Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Anti virus / malware programs won't run updates


  • Please log in to reply

#1
puthu

puthu

    Member

  • Member
  • PipPipPip
  • 153 posts
Hi, trying to update the Anti virus and malware programs but it won't let me complete the download. It gives a message that "it did not update". I don't have an Anti virus software other than the Microsoft security essentials.
Please advise, thanks
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,458 posts
  • MVP

Are you out of space on the hard drive?

 

If not then:

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    puthu

    puthu

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    Hi

    My hard drive is not full.

    the log files as requested ;

    # AdwCleaner v5.118 - Logfile created 27/05/2016 at 16:27:07
    # Updated 23/05/2016 by Xplode
    # Database : 2016-05-26.2 [Server]
    # Operating system : Windows Vista ™ Home Premium Service Pack 2 (X86)
    # Username : Allen - ALLEN-PC
    # Running from : C:\Users\Allen\Desktop\AdwCleaner.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****

    ***** [ Folders ] *****

    ***** [ Files ] *****

    [-] File Deleted : C:\Program Files\Yahoo!\Common\unyt.exe

    ***** [ DLLs ] *****

    ***** [ WMI ] *****

    ***** [ Shortcuts ] *****

    ***** [ Scheduled tasks ] *****

    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper.2
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SafeWeb
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-534116950-1332898044-2559044525-1003\Software\facemoods.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Yahoo\Companion

    ***** [ Web browsers ] *****

    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [7506 bytes] - [27/05/2016 16:27:07]
    C:\AdwCleaner\AdwCleaner[S1].txt - [7196 bytes] - [27/05/2016 16:25:28]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7652 bytes] ##########

     

    # AdwCleaner v5.118 - Logfile created 27/05/2016 at 16:25:28
    # Updated 23/05/2016 by Xplode
    # Database : 2016-05-26.2 [Server]
    # Operating system : Windows Vista ™ Home Premium Service Pack 2 (X86)
    # Username : Allen - ALLEN-PC
    # Running from : C:\Users\Allen\Desktop\AdwCleaner.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****

    ***** [ Folders ] *****

    ***** [ Files ] *****

    File Found : C:\Program Files\Yahoo!\Common\unyt.exe

    ***** [ DLL ] *****

    ***** [ WMI ] *****

    ***** [ Shortcuts ] *****

    ***** [ Scheduled tasks ] *****

    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\yt.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
    Key Found : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
    Key Found : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
    Key Found : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
    Key Found : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
    Key Found : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
    Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
    Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
    Key Found : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
    Key Found : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
    Key Found : HKLM\SOFTWARE\Classes\YPUBC.DataStore
    Key Found : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
    Key Found : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
    Key Found : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
    Key Found : HKLM\SOFTWARE\Classes\YPUBC.StringList
    Key Found : HKLM\SOFTWARE\Classes\YPUBC.StringList.1
    Key Found : HKLM\SOFTWARE\Classes\yt.YTHelper
    Key Found : HKLM\SOFTWARE\Classes\yt.YTHelper.2
    Key Found : HKLM\SOFTWARE\Classes\yt.YToolbarBand
    Key Found : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
    Key Found : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
    Key Found : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
    Key Found : HKLM\SOFTWARE\Classes\YTBM.YTBMButton
    Key Found : HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
    Key Found : HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SafeWeb
    Key Found : HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SafeWeb
    Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-534116950-1332898044-2559044525-1003\Software\facemoods.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Yahoo\Companion

    ***** [ Web browsers ] *****

    *************************

    C:\AdwCleaner\AdwCleaner[S1].txt - [7044 bytes] - [27/05/2016 16:25:28]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7117 bytes] ##########

     

    junkware removal tool

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows Vista ™ Home Premium x86
    Ran by Allen (Administrator) on 27/05/2016 at 16:34:23.72
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    File System: 117

    Successfully deleted: C:\Users\Allen\AppData\Local\{0111A6E7-9609-4816-A943-04D3A265A795} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{038651C7-0771-47B7-90B5-1B9474B0EC27} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{049A5522-D38C-4BE1-B4DE-86B5310A75AC} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{07CAEF87-0D4F-4EA9-A91A-1054C504D0CB} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{093281CC-ED99-4818-943F-A6440E6464AF} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{0B603D39-AEBA-4B0D-8B80-7090C021BE9F} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{0E41A9FF-6C6E-443D-AC7A-95350ACBC69E} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{0FCD1D09-E63F-4E08-BEAB-267449D9E2B2} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{1035B2DC-F98C-4624-8BD1-1568FB6413C2} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{143DDFD7-4A00-460A-9CEB-F13C83A59753} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{15CC08B3-80C1-4859-9DDF-6E8C72E2FDE0} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{1A02A01E-36FC-49C1-B29D-BDE3DB6D8A12} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{228E4EBA-EEC2-49C1-AD51-F705919F478E} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{2471A811-14F6-4C97-9B67-214D65C59DFB} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{27C6B51F-E5D6-495D-9E8F-842FCBB839D8} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{327518F1-C36A-4B66-B674-89704B633ACE} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{346E73B1-21AF-476F-A69F-7055CE65C0E0} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{34B85E4C-682D-4F8D-8362-4993CCC03EB7} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{36656D19-C2CE-4483-8E76-A297C6CA726E} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{392347A6-8188-4A72-A8E6-530AC1E3C925} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{3AAC8670-732E-4B62-AF88-EE18AB98A1F2} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{3B6C935D-0B07-4DE1-AFE1-82890DD9B15E} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{3EC99054-CA92-440E-9B04-CCBAD48D9561} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{40779051-0AF6-4179-9C5E-336A408F152D} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{41983BC5-8BDB-4F91-BB65-732F7E22446F} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{424A1A79-063E-4F1D-845E-0240C8B18C6F} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{42DACE55-C6D1-4F56-8E1D-8CDE85533C86} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{44072D8F-9737-47D8-9F10-DA7CA3CA6BFF} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{47D5302E-724C-46B2-814D-F2C1268E78FB} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{492F4A77-884D-404C-A0A2-7EBFD12ECEA6} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{4C3067B3-7925-4E23-BCA5-8179D3B4B328} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{4D00F337-74F6-4679-B459-A8AF8FC1B882} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{512EF8C7-365C-44A3-859D-1201D2E56E8F} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{58C31A23-A6ED-4CB0-BCEB-4978DDF330B9} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{5E2B3FCA-744D-4DFE-BC6A-CDBB2D542601} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{5E616F8C-CC23-42CC-BC88-17812315F223} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{644EF245-27D8-4872-9010-81C863F9382A} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{6454640B-3D3B-4A67-81F2-7F54F08E4B6B} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{64D04BAC-70A6-4D9C-95A6-21D87A0EFDC0} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{673D581B-B422-40A0-8882-22A12A52285E} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{6809E448-B2EC-42AA-97AE-8E8D62A359C2} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{69993545-EA1F-4E75-B20C-F9D0061A1B40} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{6B6B94A9-9758-4BF1-B727-C2FBA29AE36E} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{6EA5718E-BC28-4C84-9B7C-8C27B92DAB3F} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{73A03463-7E14-4190-811F-BF6E90278926} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{79AF249C-EB48-43C0-94BF-DA163845FCEB} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{7DB20BEB-A061-4E76-991F-F07DC33C9080} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{7F802F5C-3B52-4F0A-B74F-EFA498475BF9} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{85DBE7A6-BE8F-467D-803E-92A36AAF21DE} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{87CA310C-A439-4338-B058-A919C3FE1A7D} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{888EFB17-0D6A-43AE-8A9C-07487FDAB87C} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{8A6A67C9-0884-4ED9-9E78-62DD6685B6F9} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{8DD9ADC3-F435-459D-88C5-CB81FA9492CC} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{92A3BBB6-2DAF-406A-BC66-2A0A66949C0C} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{930820A6-07EF-469D-991A-AA106EE839A1} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{95B5D3C0-9568-430F-BBB2-F0DAF979D80C} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{961F620B-4BB0-4601-8E57-F489F89DE82F} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{98436F52-5411-441B-B79F-CBD22D2C0914} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{9A7D33D2-FDD4-4EDF-9C60-3C446C8EA7E9} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{9D7A951F-3EEF-44CC-BBB7-184405A7251E} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{9DE13860-30FA-4F5A-B8BA-AA77F0D11E8F} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{9EC38C09-5FA9-4CBE-92A3-989442C2CF7A} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{9FD1E98E-7E73-49F8-957C-E70993943FBB} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{A0A1B4A1-AC0D-4853-8F6B-29BEAD93693E} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{A1BF9DD4-A73D-4170-BE0D-B8BD5A092C82} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{A1CE19F8-0261-4799-A4D9-961BD6C09341} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{A277EBDC-B20E-479C-9139-2C03FE28A92C} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{A623376E-EDBD-4996-84DC-F62589E41A3B} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{AA19E789-8DFC-41DB-B0E7-4D39062EE4A1} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{AA27FA99-9770-45EA-A9B7-0E4427857904} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{AB38D6AE-1D4D-402F-B518-0BBA4D880AF9} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{ADB7D47C-565A-4A35-8A1E-58809481AA30} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{B3953EF8-BA52-4127-8EDB-52EAD565597F} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{B3E209BE-4C11-427B-AB69-412177B1FF5F} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{B469007A-5F31-4F5A-9DD2-B387EE486DAA} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{BBC66360-56AC-465D-B21B-D75505F6C6AE} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{BDA6DA02-E9DD-4927-998D-595CB5E9A8CF} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{BDDD9CAB-9027-441A-A211-0DD518185B9A} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{BE5BD9BD-84F0-49B4-BC0F-B24538A356FC} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{BE625271-6E90-48B7-AAE8-8B2E54D3ED24} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{C0BDA725-B57A-4060-BA09-4817DBF6D9EC} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{C9B8762A-9EDF-4558-96B2-229C180DD414} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{C9C1CE08-3DFF-46A2-B7F3-96601178B567} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{D0761173-6E9D-4445-9908-C02EFAE8F1EF} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{D0F5E2EA-E95A-40F6-A28E-E460188FA8F3} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{D9BEB676-6F6C-42ED-A3AF-7C5523D92216} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{DA93AE33-5995-41D8-B2A9-871E88C25F64} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{DBF9CB18-733C-46A8-AC5C-6D918D38B485} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{DD5DFEBF-338B-49D5-A9C7-8822C1A04399} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{E0949254-BCCE-4518-B37A-7E4074121A37} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{E44FA997-9274-471E-A31C-B5B263B3F982} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{E8CAF4B4-DF7D-4DB1-9920-BF58CCE83541} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{E9AE8165-17A7-4B25-80DA-020C9525E3F8} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{EB827709-0C18-48C7-9DB0-2A61099C4DAE} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{EB860AED-C442-4029-9489-8F8C5934828C} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{ED605250-850A-4AFC-AB6A-2685FDE11CA4} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{EEF2C33C-419A-4927-A0E9-349F56058477} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{F0DCAC80-0DB6-4F85-891E-E9217365D8A8} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{F5ADDAD6-279F-4F46-A8DF-6F435B0589AF} (Empty Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\{FB73DC38-77B3-42DB-A191-A3D61E8FFED2} (Empty Folder)
    Successfully deleted: C:\Windows\couponprinter.ocx (File)
    Successfully deleted: C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12XM69D6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NJ0QCX3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTI8O8CO (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENE9MSME (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7WD456B (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUD7ZB00 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UX9CD5Y2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYH5K0XQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12XM69D6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NJ0QCX3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTI8O8CO (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENE9MSME (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7WD456B (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUD7ZB00 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UX9CD5Y2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYH5K0XQ (Temporary Internet Files Folder)

     

    Registry: 0

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 27/05/2016 at 16:38:23.87
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Farbar tool log

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2016 02
    Ran by Allen (administrator) on ALLEN-PC (27-05-2016 16:42:50)
    Running from C:\Users\Allen\Desktop
    Loaded Profiles: Allen (Available Profiles: Allen)
    Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser not detected!)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    () C:\Acer\Mobility Center\MobilityService.exe
    (Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_21_0_0_242_ActiveX.exe
    (Microsoft Corporation) C:\Windows\System32\osk.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-07] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
    HKLM\...\Run: [BisonInst0402] => C:\Windows\BR040286.exe [53248 2007-05-09] (Bison Inc.)
    HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [81920 2008-01-22] (Cyberlink Corp.)
    HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
    HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
    HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-07] (Dritek System Inc.)
    HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
    HKLM\...\Run: [Acer Product Registration] => C:\Program Files\Acer\Acer Registration\ACE1.exe [3387392 2007-11-26] (Leader Technologies)
    HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2008-05-02] ()
    HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
    HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: ** <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
    HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-04-17] (Google Inc.)
    HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
    HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Google Update] => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
    HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Logitech Vid HD] => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
    HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Facebook Update] => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-06] (Facebook Inc.)
    HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1721192 2011-03-30] (Hewlett-Packard Co.)
    HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Technologies S.A.)
    ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-01-03] (Egis Incorporated)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2008-03-26]
    ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2008-10-27]
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    Startup: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk [2016-05-27]
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
    Tcpip\..\Interfaces\{39C7CE13-FD2A-4C69-A839-A7F82396DA33}: [DhcpNameServer] 192.168.2.1 142.166.166.166

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.ca.acer.yahoo.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
    SearchScopes: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
    SearchScopes: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> {E6F8E096-4836-47C0-8883-6A99317FB847} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
    Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03] (Egis Incorporated.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    Toolbar: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    Handler: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files\TurboTax 2014\ic2014pp.dll No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-06-05] (Adobe Systems, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
    FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @talk.google.com/O1DPlugin -> C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
    FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Allen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Allen\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-23]
    CHR Extension: (Google Docs) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-23]
    CHR Extension: (Google Drive) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-23]
    CHR Extension: (YouTube) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-23]
    CHR Extension: (Google Search) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-23]
    CHR Extension: (Google Sheets) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-23]
    CHR Extension: (Bookmark Manager) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-23]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-01-23]
    CHR Extension: (Google Wallet) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-23]
    CHR Extension: (Gmail) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-23]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
    R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
    R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
    R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
    R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
    S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
    R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [829096 2007-10-29] (Bison Electronics. Inc. )
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
    R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-26] (NewTech Infosystems, Inc.) [File not signed]
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
    U0 Sr; no ImagePath
    U2 SrService; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-27 16:42 - 2016-05-27 16:43 - 00031152 _____ C:\Users\Allen\Desktop\FRST.txt
    2016-05-27 16:42 - 2016-05-27 16:42 - 00000000 ____D C:\FRST
    2016-05-27 16:41 - 2016-05-27 16:41 - 01734144 _____ (Farbar) C:\Users\Allen\Desktop\FRST.exe
    2016-05-27 16:38 - 2016-05-27 16:38 - 00013849 _____ C:\Users\Allen\Desktop\JRT.txt
    2016-05-27 16:32 - 2016-05-27 16:32 - 01610816 _____ (Malwarebytes) C:\Users\Allen\Desktop\JRT.exe
    2016-05-27 16:29 - 2016-05-27 16:29 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
    2016-05-27 16:25 - 2016-05-27 16:27 - 00000000 ____D C:\AdwCleaner
    2016-05-27 16:18 - 2016-05-27 16:18 - 03678272 _____ C:\Users\Allen\Desktop\AdwCleaner.exe
    2016-05-19 23:00 - 2016-04-09 18:17 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2016-05-19 23:00 - 2016-04-09 16:00 - 02071040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-05-19 22:58 - 2016-04-09 18:22 - 00638184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2016-05-19 22:58 - 2016-04-09 18:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2016-05-19 22:53 - 2016-04-09 17:32 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-05-19 22:47 - 2016-04-09 17:37 - 03608808 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2016-05-19 22:47 - 2016-04-09 17:37 - 03556584 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-05-19 22:47 - 2016-03-10 14:07 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-05-19 22:45 - 2016-04-09 15:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-05-19 22:44 - 2016-04-09 16:07 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2016-05-19 22:19 - 2016-04-23 14:00 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-05-19 22:19 - 2016-04-23 13:59 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-05-19 22:19 - 2016-04-23 13:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2016-05-19 22:19 - 2016-04-23 13:59 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2016-05-19 22:19 - 2016-04-23 13:59 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2016-05-19 22:18 - 2016-04-23 14:03 - 12858880 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-05-19 22:18 - 2016-04-23 14:03 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-05-19 22:18 - 2016-04-23 14:01 - 09729536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-05-19 22:18 - 2016-04-23 14:00 - 01831424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-05-19 22:18 - 2016-04-23 14:00 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-05-19 22:18 - 2016-04-23 14:00 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-05-19 22:18 - 2016-04-23 14:00 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2016-05-19 22:18 - 2016-04-23 14:00 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-05-19 22:18 - 2016-04-23 13:59 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-05-19 22:18 - 2016-04-23 13:59 - 01789952 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-05-19 22:18 - 2016-04-23 13:59 - 00711168 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-05-19 22:18 - 2016-04-23 13:59 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-05-19 22:18 - 2016-04-23 13:59 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-05-19 22:18 - 2016-04-23 13:59 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-05-19 22:18 - 2016-04-23 13:59 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-05-19 22:18 - 2016-04-23 13:59 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-05-19 22:18 - 2016-04-23 13:59 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-05-19 21:43 - 2016-05-19 21:43 - 00239874 _____ C:\Users\Allen\Desktop\reference letter.pdf
    2016-05-16 11:56 - 2016-05-16 11:56 - 00134045 _____ C:\Users\Allen\Desktop\i.pdf
    2016-05-04 14:05 - 2016-05-26 22:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-05-04 14:04 - 2016-05-04 14:04 - 00000903 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-05-04 14:04 - 2016-05-04 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-05-04 14:04 - 2016-05-04 14:04 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2016-05-04 14:04 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-05-04 14:04 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-05-04 14:04 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-05-04 14:02 - 2016-05-04 14:02 - 22851472 _____ (Malwarebytes ) C:\Users\Allen\Desktop\mbam-setup-2.2.1.1043.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-27 16:44 - 2012-10-06 13:39 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
    2016-05-27 16:41 - 2006-11-02 09:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2016-05-27 16:41 - 2006-11-02 09:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2016-05-27 16:36 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\inf
    2016-05-27 16:36 - 2006-11-02 07:33 - 00860232 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-05-27 16:31 - 2010-07-11 23:22 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Skype
    2016-05-27 16:30 - 2009-04-19 21:49 - 00000000 ____D C:\Users\Allen\Tracing
    2016-05-27 16:29 - 2015-06-02 15:17 - 00000402 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
    2016-05-27 16:29 - 2015-04-25 11:48 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-05-27 16:28 - 2006-11-02 10:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-05-27 16:27 - 2006-11-02 10:01 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-05-27 16:13 - 2009-06-30 16:23 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
    2016-05-27 16:12 - 2015-04-25 11:48 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-05-26 23:01 - 2014-09-24 14:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-05-26 20:38 - 2009-06-30 16:23 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
    2016-05-26 20:30 - 2012-10-06 13:39 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
    2016-05-24 19:42 - 2010-08-30 13:51 - 00453120 _____ C:\Users\Allen\Desktop\Logbook.xls
    2016-05-24 19:42 - 2008-10-27 04:35 - 00002607 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
    2016-05-24 19:40 - 2008-10-27 04:35 - 00002605 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
    2016-05-20 21:26 - 2013-07-27 21:35 - 00000000 ____D C:\Windows\system32\MRT
    2016-05-20 21:04 - 2006-11-02 07:24 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2016-05-20 20:38 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\rescache
    2016-05-20 20:29 - 2011-07-10 22:54 - 00000000 ____D C:\Users\Allen\Resume
    2016-05-20 20:19 - 2006-11-02 09:47 - 00390776 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-05-20 20:15 - 2006-11-02 09:37 - 00000000 ____D C:\Program Files\Windows Journal
    2016-05-15 19:20 - 2014-09-24 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2016-05-15 19:20 - 2014-09-24 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2016-05-09 22:27 - 2010-07-11 23:22 - 00000000 ___RD C:\Program Files\Skype
    2016-05-09 22:27 - 2010-07-11 23:21 - 00000000 ____D C:\ProgramData\Skype
    2016-04-29 14:25 - 2010-07-21 02:59 - 00060928 _____ C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== Files in the root of some directories =======

    2011-04-10 15:23 - 2011-04-10 15:23 - 0000052 _____ () C:\Users\Allen\AppData\Roaming\G1000Trainer_preferences.xml
    2011-04-10 15:23 - 2011-06-19 22:14 - 0006733 _____ () C:\Users\Allen\AppData\Roaming\G1000Trainer_student_record.xml
    2014-12-10 16:26 - 2014-12-10 16:26 - 0000052 _____ () C:\Users\Allen\AppData\Roaming\pdfcompressor.ini
    2008-11-13 02:28 - 2008-11-13 02:28 - 0024206 _____ () C:\Users\Allen\AppData\Roaming\UserTile.png
    2012-02-19 20:43 - 2012-03-16 18:36 - 0000680 _____ () C:\Users\Allen\AppData\Local\d3d9caps.dat
    2010-07-21 02:59 - 2016-04-29 14:25 - 0060928 _____ () C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-06-02 12:28 - 2015-06-02 12:28 - 0000057 _____ () C:\ProgramData\Ament.ini
    2010-07-11 23:23 - 2010-07-11 23:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

    Some files in TEMP:
    ====================
    C:\Users\Allen\AppData\Local\temp\libeay32.dll
    C:\Users\Allen\AppData\Local\temp\mpam-39d1db97.exe
    C:\Users\Allen\AppData\Local\temp\mpam-de95ee0.exe
    C:\Users\Allen\AppData\Local\temp\msvcr120.dll
    C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe
    C:\Users\Allen\AppData\Local\temp\SkypeSetup.exe
    C:\Users\Allen\AppData\Local\temp\sqlite3.dll

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-05-27 16:34

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2016 02
    Ran by Allen (2016-05-27 16:44:31)
    Running from C:\Users\Allen\Desktop
    Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2008-09-17 20:14:24)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-534116950-1332898044-2559044525-500 - Administrator - Disabled)
    Allen (S-1-5-21-534116950-1332898044-2559044525-1003 - Administrator - Enabled) => C:\Users\Allen
    ASPNET (S-1-5-21-534116950-1332898044-2559044525-1005 - Limited - Enabled)
    Guest (S-1-5-21-534116950-1332898044-2559044525-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
    AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Incorporated)
    Acer Crystal Eye (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.13d - Acer Crystal Eye)
    Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.20 - Acer Crystal Eye Webcam)
    Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
    Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
    Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
    Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
    Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)
    Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
    Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
    Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
    Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
    Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
    Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 2.11.20071207 - Acer Inc.)
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
    Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
    Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
    Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
    CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    EPSON NX100 Series Printer Uninstall (HKLM\...\EPSON NX100 Series) (Version:  - SEIKO EPSON Corporation)
    Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.2.183.13 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
    HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{AB2228C5-EA86-44E1-AFF6-58B9CC260CE3}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
    HP Deskjet 3050A J611 series Help (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{C40DCEE3-A564-4692-B1D5-DA1F252BA3BC}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
    HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version:  - )
    HP Photo Creations (HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\HP Photo Creations) (Version: 1.0.0.18332 - HP)
    HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
    HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
    Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
    Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Launch Manager (HKLM\...\LManager) (Version:  - )
    LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    MrvlUsgTracking (HKLM\...\{02C85EC5-E864-4847-AF55-42730861004C}) (Version: 1.0.0 - Marvell)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
    NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
    NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
    NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
    NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.37 - NewTech Infosystems)
    NTI Shadow (Version: 3.7.6.37 - NewTech Infosystems) Hidden
    Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
    PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3730a.0 - CyberLink Corporation)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
    Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
    Skype™ 7.23 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
    Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
    TIPCI (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
    TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Yahoo! Extras (HKLM\...\Yahoo! Customizations) (Version:  - )
    Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
    Yahoo! Internet Mail (HKLM\...\Yahoo! Internet Mail) (Version:  - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Allen\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1340E10F-6A32-40A5-AB16-57CC12318002} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
    Task: {18176CC6-1A9D-47F1-A26B-13910E7F909E} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30] (Hewlett-Packard Co.)
    Task: {1A4242C0-60C1-4610-A9FE-9D7141CE1931} - System32\Tasks\{99258A10-6B3B-429F-8C29-27D864D109A3} => C:\Program Files\Skype\Phone\Skype.exe [2016-04-29] (Skype Technologies S.A.)
    Task: {26597DBB-F5CA-4CAA-B86E-BC0A98609B82} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Allen\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-05-13] ()
    Task: {2FA7A48B-76EB-49C5-857F-1258373A5860} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {3CF60298-04EC-49DC-BDF6-2B76712045AB} - System32\Tasks\{DF166A33-0B21-42D0-9A6C-D6935E90AB73} => pcalua.exe -a C:\PROGRA~1\SOFTON~1\UNWISE.EXE -c C:\PROGRA~1\SOFTON~1\INSTALL.LOG
    Task: {499D5A06-9F22-447F-BCE9-4946F822C169} - System32\Tasks\{5CAFF5CB-CA6E-4A8F-9E7A-D47D6B66AE7E} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLFL9HM6\SetupFSCopilot16[1].exe" -d C:\Users\Allen
    Task: {58AE6357-C600-41C8-A2E0-0B4DF5811076} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-06] (Facebook Inc.)
    Task: {645EA812-B73C-4E18-9181-34DB80502938} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
    Task: {6AF0F6F3-A64E-4D6E-BFF1-D03992F2E9F9} - System32\Tasks\{858EA598-D309-4606-BEBC-70EF9403C894} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07L2HA66\SetupFSInn13B2_3[2].exe" -d C:\Users\Allen
    Task: {714E4DED-E175-4C9D-831E-E337DC543BFC} - System32\Tasks\{D8721F9D-7F92-4077-B56D-66C255E56643} => pcalua.exe -a "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" -c REMOVE=TRUE MODIFY=FALSE
    Task: {7DC317EB-164C-41F4-9D21-72EFD94806A7} - System32\Tasks\{6E5A1472-C989-48BA-8778-96025461C0AC} => pcalua.exe -a C:\Users\Allen\Desktop\VirtumundoBeGone.exe -d C:\Users\Allen\Desktop
    Task: {89192796-C51B-456B-A050-D5E3C45A5D6D} - System32\Tasks\{D5FE861A-C79C-4D59-A538-F3923F67D2A2} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZVZEMVG\SetupFSInn12[1].exe" -d C:\Users\Allen
    Task: {BE22A2C9-84B7-40C2-80DB-4EE9515DCD3D} - System32\Tasks\{D785B799-7774-474C-96E6-0D20036729B1} => pcalua.exe -a "C:\Program Files\Fs2002 And Fs2004 Easy Installer Utility!\eesi.exe" -d "C:\Program Files\Fs2002 And Fs2004 Easy Installer Utility!"
    Task: {C1EB9403-15B9-4A46-9032-A5525EF30E5F} - System32\Tasks\{F6F3960B-7566-4264-9DD1-908FEFD7C1D5} => pcalua.exe -a "C:\Program Files\FSFDT\uninstallFSCopilot.exe"
    Task: {C261008A-2895-44B6-8146-9400682854F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
    Task: {C4DF8714-3D5B-4F78-AD03-1D5BCFEAFECD} - System32\Tasks\{262F4346-CCEC-4F15-B1D1-AB3419B87696} => pcalua.exe -a D:\setuppls.exe -d D:\ -c /AUTORUN
    Task: {C9306C47-F213-4E0D-AE44-D5DBECC04F9C} - System32\Tasks\{88C44967-8EF0-4D52-9323-80C4B50F3543} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O7KXWM6P\wmp11-windowsxp-x86-enu[1].exe" -d C:\Windows\system32
    Task: {CE16C034-B03F-4132-8CD6-063422115D25} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-15] (Adobe Systems Incorporated)
    Task: {D0F03E06-D15C-45B5-86C8-A93F58BBF3EC} - System32\Tasks\Microsoft\Windows\RestartManager\{9388B6A3-309E-4d7f-B8A8-B87168832CB9} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    Task: {DBAB3616-414F-42C3-BD2F-79AC04CD09E3} - System32\Tasks\PDVDServ.EXE_1322400303 => C:\Program Files\CyberLink\PowerDVD\PDVDServ.EXE [2008-01-22] (Cyberlink Corp.)
    Task: {F8E07DE8-CE5F-4FDC-951D-69BA2E61FBAC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {FA8D32A9-622D-4C18-95C5-09B4106AD01C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-06] (Facebook Inc.)
    Task: {FCFA6D6A-FA88-4452-98C5-BFF7A63332CF} - System32\Tasks\{F39A87A9-2776-4442-96B8-82EFD761788E} => pcalua.exe -a "C:\Program Files\Microsoft Games\FS2002\FSUNINSTALL.EXE" -c /runtemp /addremove

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Allen\AppData\Roaming\HP Photo Creations\Communicator.exe
    Task: C:\Windows\Tasks\User_Feed_Synchronization-{81269CAB-AB40-4890-B356-37C309F68D20}.job => C:\Windows\system32\msfeedssync.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Allen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=ca&.redir=ymmapi10
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=ca&.redir=ymmapi11

    ==================== Loaded Modules (Whitelisted) ==============

    2008-09-17 17:27 - 2007-11-27 22:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
    2008-09-17 17:27 - 2007-11-27 19:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
    2011-03-30 18:19 - 2011-03-30 18:19 - 01841000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
    2008-09-17 17:26 - 2007-12-19 22:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    2008-09-17 17:26 - 2007-12-19 22:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
    2008-09-17 17:26 - 2007-12-19 22:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
    2008-09-17 17:26 - 2007-12-19 22:08 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
    2008-09-17 17:26 - 2007-12-19 22:09 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
    2008-03-26 05:23 - 2008-01-09 22:43 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
    2008-03-26 05:23 - 2008-01-09 22:42 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
    2008-09-17 17:22 - 2007-09-11 13:59 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
    2008-01-03 06:00 - 2008-01-03 06:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
    2008-09-17 17:25 - 2007-12-20 17:58 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
    2008-09-17 17:26 - 2007-12-19 22:09 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
    2008-09-17 17:26 - 2007-12-19 22:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
    2008-09-17 17:26 - 2007-12-19 22:08 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
    2008-09-17 17:26 - 2007-12-19 22:08 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
    2008-09-17 17:23 - 2007-12-20 15:33 - 00249856 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
    HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* <===== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 07:23 - 2012-03-22 09:06 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1       localhost
    ::1       localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
    DNS Servers: 192.168.2.1 - 142.166.166.166
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [{C9EF5EDA-50C2-4BE3-97E4-588F170D901D}] => (Allow) C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
    FirewallRules: [{E01BE071-B00A-491D-BB6A-556CA52ABD35}] => (Allow) C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE
    FirewallRules: [{47620D60-F3FA-4BF0-A495-1D203C176DA8}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{74D7467A-EEFF-44B9-A907-702E9A129F00}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{48617D48-7F68-434D-8342-547FE235771E}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
    FirewallRules: [{C9E71106-7B3B-4CFD-8DA6-D011E8B77B56}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
    FirewallRules: [TCP Query User{C17E2344-6137-465B-AAD7-44082193412C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{BE179C4E-9D59-4E72-AC3B-3B90A91F09D7}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [{F2DDA02E-CD32-4E79-9071-6112EE455060}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
    FirewallRules: [{6BDC7595-0823-450D-B246-90610F59F8B5}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
    FirewallRules: [TCP Query User{F10592A5-F603-4E2C-820C-146E3AF4244A}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{1D334044-58D8-40A6-8171-FA7A85505F92}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{5C24DAE7-542C-4D56-B1A4-78BB24E21C26}C:\program files\limewire\limewire.exe] => (Allow) C:\program files\limewire\limewire.exe
    FirewallRules: [UDP Query User{725C063C-259C-4DC9-B60C-A56B6230D1FF}C:\program files\limewire\limewire.exe] => (Allow) C:\program files\limewire\limewire.exe
    FirewallRules: [{390E7292-8F7E-443E-8784-B7F50965A7B1}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
    FirewallRules: [{A8123CDB-6339-4EDC-B3BE-4B0AB039EA18}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
    FirewallRules: [{7D48202A-539A-4356-A2FE-88E5F9372552}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{3947B629-6FBA-4962-8A79-545551BA0E0E}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [TCP Query User{ABA9C176-A253-44C7-8ED1-33F62868C50B}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
    FirewallRules: [UDP Query User{AA4C98B2-CBED-4F05-BD2A-9B1555A857B1}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
    FirewallRules: [{FB6B0841-AEE2-4FC5-AF28-34DA925E84AC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{4C76D121-C306-41BD-A695-84DCCFF0828A}] => (Allow) svchost.exe
    FirewallRules: [{A619DE9B-E9A6-4B30-BFF3-E5BC3B852692}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{EF7CD1E1-272B-4F16-BBBD-B26D7FE38820}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{A43D41CC-946D-4BF5-9DEE-9B49A12FF698}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{396CE697-5AD3-422F-8E81-719CE1A61410}] => (Allow) LPort=2869
    FirewallRules: [{BD673127-28AE-4D20-A67C-D13822D08483}] => (Allow) LPort=1900
    FirewallRules: [{F5A2B141-767C-46A3-A4A6-13B3784D26B4}] => (Allow) LPort=80
    FirewallRules: [{37753C3E-74FE-46F9-892F-61305A197DAD}] => (Allow) LPort=80
    FirewallRules: [{F6688556-B806-4927-9655-8396D02B81D1}] => (Allow) LPort=80
    FirewallRules: [{E4D2FBD9-ED9A-4925-9CDE-3BE742D85E47}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{58DCA8E1-C0CF-45B1-9030-C7D2468851DF}] => (Allow) C:\Users\Allen\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
    FirewallRules: [{DA23D471-DD9A-49CD-977A-19F9E4072849}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
    FirewallRules: [{9D8F25DF-6FF0-4F70-863B-35223BF19B2F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe] => Enabled:eDSfsu
    StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe] => Enabled:encryption
    StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe] => Enabled:decryption
    StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe] => Enabled:eDSMgr
    StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe] => Enabled:eDStbmngr
    StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe] => Enabled:eDSfsu
    StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe] => Enabled:encryption
    StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe] => Enabled:decryption
    StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe] => Enabled:eDSMgr
    StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe] => Enabled:eDStbmngr

    ==================== Restore Points =========================

    06-04-2016 22:33:33 Windows Update
    10-04-2016 16:22:12 Windows Update
    11-04-2016 20:03:17 Windows Update
    11-04-2016 20:07:09 Windows Update
    11-04-2016 20:09:52 Windows Update
    15-04-2016 21:21:35 Scheduled Checkpoint
    16-04-2016 03:01:29 Windows Update
    16-04-2016 16:07:01 Windows Update
    17-04-2016 22:49:56 Scheduled Checkpoint
    20-04-2016 21:39:27 Windows Update
    21-04-2016 21:31:23 Scheduled Checkpoint
    22-04-2016 20:35:00 Scheduled Checkpoint
    25-04-2016 08:14:55 Windows Update
    29-04-2016 12:19:36 Windows Update
    29-04-2016 16:05:22 Windows Backup
    02-05-2016 12:54:24 Scheduled Checkpoint
    04-05-2016 08:40:08 Windows Update
    07-05-2016 20:37:07 Windows Update
    07-05-2016 22:55:31 Windows Update
    09-05-2016 23:03:21 Scheduled Checkpoint
    12-05-2016 09:09:08 Windows Update
    19-05-2016 22:43:10 Windows Update
    20-05-2016 21:01:09 Windows Update
    24-05-2016 22:01:11 Windows Update
    27-05-2016 16:34:23 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft ISATAP Adapter #4
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #3
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #5
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft Tun Miniport Adapter #2
    Description: Microsoft Tun Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunmp
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Broadcom NetLink ™ Gigabit Ethernet
    Description: Broadcom NetLink ™ Gigabit Ethernet
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Broadcom
    Service: b57nd60x
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/27/2016 04:30:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\READ ME.LNK> in the hash map cannot be updated.

    Context:  Application, SystemIndex Catalog

    Details:
     A device attached to the system is not functioning.   (0x8007001f)

    Error: (05/27/2016 04:30:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\READ ME.LNK> in the hash map cannot be updated.

    Context:  Application, SystemIndex Catalog

    Details:
     A device attached to the system is not functioning.   (0x8007001f)

    Error: (05/27/2016 04:30:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated.

    Context:  Application, SystemIndex Catalog

    Details:
     A device attached to the system is not functioning.   (0x8007001f)

    Error: (05/27/2016 04:30:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated.

    Context:  Application, SystemIndex Catalog

    Details:
     A device attached to the system is not functioning.   (0x8007001f)

    Error: (05/27/2016 04:30:42 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE REGISTRATION.LNK> in the hash map cannot be updated.

    Context:  Application, SystemIndex Catalog

    Details:
     A device attached to the system is not functioning.   (0x8007001f)

    Error: (05/27/2016 04:30:42 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE REGISTRATION.LNK> in the hash map cannot be updated.

    Context:  Application, SystemIndex Catalog

    Details:
     A device attached to the system is not functioning.   (0x8007001f)

    Error: (05/27/2016 04:30:42 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

    Context:  Application, SystemIndex Catalog

    Details:
     A device attached to the system is not functioning.   (0x8007001f)

    Error: (05/27/2016 04:30:42 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

    Context:  Application, SystemIndex Catalog

    Details:
     A device attached to the system is not functioning.   (0x8007001f)

    Error: (05/27/2016 04:30:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\CYBERLINK POWERDVD.LNK> in the hash map cannot be updated.

    Context:  Application, SystemIndex Catalog

    Details:
     A device attached to the system is not functioning.   (0x8007001f)

    Error: (05/27/2016 04:30:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\CYBERLINK POWERDVD.LNK> in the hash map cannot be updated.

    Context:  Application, SystemIndex Catalog

    Details:
     A device attached to the system is not functioning.   (0x8007001f)

    System errors:
    =============
    Error: (05/27/2016 04:29:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Parallel port driver%%1058

    Error: (05/27/2016 04:29:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (05/27/2016 04:27:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Windows Modules Installer11200001Restart the service

    Error: (05/27/2016 04:27:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: eSettings Service1600001Restart the service

    Error: (05/27/2016 04:27:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: XAudioService1

    Error: (05/27/2016 04:27:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Windows Search1300001Restart the service

    Error: (05/27/2016 04:27:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: ePower Service1600001Restart the service

    Error: (05/27/2016 04:27:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Windows Live ID Sign-in Assistant1100001Restart the service

    Error: (05/27/2016 04:27:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: SQL Server VSS Writer1

    Error: (05/27/2016 04:27:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: SQL Server Browser1600001Restart the service

    CodeIntegrity:
    ===================================
      Date: 2016-05-27 16:44:26.650
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

      Date: 2016-05-27 16:44:25.339
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

      Date: 2016-05-27 16:44:24.029
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

      Date: 2016-05-27 16:44:22.687
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

      Date: 2016-05-27 16:44:21.143
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2016-05-27 16:44:19.817
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2016-05-27 16:44:18.397
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2016-05-27 16:44:17.009
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2016-05-26 23:02:59.458
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

      Date: 2016-05-26 23:02:58.163
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz
    Percentage of memory in use: 47%
    Total physical RAM: 3061.68 MB
    Available physical RAM: 1617.68 MB
    Total Virtual: 7083.76 MB
    Available Virtual: 5600.38 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:232.88 GB) (Free:151.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 059CAD89)
    Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

     

    Thanks


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 21,458 posts
    • MVP
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     
     
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
     
     
     
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
     

    • 0

    #5
    puthu

    puthu

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    2016-05-28 14:46:19, Info                  CSI    00000006 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:46:19, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:46:34, Info                  CSI    00000009 [SR] Verify complete
    2016-05-28 14:46:35, Info                  CSI    0000000a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:46:35, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:47:02, Info                  CSI    0000000d [SR] Verify complete
    2016-05-28 14:47:04, Info                  CSI    0000000e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:47:04, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:47:16, Info                  CSI    00000011 [SR] Verify complete
    2016-05-28 14:47:17, Info                  CSI    00000012 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:47:17, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:47:24, Info                  CSI    00000015 [SR] Verify complete
    2016-05-28 14:47:26, Info                  CSI    00000016 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:47:26, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:47:32, Info                  CSI    00000019 [SR] Verify complete
    2016-05-28 14:47:33, Info                  CSI    0000001a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:47:33, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:47:39, Info                  CSI    0000001d [SR] Verify complete
    2016-05-28 14:47:41, Info                  CSI    0000001e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:47:41, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:47:46, Info                  CSI    00000021 [SR] Verify complete
    2016-05-28 14:47:48, Info                  CSI    00000022 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:47:48, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:47:55, Info                  CSI    00000025 [SR] Verify complete
    2016-05-28 14:47:56, Info                  CSI    00000026 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:47:56, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:48:03, Info                  CSI    00000029 [SR] Verify complete
    2016-05-28 14:48:04, Info                  CSI    0000002a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:48:04, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:48:11, Info                  CSI    0000002d [SR] Verify complete
    2016-05-28 14:48:12, Info                  CSI    0000002e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:48:12, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:48:21, Info                  CSI    00000031 [SR] Verify complete
    2016-05-28 14:48:23, Info                  CSI    00000032 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:48:23, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:48:30, Info                  CSI    00000035 [SR] Verify complete
    2016-05-28 14:48:31, Info                  CSI    00000036 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:48:31, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:48:37, Info                  CSI    00000039 [SR] Verify complete
    2016-05-28 14:48:39, Info                  CSI    0000003a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:48:39, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:48:45, Info                  CSI    0000003d [SR] Verify complete
    2016-05-28 14:48:46, Info                  CSI    0000003e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:48:46, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:48:53, Info                  CSI    00000041 [SR] Verify complete
    2016-05-28 14:48:55, Info                  CSI    00000042 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:48:55, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:49:02, Info                  CSI    00000045 [SR] Verify complete
    2016-05-28 14:49:03, Info                  CSI    00000046 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:49:03, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:49:09, Info                  CSI    00000049 [SR] Verify complete
    2016-05-28 14:49:10, Info                  CSI    0000004a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:49:10, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:49:16, Info                  CSI    0000004d [SR] Verify complete
    2016-05-28 14:49:18, Info                  CSI    0000004e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:49:18, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:49:23, Info                  CSI    00000051 [SR] Verify complete
    2016-05-28 14:49:25, Info                  CSI    00000052 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:49:25, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:49:31, Info                  CSI    00000055 [SR] Verify complete
    2016-05-28 14:49:33, Info                  CSI    00000056 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:49:33, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:49:39, Info                  CSI    00000059 [SR] Verify complete
    2016-05-28 14:49:41, Info                  CSI    0000005a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:49:41, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:49:46, Info                  CSI    0000005d [SR] Verify complete
    2016-05-28 14:49:47, Info                  CSI    0000005e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:49:47, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:49:51, Info                  CSI    00000061 [SR] Verify complete
    2016-05-28 14:49:51, Info                  CSI    00000062 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:49:51, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:49:55, Info                  CSI    00000065 [SR] Verify complete
    2016-05-28 14:49:56, Info                  CSI    00000066 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:49:56, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:49:58, Info                  CSI    00000069 [SR] Verify complete
    2016-05-28 14:49:59, Info                  CSI    0000006a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:49:59, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:50:02, Info                  CSI    0000006d [SR] Verify complete
    2016-05-28 14:50:03, Info                  CSI    0000006e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:50:03, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:50:06, Info                  CSI    00000071 [SR] Verify complete
    2016-05-28 14:50:06, Info                  CSI    00000072 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:50:06, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:50:09, Info                  CSI    00000075 [SR] Verify complete
    2016-05-28 14:50:10, Info                  CSI    00000076 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:50:10, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:50:13, Info                  CSI    00000079 [SR] Verify complete
    2016-05-28 14:50:14, Info                  CSI    0000007a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:50:14, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:50:17, Info                  CSI    0000007d [SR] Verify complete
    2016-05-28 14:50:18, Info                  CSI    0000007e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:50:18, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:50:20, Info                  CSI    00000081 [SR] Verify complete
    2016-05-28 14:50:21, Info                  CSI    00000082 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:50:21, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:50:23, Info                  CSI    00000085 [SR] Verify complete
    2016-05-28 14:50:24, Info                  CSI    00000086 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:50:24, Info                  CSI    00000087 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:50:30, Info                  CSI    00000089 [SR] Verify complete
    2016-05-28 14:50:31, Info                  CSI    0000008a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:50:31, Info                  CSI    0000008b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:50:37, Info                  CSI    0000008d [SR] Verify complete
    2016-05-28 14:50:38, Info                  CSI    0000008e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:50:38, Info                  CSI    0000008f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:50:44, Info                  CSI    00000091 [SR] Verify complete
    2016-05-28 14:50:45, Info                  CSI    00000092 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:50:45, Info                  CSI    00000093 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:50:52, Info                  CSI    00000095 [SR] Verify complete
    2016-05-28 14:50:53, Info                  CSI    00000096 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:50:53, Info                  CSI    00000097 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:51:00, Info                  CSI    00000099 [SR] Verify complete
    2016-05-28 14:51:01, Info                  CSI    0000009a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:51:01, Info                  CSI    0000009b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:51:08, Info                  CSI    0000009d [SR] Verify complete
    2016-05-28 14:51:09, Info                  CSI    0000009e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:51:09, Info                  CSI    0000009f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:51:15, Info                  CSI    000000a1 [SR] Verify complete
    2016-05-28 14:51:17, Info                  CSI    000000a2 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:51:17, Info                  CSI    000000a3 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:51:23, Info                  CSI    000000a5 [SR] Verify complete
    2016-05-28 14:51:23, Info                  CSI    000000a6 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:51:23, Info                  CSI    000000a7 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:51:29, Info                  CSI    000000a9 [SR] Verify complete
    2016-05-28 14:51:31, Info                  CSI    000000aa [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:51:31, Info                  CSI    000000ab [SR] Beginning Verify and Repair transaction
    2016-05-28 14:51:39, Info                  CSI    000000ad [SR] Verify complete
    2016-05-28 14:51:40, Info                  CSI    000000ae [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:51:40, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
    2016-05-28 14:51:45, Info                  CSI    000000b1 [SR] Verify complete
    2016-05-28 14:51:47, Info                  CSI    000000b2 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:51:47, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:51:52, Info                  CSI    000000b5 [SR] Verify complete
    2016-05-28 14:51:53, Info                  CSI    000000b6 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:51:53, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:52:01, Info                  CSI    000000b9 [SR] Verify complete
    2016-05-28 14:52:01, Info                  CSI    000000ba [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:52:01, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
    2016-05-28 14:52:08, Info                  CSI    000000bd [SR] Verify complete
    2016-05-28 14:52:10, Info                  CSI    000000be [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:52:10, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
    2016-05-28 14:52:15, Info                  CSI    000000c1 [SR] Verify complete
    2016-05-28 14:52:16, Info                  CSI    000000c2 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:52:16, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:52:31, Info                  CSI    000000c5 [SR] Verify complete
    2016-05-28 14:52:32, Info                  CSI    000000c6 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:52:32, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:52:37, Info                  CSI    000000c9 [SR] Verify complete
    2016-05-28 14:52:39, Info                  CSI    000000ca [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:52:39, Info                  CSI    000000cb [SR] Beginning Verify and Repair transaction
    2016-05-28 14:52:45, Info                  CSI    000000cd [SR] Verify complete
    2016-05-28 14:52:45, Info                  CSI    000000ce [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:52:45, Info                  CSI    000000cf [SR] Beginning Verify and Repair transaction
    2016-05-28 14:52:52, Info                  CSI    000000d1 [SR] Verify complete
    2016-05-28 14:52:53, Info                  CSI    000000d2 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:52:53, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:52:59, Info                  CSI    000000d5 [SR] Verify complete
    2016-05-28 14:53:00, Info                  CSI    000000d6 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:53:00, Info                  CSI    000000d7 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:53:08, Info                  CSI    000000d9 [SR] Verify complete
    2016-05-28 14:53:09, Info                  CSI    000000da [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:53:09, Info                  CSI    000000db [SR] Beginning Verify and Repair transaction
    2016-05-28 14:53:15, Info                  CSI    000000dd [SR] Verify complete
    2016-05-28 14:53:17, Info                  CSI    000000de [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:53:17, Info                  CSI    000000df [SR] Beginning Verify and Repair transaction
    2016-05-28 14:53:35, Info                  CSI    000000e1 [SR] Verify complete
    2016-05-28 14:53:36, Info                  CSI    000000e2 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:53:36, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:53:51, Info                  CSI    000000e5 [SR] Verify complete
    2016-05-28 14:53:53, Info                  CSI    000000e6 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:53:53, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:54:16, Info                  CSI    000000e9 [SR] Verify complete
    2016-05-28 14:54:17, Info                  CSI    000000ea [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:54:17, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
    2016-05-28 14:54:39, Info                  CSI    000000ee [SR] Verify complete
    2016-05-28 14:54:40, Info                  CSI    000000ef [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:54:40, Info                  CSI    000000f0 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:55:01, Info                  CSI    000000f3 [SR] Verify complete
    2016-05-28 14:55:02, Info                  CSI    000000f4 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:55:02, Info                  CSI    000000f5 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:55:29, Info                  CSI    000000f7 [SR] Verify complete
    2016-05-28 14:55:29, Info                  CSI    000000f8 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:55:29, Info                  CSI    000000f9 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:55:43, Info                  CSI    00000103 [SR] Verify complete
    2016-05-28 14:55:44, Info                  CSI    00000104 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:55:44, Info                  CSI    00000105 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:55:50, Info                  CSI    00000107 [SR] Verify complete
    2016-05-28 14:55:51, Info                  CSI    00000108 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:55:51, Info                  CSI    00000109 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:55:58, Info                  CSI    0000010b [SR] Verify complete
    2016-05-28 14:55:59, Info                  CSI    0000010c [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:55:59, Info                  CSI    0000010d [SR] Beginning Verify and Repair transaction
    2016-05-28 14:56:07, Info                  CSI    0000010f [SR] Verify complete
    2016-05-28 14:56:07, Info                  CSI    00000110 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:56:07, Info                  CSI    00000111 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:56:15, Info                  CSI    00000113 [SR] Verify complete
    2016-05-28 14:56:16, Info                  CSI    00000114 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:56:16, Info                  CSI    00000115 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:56:26, Info                  CSI    00000117 [SR] Verify complete
    2016-05-28 14:56:27, Info                  CSI    00000118 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:56:27, Info                  CSI    00000119 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:56:43, Info                  CSI    0000011d [SR] Verify complete
    2016-05-28 14:56:44, Info                  CSI    0000011e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:56:44, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:57:04, Info                  CSI    00000121 [SR] Verify complete
    2016-05-28 14:57:05, Info                  CSI    00000122 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:57:05, Info                  CSI    00000123 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:57:23, Info                  CSI    00000125 [SR] Verify complete
    2016-05-28 14:57:24, Info                  CSI    00000126 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:57:24, Info                  CSI    00000127 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:57:28, Info                  CSI    00000129 [SR] Verify complete
    2016-05-28 14:57:28, Info                  CSI    0000012a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:57:28, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:57:31, Info                  CSI    0000012d [SR] Verify complete
    2016-05-28 14:57:31, Info                  CSI    0000012e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:57:31, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:57:34, Info                  CSI    00000131 [SR] Verify complete
    2016-05-28 14:57:35, Info                  CSI    00000132 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:57:35, Info                  CSI    00000133 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:57:52, Info                  CSI    00000151 [SR] Verify complete
    2016-05-28 14:57:52, Info                  CSI    00000152 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:57:52, Info                  CSI    00000153 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:57:55, Info                  CSI    00000155 [SR] Verify complete
    2016-05-28 14:57:55, Info                  CSI    00000156 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:57:55, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:58:00, Info                  CSI    00000159 [SR] Verify complete
    2016-05-28 14:58:01, Info                  CSI    0000015a [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:58:01, Info                  CSI    0000015b [SR] Beginning Verify and Repair transaction
    2016-05-28 14:58:06, Info                  CSI    0000015d [SR] Verify complete
    2016-05-28 14:58:07, Info                  CSI    0000015e [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:58:07, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
    2016-05-28 14:58:19, Info                  CSI    00000161 [SR] Verify complete
    2016-05-28 14:58:20, Info                  CSI    00000162 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:58:20, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:58:29, Info                  CSI    00000164 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"ir41_qcx.dll" from store
    2016-05-28 14:58:33, Info                  CSI    00000167 [SR] Verify complete
    2016-05-28 14:58:34, Info                  CSI    00000168 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:58:34, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:58:38, Info                  CSI    0000016b [SR] Verify complete
    2016-05-28 14:58:38, Info                  CSI    0000016c [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:58:38, Info                  CSI    0000016d [SR] Beginning Verify and Repair transaction
    2016-05-28 14:58:48, Info                  CSI    0000016f [SR] Verify complete
    2016-05-28 14:58:49, Info                  CSI    00000170 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:58:49, Info                  CSI    00000171 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:58:54, Info                  CSI    00000173 [SR] Verify complete
    2016-05-28 14:58:54, Info                  CSI    00000174 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:58:54, Info                  CSI    00000175 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:59:01, Info                  CSI    00000177 [SR] Verify complete
    2016-05-28 14:59:01, Info                  CSI    00000178 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:59:01, Info                  CSI    00000179 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:59:18, Info                  CSI    00000195 [SR] Verify complete
    2016-05-28 14:59:18, Info                  CSI    00000196 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:59:18, Info                  CSI    00000197 [SR] Beginning Verify and Repair transaction
    2016-05-28 14:59:31, Info                  CSI    000001a2 [SR] Verify complete
    2016-05-28 14:59:32, Info                  CSI    000001a3 [SR] Verifying 100 (0x00000064) components
    2016-05-28 14:59:32, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:00:40, Info                  CSI    000001a6 [SR] Verify complete
    2016-05-28 15:00:40, Info                  CSI    000001a7 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:00:40, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:00:57, Info                  CSI    000001aa [SR] Verify complete
    2016-05-28 15:00:58, Info                  CSI    000001ab [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:00:58, Info                  CSI    000001ac [SR] Beginning Verify and Repair transaction
    2016-05-28 15:01:12, Info                  CSI    000001ae [SR] Verify complete
    2016-05-28 15:01:12, Info                  CSI    000001af [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:01:12, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:01:23, Info                  CSI    000001b2 [SR] Verify complete
    2016-05-28 15:01:24, Info                  CSI    000001b3 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:01:24, Info                  CSI    000001b4 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:01:33, Info                  CSI    000001b6 [SR] Verify complete
    2016-05-28 15:01:33, Info                  CSI    000001b7 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:01:33, Info                  CSI    000001b8 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:01:40, Info                  CSI    000001bb [SR] Verify complete
    2016-05-28 15:01:41, Info                  CSI    000001bc [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:01:41, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
    2016-05-28 15:01:46, Info                  CSI    000001bf [SR] Verify complete
    2016-05-28 15:01:47, Info                  CSI    000001c0 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:01:47, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:02:10, Info                  CSI    000001c3 [SR] Verify complete
    2016-05-28 15:02:11, Info                  CSI    000001c4 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:02:11, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:02:19, Info                  CSI    000001c7 [SR] Verify complete
    2016-05-28 15:02:20, Info                  CSI    000001c8 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:02:20, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:02:31, Info                  CSI    000001cb [SR] Verify complete
    2016-05-28 15:02:33, Info                  CSI    000001cc [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:02:33, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
    2016-05-28 15:02:38, Info                  CSI    000001cf [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2016-05-28 15:02:41, Info                  CSI    000001d1 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2016-05-28 15:02:41, Info                  CSI    000001d2 [SR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"
    2016-05-28 15:02:46, Info                  CSI    000001d4 [SR] Verify complete
    2016-05-28 15:02:47, Info                  CSI    000001d5 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:02:47, Info                  CSI    000001d6 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:02:57, Info                  CSI    000001d8 [SR] Verify complete
    2016-05-28 15:02:58, Info                  CSI    000001d9 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:02:58, Info                  CSI    000001da [SR] Beginning Verify and Repair transaction
    2016-05-28 15:03:12, Info                  CSI    000001dc [SR] Verify complete
    2016-05-28 15:03:13, Info                  CSI    000001dd [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:03:13, Info                  CSI    000001de [SR] Beginning Verify and Repair transaction
    2016-05-28 15:03:33, Info                  CSI    000001e1 [SR] Verify complete
    2016-05-28 15:03:34, Info                  CSI    000001e2 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:03:34, Info                  CSI    000001e3 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:03:41, Info                  CSI    000001e5 [SR] Verify complete
    2016-05-28 15:03:42, Info                  CSI    000001e6 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:03:42, Info                  CSI    000001e7 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:03:51, Info                  CSI    000001e9 [SR] Verify complete
    2016-05-28 15:03:51, Info                  CSI    000001ea [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:03:51, Info                  CSI    000001eb [SR] Beginning Verify and Repair transaction
    2016-05-28 15:04:00, Info                  CSI    000001ee [SR] Verify complete
    2016-05-28 15:04:00, Info                  CSI    000001ef [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:04:00, Info                  CSI    000001f0 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:04:09, Info                  CSI    000001f1 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
    2016-05-28 15:04:09, Info                  CSI    000001f2 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
    2016-05-28 15:04:12, Info                  CSI    000001f6 [SR] Verify complete
    2016-05-28 15:04:12, Info                  CSI    000001f7 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:04:12, Info                  CSI    000001f8 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:04:23, Info                  CSI    000001fa [SR] Verify complete
    2016-05-28 15:04:23, Info                  CSI    000001fb [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:04:23, Info                  CSI    000001fc [SR] Beginning Verify and Repair transaction
    2016-05-28 15:04:35, Info                  CSI    000001fe [SR] Verify complete
    2016-05-28 15:04:35, Info                  CSI    000001ff [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:04:35, Info                  CSI    00000200 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:04:38, Info                  CSI    00000202 [SR] Verify complete
    2016-05-28 15:04:42, Info                  CSI    00000203 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:04:42, Info                  CSI    00000204 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:04:50, Info                  CSI    00000206 [SR] Verify complete
    2016-05-28 15:04:51, Info                  CSI    00000207 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:04:51, Info                  CSI    00000208 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:05:01, Info                  CSI    0000020a [SR] Verify complete
    2016-05-28 15:05:01, Info                  CSI    0000020b [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:05:01, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
    2016-05-28 15:05:10, Info                  CSI    0000020e [SR] Verify complete
    2016-05-28 15:05:10, Info                  CSI    0000020f [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:05:10, Info                  CSI    00000210 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:05:30, Info                  CSI    00000212 [SR] Verify complete
    2016-05-28 15:05:30, Info                  CSI    00000213 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:05:30, Info                  CSI    00000214 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:05:36, Info                  CSI    00000216 [SR] Verify complete
    2016-05-28 15:05:36, Info                  CSI    00000217 [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:05:36, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:05:42, Info                  CSI    0000021a [SR] Verify complete
    2016-05-28 15:05:43, Info                  CSI    0000021b [SR] Verifying 100 (0x00000064) components
    2016-05-28 15:05:43, Info                  CSI    0000021c [SR] Beginning Verify and Repair transaction
    2016-05-28 15:05:57, Info                  CSI    00000227 [SR] Verify complete
    2016-05-28 15:05:57, Info                  CSI    00000228 [SR] Verifying 35 (0x00000023) components
    2016-05-28 15:05:57, Info                  CSI    00000229 [SR] Beginning Verify and Repair transaction
    2016-05-28 15:05:59, Info                  CSI    0000022b [SR] Verify complete
    2016-05-28 15:05:59, Info                  CSI    0000022c [SR] Repairing 3 components
    2016-05-28 15:05:59, Info                  CSI    0000022d [SR] Beginning Verify and Repair transaction
    2016-05-28 15:05:59, Info                  CSI    0000022f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2016-05-28 15:05:59, Info                  CSI    00000230 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
    2016-05-28 15:05:59, Info                  CSI    00000231 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
    2016-05-28 15:05:59, Info                  CSI    00000233 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2016-05-28 15:05:59, Info                  CSI    00000234 [SR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"
    2016-05-28 15:05:59, Info                  CSI    00000235 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"ir41_qcx.dll" from store
    2016-05-28 15:05:59, Info                  CSI    00000237 [SR] Repair complete
    2016-05-28 15:06:00, Info                  CSI    00000238 [SR] Committing transaction
    2016-05-28 15:06:00, Info                  CSI    0000023c [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired

     


    • 0

    #6
    puthu

    puthu

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    Vino's Event Viewer v01c run on Windows Vista in English
    Report run at 28/05/2016 3:16:54 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 28/05/2016 5:42:12 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Log: 'System' Date/Time: 28/05/2016 5:42:04 PM
    Type: Error Category: 0
    Event: 10016 Source: Microsoft-Windows-DistributedCOM
    The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D215781D-019E-4FA0-903D-0CDCDE13A4F5}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Log: 'System' Date/Time: 28/05/2016 5:38:01 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 28/05/2016 5:42:29 PM
    Type: Warning Category: 0
    Event: 1003 Source: Microsoft-Windows-Dhcp-Client
    Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0017C422D0E2.  The following error occurred:  The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

    Log: 'System' Date/Time: 28/05/2016 5:41:30 PM
    Type: Warning Category: 0
    Event: 4 Source: b57nd60x
    Broadcom NetLink ™ Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 28/05/2016 5:39:20 PM
    Type: Warning Category: 0
    Event: 4 Source: b57nd60x
    Broadcom NetLink ™ Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 28/05/2016 5:38:24 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.


    • 0

    #7
    puthu

    puthu

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    Vino's Event Viewer v01c run on Windows Vista in English
    Report run at 28/05/2016 3:19:00 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 28/05/2016 5:42:14 PM
    Type: Warning Category: 0
    Event: 0 Source: AtBroker
    The event description cannot be found.

    Log: 'Application' Date/Time: 28/05/2016 5:42:06 PM
    Type: Warning Category: 0
    Event: 0 Source: AtBroker
    The event description cannot be found.

    Log: 'Application' Date/Time: 28/05/2016 5:42:06 PM
    Type: Warning Category: 0
    Event: 0 Source: AtBroker
    The event description cannot be found.

    Log: 'Application' Date/Time: 28/05/2016 5:42:06 PM
    Type: Warning Category: 0
    Event: 0 Source: AtBroker
    The event description cannot be found.

    Log: 'Application' Date/Time: 28/05/2016 5:42:03 PM
    Type: Warning Category: 0
    Event: 3 Source: SQLBrowser
    The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

    Log: 'Application' Date/Time: 28/05/2016 5:38:01 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-534116950-1332898044-2559044525-1003:
    Process 776 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-534116950-1332898044-2559044525-1003

     


    • 0

    #8
    puthu

    puthu

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    the post was too long. Hence the file attached, thanks

    Attached Files


    • 0

    #9
    puthu

    puthu

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    armsvc.exe  2,096 K 3,176 K 1960 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
    audiodg.exe  15,696 K 13,644 K 1260 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
    BcmSqlStartupSvc.exe  976 K 2,924 K 1992 BCM SQL Startup Service Microsoft Corporation (Verified) Microsoft Corporation
    BR040286.exe  2,648 K 3,396 K 1116 USB PC Camera Bison Inc. (No signature was present in the subject) Bison Inc.
    conime.exe  1,292 K 4,168 K 2848 Console IME Microsoft Corporation (Verified) Microsoft Windows
    eDSLoader.exe  11,968 K 14,172 K 704 Acer eDataSecurity Management Loader Egis Incorporated (Verified) EGIS TECHNOLOGY INC.
    eDSService.exe  1,548 K 4,304 K 2012 Acer eDataSecurity Management Service Egis Incorporated (Verified) EGIS TECHNOLOGY INC.
    ehmsas.exe  1,564 K 4,820 K 1588 Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows
    ehtray.exe  1,804 K 2,644 K 4016 Media Center Tray Applet Microsoft Corporation (Verified) Microsoft Windows
    FlashUtil32_21_0_0_242_ActiveX.exe  5,412 K 10,012 K 496 Adobe® Flash® Player Installer/Uninstaller 21.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
    hpwuschd2.exe  1,064 K 3,152 K 3220 hpwuSchd Application Hewlett-Packard (A certificate was explicitly revoked by its issuer) Hewlett-Packard
    IAAnotif.exe  1,528 K 4,020 K 4044 Event Monitor User Notification Tool Intel Corporation (Verified) Intel Corporation
    IAANTmon.exe  2,824 K 5,048 K 792 RAID Monitor Intel Corporation (Verified) Intel Corporation
    igfxext.exe  1,096 K 3,968 K 3708 igfxext Module Intel Corporation (Verified) Intel Corporation
    igfxpers.exe  1,540 K 4,792 K 3728 persistence Module Intel Corporation (Verified) Intel Corporation
    igfxsrvc.exe  1,372 K 4,032 K 1528 igfxsrvc Module Intel Corporation (Verified) Intel Corporation
    igfxtray.exe  1,636 K 4,732 K 1360 igfxTray Module Intel Corporation (Verified) Intel Corporation
    LSSrvc.exe  1,036 K 3,036 K 996  Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
    MobilityService.exe  11,400 K 9,120 K 1464 app  (No signature was present in the subject)
    msseces.exe  6,076 K 8,976 K 3216 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
    NisSrv.exe  15,156 K 9,388 K 3328 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
    PDVDServ.exe  1,576 K 4,760 K 2792 PowerDVD RC Service Cyberlink Corp. (No signature was present in the subject) Cyberlink Corp.
    RtHDVCpl.exe  9,100 K 6,332 K 2404 HD Audio Control Panel Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
    RtkBtMnt.exe  2,624 K 3,972 K 3884 Realtek HD Audio Data Rerouter Realtek Semiconductor Corp. (No signature was present in the subject) Realtek Semiconductor Corp.
    rundll32.exe  4,868 K 9,008 K 2208 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
    ScanToPCActivationApp.exe  3,064 K 7,924 K 3696 ScanToPCActivationApp Hewlett-Packard Co. (Verified) Hewlett Packard
    services.exe  2,960 K 6,764 K 644 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
    SLsvc.exe  6,092 K 4,412 K 1308 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
    smss.exe  288 K 720 K 424 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
    sqlbrowser.exe  1,112 K 2,768 K 2288 SQL Browser Service EXE Microsoft Corporation (Verified) Microsoft Corporation
    sqlwriter.exe  3,744 K 4,836 K 2300 SQL Server VSS Writer Microsoft Corporation (Verified) Microsoft Corporation
    svchost.exe  2,148 K 4,532 K 1284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  2,240 K 5,168 K 840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  580 K 2,192 K 2416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  1,840 K 68,296 K 5632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  5,328 K 7,372 K 2368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  12,744 K 11,864 K 1792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  8,924 K 12,848 K 1352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  3,264 K 6,708 K 856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    SynTPStart.exe  1,680 K 5,076 K 1076 Synaptics Pointing Device starter Synaptics, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
    taskeng.exe  2,008 K 5,940 K 3784 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    UnlockerAssistant.exe  1,240 K 3,492 K 3540   (No signature was present in the subject)
    unsecapp.exe  2,160 K 3,760 K 3168 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
    wininit.exe  1,416 K 3,744 K 600 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
    winlogon.exe  2,256 K 5,212 K 744 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
    WLIDSVC.EXE  5,928 K 7,816 K 2556 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
    WLIDSVCM.EXE  888 K 2,520 K 2692 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
    WmiPrvSE.exe  9,928 K 16,128 K 1816 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    eNet Service.exe < 0.01 15,140 K 11,496 K 12 acer eNet Management Service Acer Inc. (No signature was present in the subject) Acer Inc.
    capuserv.exe < 0.01 40,400 K 20,140 K 2856 Service  (No signature was present in the subject)
    Acer.Empowering.Framework.Supervisor.exe < 0.01 46,692 K 45,804 K 2756 Acer Empowering Techonology Framework Launcher Acer Inc. (No signature was present in the subject) Acer Inc.
    taskeng.exe < 0.01 9,584 K 9,976 K 3876 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    ePowerSvc.exe < 0.01 20,228 K 14,252 K 2644 WMIServi Application acer (No signature was present in the subject) acer
    svchost.exe < 0.01 20,332 K 15,116 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe < 0.01 1,856 K 5,336 K 556 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    lsm.exe < 0.01 2,116 K 3,796 K 668 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
    XAudio.exe < 0.01 760 K 2,132 K 2824 Modem Audio Service Conexant Systems, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
    iexplore.exe < 0.01 21,564 K 34,568 K 5400 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
    HP1006MC.EXE < 0.01 1,104 K 3,580 K 2496 SMLMProxy Module Software 2000 Limited (Verified) Microsoft Windows Hardware Compatibility Publisher
    WmiPrvSE.exe < 0.01 23,628 K 29,228 K 2928 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    hkcmd.exe < 0.01 1,896 K 4,892 K 2256 hkcmd Module Intel Corporation (Verified) Intel Corporation
    SearchIndexer.exe < 0.01 42,552 K 21,376 K 2800 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    eNMTray.exe < 0.01 29,108 K 24,336 K 2272 Acer eNet Tray Acer Inc. (No signature was present in the subject) Acer Inc.
    svchost.exe < 0.01 4,160 K 6,672 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    spoolsv.exe < 0.01 7,576 K 9,484 K 1760 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 109,808 K 115,500 K 1188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    lsass.exe < 0.01 5,232 K 9,420 K 656 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    LManager.exe < 0.01 10,440 K 6,768 K 2580 Acer Launch Manager Keyboard Application Dritek System Inc. (Verified) Dritek System Inc.
    HPNetworkCommunicator.exe < 0.01 3,516 K 7,172 K 7188 HPNetworkCommunicator Hewlett-Packard Co. (Verified) Hewlett Packard
    explorer.exe < 0.01 30,136 K 38,748 K 3852 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    iexplore.exe < 0.01 233,572 K 283,420 K 3584 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
    osk.exe < 0.01 1,396 K 4,636 K 7752 On-Screen Keyboard Microsoft Corporation (Verified) Microsoft Windows
    igfxsrvc.exe < 0.01 2,396 K 5,456 K 3504 igfxsrvc Module Intel Corporation (Verified) Intel Corporation
    eLockServ.exe < 0.01 19,080 K 12,316 K 2032 Acer eLock Management Acer Inc. (No signature was present in the subject) Acer Inc.
    ePower_DMC.exe < 0.01 21,144 K 19,320 K 4356 Acer ePower Management DMC Acer Inc. (No signature was present in the subject) Acer Inc.
    System < 0.01 0 K 18,728 K 4   
    csrss.exe < 0.01 2,892 K 9,800 K 612 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    dwm.exe 0.76 37,000 K 44,112 K 3804 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    Interrupts 0.76 0 K 0 K n/a Hardware Interrupts and DPCs  
    MsMpEng.exe 0.76 113,808 K 107,632 K 968 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
    svchost.exe 0.76 16,424 K 12,900 K 1560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    SynTPEnh.exe 2.27 2,200 K 4,864 K 2620 Synaptics TouchPad Enhancements Synaptics, Inc. (Verified) Synaptics Incorporated
    procexp.exe 5.30 22,876 K 34,752 K 6792 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    svchost.exe 35.61 97,984 K 98,928 K 1168 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    System Idle Process 53.79 0 K 24 K 0   


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 21,458 posts
    • MVP

    Two main problems.

    This process is eating up too much CPU time.  This is the one at the bottom of the list just before System Idle in Process Explorer.

    svchost.exe 35.61 97,984 K 98,928 K 1168 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

     

    If you hover over it you will get a list of services that ride on this svchost.exe.  What are they?

     

     

    Speccy says it is running hot:

     

    CPU

    Intel Pentium T2390 @ 1.86GHz 65 °C
    Merom 65nm Technology
    RAM
    3.00GB Dual-Channel DDR2 @ 266MHz (4-4-4-12)
    Motherboard
    Acer Columbia (U2E1) 74 °C
     
    We want to see the temps below 60.
     
    Make sure the PC is on a hard surface with nothing blocking the vents.   Usually this overheating is caused by dust clogging the heatsink.  What make and model number is the PC?
     
      See if you can get Speedfan to work:
     
     
    Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
     
    It will tell you your temps in real time.  

    • 0

    Advertisements


    #11
    puthu

    puthu

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    It is very difficult to tell the svhost as it keeps moving about.

     

    It is a laptop acer - extensa 5620z. It is usually on a hard surface, sometimes i lay it on the couch or bed.

     

    The core says 51 temp 1 & 2


    • 0

    #12
    puthu

    puthu

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    it says dcom server process launcher (Dcom launch) - hard to read


    • 0

    #13
    puthu

    puthu

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    plug & play

     

    those were the 2 items under the svhost


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 21,458 posts
    • MVP

    It's probably DCOMLaunch, PlugPlay & Power.  This is unusual.  Normally it's way down in the CPU usage list.  

     

    Click on the Process column header.  This will sort things by the Process name so they won't jump around.  Find the svchost.exe which has the high CPU usage which should still be your DCOMLaunch, PlugPlay & Power.  Directly under it you will see unsecapp.exe, wmiprvse.exe, prevhost.exe and probably a second wmiprvse.exe.  Right click on each and Suspend.  After each Suspend, check the CPU percentage for the svchost.exe.  We want to find the one that makes it drop to .something. 

     

    sometimes i lay it on the couch or bed.

     

     

    Never do that.  A soft surface will block the air vents on the bottom and cause it to overheat.  People have died when a laptop overheated and caught fire after they fell asleep with it on the bed.  If you must use it on a soft surface set it on a hard surface like a tray or even a big book.


    • 0

    #15
    puthu

    puthu

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts
    I think I made a boo boo, just suspended procexp.exe while suspending the list of other items u told me to, sorry . Now the program won't work at all. I took a snap shot before this happened.
    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP