
FirewallRules: [{BE295BAC-23B6-4EC8-BF6F-37356E97FE98}] => (Allow) C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{A2FA9C88-B3FF-4874-A1C6-94EE083F5348}] => (Allow) C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{A4DBE28E-0F3F-4677-9B5F-5AB29AC1F59C}] => (Allow) C:\Program Files\Lexmark 6500 Series\LXDFFax.exe
FirewallRules: [{67368528-39B4-4A91-B5C9-FD01940B0BC2}] => (Allow) C:\Program Files\Lexmark 6500 Series\LXDFFax.exe
FirewallRules: [{C24CBE1E-8C44-42EC-BF24-886868853584}] => (Allow) C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
FirewallRules: [{7AB1FAE7-8B87-437C-B0A9-5A8374EBF777}] => (Allow) C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
FirewallRules: [{1DA6627D-ECF2-4734-9165-4AA2DC62D8F4}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdfpswx.exe
FirewallRules: [{2841EB6B-A46E-469C-BD60-1D3F73608D6F}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdfpswx.exe
FirewallRules: [{B0C1420B-D56E-4F0C-85C9-0411423EFF38}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdftime.exe
FirewallRules: [{12D28B69-6529-4FE2-BC3B-9B24337B29BA}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdftime.exe
FirewallRules: [{20DBD894-E623-4417-AE7D-0C3B22B063A8}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdfjswx.exe
FirewallRules: [{AEC6E3BE-CF56-449B-8A1F-6C938C819838}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdfjswx.exe
FirewallRules: [TCP Query User{0D7A71CA-8A9E-48F0-8F93-892537A49B70}C:\program files\lexmark 6500 series\lxdfmon.exe] => (Allow) C:\program files\lexmark 6500 series\lxdfmon.exe
FirewallRules: [UDP Query User{1280E033-09EA-4E84-BE96-18E186625F54}C:\program files\lexmark 6500 series\lxdfmon.exe] => (Allow) C:\program files\lexmark 6500 series\lxdfmon.exe
FirewallRules: [{E80F0D52-85B3-471E-83B9-17EE45BE405A}] => (Allow) LPort=80
FirewallRules: [{54396C83-FD88-4F55-9CF0-539A3D95BCF4}] => (Allow) LPort=80
FirewallRules: [{BE6C4A6F-AF86-461F-BF91-5AE152A3B52B}] => (Allow) LPort=80
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [TCP Query User{16A40DBD-722D-4635-AE0E-58DDA4F435AA}C:\program files\lexmark pro710 series\lmadimon.exe] => (Block) C:\program files\lexmark pro710 series\lmadimon.exe
FirewallRules: [UDP Query User{157C5482-8175-47F3-992A-C849ED8DA219}C:\program files\lexmark pro710 series\lmadimon.exe] => (Block) C:\program files\lexmark pro710 series\lmadimon.exe
FirewallRules: [{04AA01E9-DCE9-49A8-B7ED-DA47DAF76B6B}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe
FirewallRules: [{07885F0E-9ED4-4E04-9E74-02CD1FEF4CF0}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe
FirewallRules: [{49919916-2E75-4A1B-A12D-C0B02B5155AD}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{151131AC-168A-4232-9DD8-8CD0C3447298}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{D104F9CD-BA95-4726-BA42-F629C9157E47}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{AA21B955-BD73-4644-A54C-E8B39502B117}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{577127DA-6C05-4C6B-8114-FABDAEB9237B}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
FirewallRules: [{8B11D1FF-7EF6-4BCE-AC05-438F335F9DFC}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
FirewallRules: [{BE12B337-9137-4D1A-84C3-C2A57E8E31D4}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADIlscn.exe
FirewallRules: [{9F711964-2E83-4C6B-92EB-DDFA7262E8FC}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADIlscn.exe
FirewallRules: [{2667B39B-8337-48E5-901A-6D7FF5D32AE5}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMabscw.dll
FirewallRules: [{D4A59D00-6092-4412-801E-DF8C63791EEA}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMabscw.dll
FirewallRules: [{520BDFEB-9C0F-44A1-BE41-B869A1FD9B88}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{45A74E42-1D05-4E24-AC80-12FEE9B9272D}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{690D656D-B83A-473C-8CCC-1304A7652C5C}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{FC5DA010-742D-4C0A-B24C-D36AD08170E4}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{EDEFE32C-5FA7-4DAD-94B8-7B5B131A56FD}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{E1F4796D-E780-4397-A313-846DC61451D0}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{DC4925AB-EBB3-430F-8254-8A6EE825F1C9}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [{9DF9341D-90B0-4166-BC74-2694B094A5FF}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [TCP Query User{1EAFEEBE-38C8-471E-915F-E9EC610479AB}C:\windows\system32\lxdfcoms.exe] => (Allow) C:\windows\system32\lxdfcoms.exe
FirewallRules: [UDP Query User{19E4C820-9C74-405E-8AAB-0F06C7589BA6}C:\windows\system32\lxdfcoms.exe] => (Allow) C:\windows\system32\lxdfcoms.exe
FirewallRules: [{592F0DC0-9860-4382-AFA9-8AB1BFF4BA6B}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{D0A7A226-5287-424E-B250-6C0B22C479EC}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{0626914A-0A51-4391-B570-F337340AE0E4}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{EA96284F-DEF4-4816-AD63-042AB92A1748}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{A576A318-7CEB-4C50-8EF8-7623032B8DA3}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{23B7D292-78E1-4C90-82B3-228C772F4A27}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{C1A90E54-E7DD-4D0D-B7CD-403AD4B8EDD1}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{76F99FCC-5DCF-449E-9501-7A2851805F64}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [Daum PotPlayer(PotPlayerMini.exe)] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{E2EA4223-9C0F-4BA3-89E9-7D498964424C}] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{4FB804DD-A2AB-4E9D-825E-2697E8345014}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{53DE46B7-0995-4166-9C80-91FC9771DDDC}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6EE59A6F-D6AF-44B6-AB79-030A75547588}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{CAE48EBB-2E54-42FB-B7BD-24851BCEDE17}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AE35D82F-83EB-44A3-B898-B66E531F1C8F}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{6DBF1EC6-80FD-4E2B-9CE4-C93E18A4A7E0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C1BD5C90-37DC-4948-8D16-E844DA7E8AAB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe] => Enabled:Daum PotPlayer
StandardProfile\AuthorizedApplications: [C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe] => Enabled:Daum PotPlayer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2015 12:45:29 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/11/2015 09:50:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\READ ME.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\READ ME.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\ONLINE REGISTRATION.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\ONLINE REGISTRATION.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\CYBERLINK POWERDVD.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============

Microsoft Office:
=========================
Error: (07/12/2015 12:45:29 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/11/2015 09:50:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\UNINSTALL POWERDVD.LNK

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\READ ME.LNK

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\READ ME.LNK

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\ONLINE REGISTRATION.LNK

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\ONLINE REGISTRATION.LNK

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\POWERDVD HELP FILE.LNK

Error: (07/11/2015 09:50:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK DVD SUITE\POWERDVD\CYBERLINK POWERDVD.LNK


CodeIntegrity Errors:
===================================
  Date: 2015-07-12 00:53:02.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-12 00:53:01.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-12 00:53:01.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-12 00:53:00.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-12 00:52:59.285
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-12 00:52:58.472
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-12 00:52:57.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-12 00:52:56.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-12 00:52:15.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-12 00:52:14.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® M CPU 520 @ 1.60GHz
Percentage of memory in use: 56%
Total physical RAM: 1469.39 MB
Available physical RAM: 633.07 MB
Total Virtual: 3216.22 MB
Available Virtual: 2518.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:65.26 GB) (Free:30.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.27 GB) (Free:3.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 9AEED03F)
Partition 1: (Not Active) - (Size=9.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=65.3 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I believe this to be hardware rather than malware related

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2014-07-10]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{01B90D9A-8209-47F7-9C52-E1244BF50CED}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA6-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA7-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA9-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAA-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAD-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAF-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{5D02926A-212E-11D0-9DF9-00A0C922E6EC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{6F13DD2E-EBEE-4DD5-A72E-850B2087F5DD}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{8FA0D5A8-DEDF-11D0-9A61-00C04FB68BF7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{A38B883C-1682-497E-97B0-0A3A9E801682}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D0A03AD0-F49C-4E01-9C1D-CA3B7B73B08E}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D3C25535-8D07-4A8E-B24F-B917CCD78A0F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{FF4FF418-2C5B-455E-B4E6-B530FABF04AF}\InprocServer32 -> No Filepath
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download Speedfan and install it. Once it's installed, run the program and post here the information it shows. The information I want you to post is the stuff that is circled in the example picture I have attached.
If you are running on a vista machine, please go to where you installed the program and run the program as administrator.

speedfan.png
(this is a screenshot from a vista machine)
  • 0

#3
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Essex! It's been awhile, nice to see you.  I copied the text to notepad, saved it to my desktop in the same place as FRST and clicked the FIX button like you instructed.   Not sure how to run speedfan. I opened the program as administrator, there are 2 options...minimize & configure. Not sure which I should click.  I took a screen shot.  Surprised if this  isn't malware, but whatever it is I hope it can be fixed. Hard to stay online long enough to download any software, before puter freezes. Thanks for your help.
 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Owner at 2015-07-16 10:57:48 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
    CreateRestorePoint:
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2014-07-10]
    ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (No File)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{01B90D9A-8209-47F7-9C52-E1244BF50CED}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA6-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA7-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA9-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAA-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAD-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAF-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{5D02926A-212E-11D0-9DF9-00A0C922E6EC}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{6F13DD2E-EBEE-4DD5-A72E-850B2087F5DD}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{8FA0D5A8-DEDF-11D0-9A61-00C04FB68BF7}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{A38B883C-1682-497E-97B0-0A3A9E801682}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D0A03AD0-F49C-4E01-9C1D-CA3B7B73B08E}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D3C25535-8D07-4A8E-B24F-B917CCD78A0F}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> No Filepath
    CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{FF4FF418-2C5B-455E-B4E6-B530FABF04AF}\InprocServer32 -> No Filepath
    RemoveProxy:
    EmptyTemp:
    CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk => moved successfully.
C:\Program Files\WinZip\WZQKPICK.EXE not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{01B90D9A-8209-47F7-9C52-E1244BF50CED}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA6-D393-11D0-9A56-00C04FB68BF7}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA7-D393-11D0-9A56-00C04FB68BF7}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAA9-D393-11D0-9A56-00C04FB68BF7}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAA-D393-11D0-9A56-00C04FB68BF7}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAD-D393-11D0-9A56-00C04FB68BF7}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAAF-D393-11D0-9A56-00C04FB68BF7}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{5D02926A-212E-11D0-9DF9-00A0C922E6EC}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{6F13DD2E-EBEE-4DD5-A72E-850B2087F5DD}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{8FA0D5A8-DEDF-11D0-9A61-00C04FB68BF7}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{A38B883C-1682-497E-97B0-0A3A9E801682}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D0A03AD0-F49C-4E01-9C1D-CA3B7B73B08E}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D3C25535-8D07-4A8E-B24F-B917CCD78A0F}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}" => key removed successfully.
"HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{FF4FF418-2C5B-455E-B4E6-B530FABF04AF}" => key removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 569.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:02:08 ====

Attached Thumbnails

  • speedf.jpg

Edited by mango_nj, 16 July 2015 - 02:37 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The temps are showing high so could you clear all the vents on the laptop of dust and the like
http://www.howtogeek...heating-laptop/

Let me know if it makes any difference

Freezing is a symptom of overheating, eventually though the laptop will start shutting itself down
  • 0

#5
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Essex! I will clean the vents as you suggested...but I also have a cooling pad underneath my laptop, its curved for better air flow. It has always ran a little warm....plus it's summertime where I'm located and we've had a heatwave. Even after my laptop has been offf for long periods and very cool, I'm still experiencing freezing. Now I've noticed I'm getting unresponsive script and unresponsive plug in messages. This causes freezing as well, till I choose to run or stop it.  Any idea why that has started??  I'll get the vents done and let you know how it goes. Took me awhile to connect. Seems firefox is giving me problems now as well.


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you have done it, it may be time to set the computer to clean boot and see if normal mode then behaves

From safe mode do the following :

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
7.Reboot to normal mode and let me know how it is behaving
  • 0

#7
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Essex! I'm sorry it took so long to get back to you. I had to take my laptop completely apart to get to the fan. There was some dust and I cleaned it well. Didn't make much difference, I'm afraid. Still running a bit warm, but I removed the battery and that helped.  Then I had major problems staying connected. Computer kept freezing on me. I will do the clean boot, according to your instructions and get back to you. Pls bare with and thank you so much for your time and patience.


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

No problem whenever you are ready


  • 0

#9
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Essex! Did a clean boot and my laptop is behaving normally. No freezing, hangups, chkdsk at startup, script warnings or any nonsense. Does this mean that something's been added to my system to cause it to malfunction?  I assume in clean boot, my pc only loads the programs it needs. I don't see my antivirus icon in the system tray. Please advise where to go from here. You're a genius :D


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK now the boring bit :)

Go back to MSConfig and enable half of the services that were disabled

Now reboot the computer do we still have a good start with no freezes etc....

If yes let me know and also let me know what services remain to be enabled

If no then let me know which services you had re started
  • 0

Advertisements


#11
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Essex!

Not sure if I'm doing this correctly.  I went back in msconfig. I didn't change anything in the General tab.  I just clicked on the Servces tab. A lot of servces are still checked...but the status says stopped.  Only a few are "not" checked like KAV, Adobe flash player update etc.  My queston: Should  I tick those servces that are not checked to restart them?  It Won't let me change the status of the services that are checked but say stopped.  I hope that made sense. If I'm doing this all wrong, let me know LOL!  I took a screen shot for you.
 

Attached Thumbnails

  • services.jpg

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking at that then the only one you need is KAV as abby and adobe do not need to run

So select KAV and reboot then let me know how that is :)
  • 0

#13
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Essex! this isn't difficult, but for some reason it's not working for me. I cannot restart the Service.

Click Start-->Msconfig-->Services Tab  [I did not change anything in the General tab]

I tried rechecking the box for KAV and when I click APPLY the check disappears.

I tried right clicking on the service to get a properties box to Restart, but it won't let me right click.

Am I missing a step? unsure what I'm doing wrong..pls walk thru.


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Check the box to hide Microsoft Services
Then tick enable all and let me know what happens
  • 0

#15
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Essex! That worked.  It Enabled every one of the disabled programs, except ---> KASPERSKY ANTIVIRUS

The check for this service disappeared after I clicked Apply. It is currently stopped. [see screen shot]

 

FYI: These were the programs that were disabled with the Clean boot.

.

 

ABBY
Adobe Flash Player Update Services
Ati Extenal EVent Utility
Kaspersky Antivirus
MBAMScheduler
MBAMService
Mozilla Maintenance Service
Protexislicensing
Cyberlink RichVideo Service
Skype Updater

Attached Thumbnails

  • sys-config.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP