Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Im unable to download the avast antivirus software [Solved]


  • This topic is locked This topic is locked

#1
puthu

puthu

    Member

  • Member
  • PipPipPip
  • 153 posts

Hello wonderful poeple,

 

I dont have an antivirus software, i had put up a topic a few weeks ago about malware byte wont update, that problem is fixed by the hardware forum. Now im having issues with downloading the MSE from avast free software, Can you please help ?

 

Thanks

Puthu


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Hello Puthu,

 

What do you mean by MSE?


  • 1

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Thank you for you PM.

 

So you mean Microsoft Security Essentials, why are you trying to download that from Avast?

 

Go to the link below to download MSE:

 

 

 


  • 0

#4
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Hi

 

Finally, i get to reply to this post, awesome

 

So once again, i am typing the same message i sent you earlier on PM, Ive not been able to run the program after downloading, it just freezes half way through updating the program.

 

Thanks


  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Have you checked the date and time on your machine? If that is not correct you won't be able to load MSE.

 

Also, MSE doesn't like loading if there is another AV there. The old AV needs to be uninstalled first.


  • 0

#6
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

The date and time are aacurate. I uninstalle the old one completely and reinstalled the one you recommended. I have no other AV installed only the one you recommended. Its not running.


  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

 

I have no other AV installed only the one you recommended.

 

What recommendation are you referring to?

 

 

Its not running.

 

Let's have a look and see what we can find.
 
Now
 
Important - We ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

Next

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 


  • 0

#8
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Thank you for helping me sir ! The recommendation i was referring to was : MSE

 

Here is the log as requested :

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2016
Ran by Allen (administrator) on ALLEN-PC (16-11-2016 11:12:38)
Running from C:\Users\Allen\Desktop
Loaded Profiles: Allen (Available Profiles: Allen)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Bison Inc.) C:\Windows\BR040286.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(Realtek Semiconductor Corp.) C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [BisonInst0402] => C:\Windows\BR040286.exe [53248 2007-05-08] (Bison Inc.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [81920 2008-01-22] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-07] (Dritek System Inc.)
HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [Acer Product Registration] => C:\Program Files\Acer\Acer Registration\ACE1.exe [3387392 2007-11-26] (Leader Technologies)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2008-05-02] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-04-17] (Google Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Google Update] => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Logitech Vid HD] => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Facebook Update] => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-06] (Facebook Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1721192 2011-03-30] (Hewlett-Packard Co.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27020416 2016-10-09] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-01-03] (Egis Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2008-03-26]
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2008-10-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk [2016-11-15]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{39C7CE13-FD2A-4C69-A839-A7F82396DA33}: [DhcpNameServer] 192.168.2.1 142.166.166.166

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.ca.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
SearchScopes: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> {E6F8E096-4836-47C0-8883-6A99317FB847} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03] (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files\TurboTax 2014\ic2014pp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Allen\AppData\Roaming\TomTom\HOME\Profiles\n73ldfb0.default [2014-11-24]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-06-05] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @talk.google.com/O1DPlugin -> C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Allen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Allen\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [829096 2007-10-29] (Bison Electronics. Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-26] (NewTech Infosystems, Inc.) [File not signed]
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
U0 Sr; no ImagePath
U2 SrService; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-16 11:12 - 2016-11-16 11:13 - 00044803 _____ C:\Users\Allen\Desktop\FRST.txt
2016-11-16 11:12 - 2016-11-16 11:12 - 00000000 ____D C:\FRST
2016-11-16 11:10 - 2016-11-16 11:10 - 01760768 _____ (Farbar) C:\Users\Allen\Desktop\FRST.exe
2016-11-15 20:23 - 2016-11-15 20:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-15 20:23 - 2016-11-15 20:23 - 00001830 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-15 20:20 - 2016-11-15 20:20 - 11640664 _____ (Microsoft Corporation) C:\Users\Allen\Desktop\mseinstall.exe
2016-11-15 20:15 - 2016-11-15 20:15 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2016-11-10 20:11 - 2016-11-10 20:11 - 00000000 ____D C:\Users\Allen\AppData\Local\{15DD86F3-D13B-4F72-B007-CAF4F21F6DD7}
2016-10-20 07:39 - 2016-10-20 07:39 - 00000000 ____D C:\Users\Allen\AppData\Local\{B2DB9628-F0D9-40CB-A7BB-591FB7841E42}
2016-10-17 17:57 - 2016-10-17 17:57 - 00000000 ____D C:\Program Files\Common Files\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-16 11:10 - 2008-03-26 04:16 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-16 11:09 - 2009-06-30 15:23 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
2016-11-16 11:08 - 2015-06-02 14:17 - 00000402 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-11-16 11:08 - 2015-04-25 10:48 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-16 11:08 - 2014-09-24 13:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-16 11:08 - 2012-10-06 12:39 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
2016-11-16 11:08 - 2006-11-02 08:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-16 11:08 - 2006-11-02 08:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-15 20:49 - 2016-05-04 13:05 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-15 20:34 - 2010-08-30 12:51 - 00484864 _____ C:\Users\Allen\Desktop\Logbook.xls
2016-11-15 20:33 - 2008-10-27 03:35 - 00002607 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2016-11-15 20:33 - 2008-10-27 03:35 - 00002605 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2016-11-15 20:29 - 2016-07-18 18:12 - 00000000 ____D C:\Users\Allen\Desktop\Multi pic log
2016-11-15 20:24 - 2012-03-10 07:39 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-15 20:22 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-11-15 20:22 - 2006-11-02 06:33 - 00860232 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-15 20:18 - 2010-07-11 22:22 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Skype
2016-11-15 20:17 - 2009-04-19 20:49 - 00000000 ____D C:\Users\Allen\Tracing
2016-11-15 20:15 - 2015-04-25 10:48 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-15 20:14 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 20:13 - 2006-11-02 09:01 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-15 20:12 - 2012-10-06 12:39 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
2016-11-15 20:10 - 2016-06-01 23:06 - 00000000 ____D C:\Users\Allen\AppData\LocalLow\Adblock Plus for IE
2016-11-12 18:20 - 2009-06-30 15:23 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
2016-11-10 21:13 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-11-08 22:01 - 2014-09-24 13:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 22:01 - 2014-09-24 13:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-26 16:29 - 2009-10-02 15:27 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-21 20:41 - 2012-07-14 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-17 18:00 - 2010-07-11 22:21 - 00000000 ____D C:\ProgramData\Skype
2016-10-17 17:57 - 2010-07-11 22:22 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2011-04-10 14:23 - 2011-04-10 14:23 - 0000052 _____ () C:\Users\Allen\AppData\Roaming\G1000Trainer_preferences.xml
2011-04-10 14:23 - 2011-06-19 21:14 - 0006733 _____ () C:\Users\Allen\AppData\Roaming\G1000Trainer_student_record.xml
2014-12-10 15:26 - 2014-12-10 15:26 - 0000052 _____ () C:\Users\Allen\AppData\Roaming\pdfcompressor.ini
2008-11-13 01:28 - 2008-11-13 01:28 - 0024206 _____ () C:\Users\Allen\AppData\Roaming\UserTile.png
2012-02-19 19:43 - 2012-03-16 17:36 - 0000680 _____ () C:\Users\Allen\AppData\Local\d3d9caps.dat
2010-07-21 01:59 - 2016-08-27 19:27 - 0062464 _____ () C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 11:28 - 2015-06-02 11:28 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-07-11 22:23 - 2010-07-11 22:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Allen\AppData\Local\temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-15 20:24

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-11-2016
Ran by Allen (16-11-2016 11:13:27)
Running from C:\Users\Allen\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2008-09-17 20:14:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-534116950-1332898044-2559044525-500 - Administrator - Disabled)
Allen (S-1-5-21-534116950-1332898044-2559044525-1003 - Administrator - Enabled) => C:\Users\Allen
ASPNET (S-1-5-21-534116950-1332898044-2559044525-1005 - Limited - Enabled)
Guest (S-1-5-21-534116950-1332898044-2559044525-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Crystal Eye (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.13d - Acer Crystal Eye)
Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.20 - Acer Crystal Eye Webcam)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 2.11.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adblock Plus for IE (32-bit) (HKLM\...\{E93152F1-E3AE-4B2A-9BAC-F770203F67E5}) (Version: 1.5 - Eyeo GmbH)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON NX100 Series Printer Uninstall (HKLM\...\EPSON NX100 Series) (Version:  - SEIKO EPSON Corporation)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.2.183.13 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{AB2228C5-EA86-44E1-AFF6-58B9CC260CE3}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{C40DCEE3-A564-4692-B1D5-DA1F252BA3BC}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version:  - )
HP Photo Creations (HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\HP Photo Creations) (Version: 1.0.0.18332 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MrvlUsgTracking (HKLM\...\{02C85EC5-E864-4847-AF55-42730861004C}) (Version: 1.0.0 - Marvell)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.37 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.37 - NewTech Infosystems) Hidden
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3730a.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.101 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahoo! Extras (HKLM\...\Yahoo! Customizations) (Version:  - )
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Internet Mail) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Allen\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1340E10F-6A32-40A5-AB16-57CC12318002} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {18176CC6-1A9D-47F1-A26B-13910E7F909E} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30] (Hewlett-Packard Co.)
Task: {1A4242C0-60C1-4610-A9FE-9D7141CE1931} - System32\Tasks\{99258A10-6B3B-429F-8C29-27D864D109A3} => C:\Program Files\Skype\Phone\Skype.exe [2016-10-09] (Skype Technologies S.A.)
Task: {26597DBB-F5CA-4CAA-B86E-BC0A98609B82} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Allen\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-05-13] ()
Task: {2FA7A48B-76EB-49C5-857F-1258373A5860} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3CF60298-04EC-49DC-BDF6-2B76712045AB} - System32\Tasks\{DF166A33-0B21-42D0-9A6C-D6935E90AB73} => pcalua.exe -a C:\PROGRA~1\SOFTON~1\UNWISE.EXE -c C:\PROGRA~1\SOFTON~1\INSTALL.LOG
Task: {499D5A06-9F22-447F-BCE9-4946F822C169} - System32\Tasks\{5CAFF5CB-CA6E-4A8F-9E7A-D47D6B66AE7E} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLFL9HM6\SetupFSCopilot16[1].exe" -d C:\Users\Allen
Task: {58AE6357-C600-41C8-A2E0-0B4DF5811076} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-06] (Facebook Inc.)
Task: {645EA812-B73C-4E18-9181-34DB80502938} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {6AF0F6F3-A64E-4D6E-BFF1-D03992F2E9F9} - System32\Tasks\{858EA598-D309-4606-BEBC-70EF9403C894} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07L2HA66\SetupFSInn13B2_3[2].exe" -d C:\Users\Allen
Task: {714E4DED-E175-4C9D-831E-E337DC543BFC} - System32\Tasks\{D8721F9D-7F92-4077-B56D-66C255E56643} => pcalua.exe -a "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" -c REMOVE=TRUE MODIFY=FALSE
Task: {7DC317EB-164C-41F4-9D21-72EFD94806A7} - System32\Tasks\{6E5A1472-C989-48BA-8778-96025461C0AC} => pcalua.exe -a C:\Users\Allen\Desktop\VirtumundoBeGone.exe -d C:\Users\Allen\Desktop
Task: {89192796-C51B-456B-A050-D5E3C45A5D6D} - System32\Tasks\{D5FE861A-C79C-4D59-A538-F3923F67D2A2} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZVZEMVG\SetupFSInn12[1].exe" -d C:\Users\Allen
Task: {BE22A2C9-84B7-40C2-80DB-4EE9515DCD3D} - System32\Tasks\{D785B799-7774-474C-96E6-0D20036729B1} => pcalua.exe -a "C:\Program Files\Fs2002 And Fs2004 Easy Installer Utility!\eesi.exe" -d "C:\Program Files\Fs2002 And Fs2004 Easy Installer Utility!"
Task: {C1EB9403-15B9-4A46-9032-A5525EF30E5F} - System32\Tasks\{F6F3960B-7566-4264-9DD1-908FEFD7C1D5} => pcalua.exe -a "C:\Program Files\FSFDT\uninstallFSCopilot.exe"
Task: {C261008A-2895-44B6-8146-9400682854F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {C4DF8714-3D5B-4F78-AD03-1D5BCFEAFECD} - System32\Tasks\{262F4346-CCEC-4F15-B1D1-AB3419B87696} => pcalua.exe -a D:\setuppls.exe -d D:\ -c /AUTORUN
Task: {C9306C47-F213-4E0D-AE44-D5DBECC04F9C} - System32\Tasks\{88C44967-8EF0-4D52-9323-80C4B50F3543} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O7KXWM6P\wmp11-windowsxp-x86-enu[1].exe" -d C:\Windows\system32
Task: {CE16C034-B03F-4132-8CD6-063422115D25} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {D0F03E06-D15C-45B5-86C8-A93F58BBF3EC} - System32\Tasks\Microsoft\Windows\RestartManager\{9388B6A3-309E-4d7f-B8A8-B87168832CB9} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {DBAB3616-414F-42C3-BD2F-79AC04CD09E3} - System32\Tasks\PDVDServ.EXE_1322400303 => C:\Program Files\CyberLink\PowerDVD\PDVDServ.EXE [2008-01-22] (Cyberlink Corp.)
Task: {F8E07DE8-CE5F-4FDC-951D-69BA2E61FBAC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FA8D32A9-622D-4C18-95C5-09B4106AD01C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-06] (Facebook Inc.)
Task: {FCFA6D6A-FA88-4452-98C5-BFF7A63332CF} - System32\Tasks\{F39A87A9-2776-4442-96B8-82EFD761788E} => pcalua.exe -a "C:\Program Files\Microsoft Games\FS2002\FSUNINSTALL.EXE" -c /runtemp /addremove

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Allen\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{81269CAB-AB40-4890-B356-37C309F68D20}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

ShortcutWithArgument: C:\Users\Allen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=ca&.redir=ymmapi10
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=ca&.redir=ymmapi11

==================== Loaded Modules (Whitelisted) ==============

2008-09-17 16:27 - 2007-11-27 21:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-09-17 16:27 - 2007-11-27 18:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2011-03-30 17:19 - 2011-03-30 17:19 - 01841000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2008-09-17 16:26 - 2007-12-19 21:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-09-17 16:26 - 2007-12-19 21:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
2008-09-17 16:26 - 2007-12-19 21:09 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
2008-05-02 00:15 - 2008-05-02 00:15 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2008-09-17 16:21 - 2007-09-20 17:01 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2008-01-03 05:00 - 2008-01-03 05:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-09-17 17:08 - 2003-06-07 17:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2008-05-02 00:15 - 2008-05-02 00:15 - 00015872 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2008-03-26 04:23 - 2008-01-09 21:43 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2008-03-26 04:23 - 2008-01-09 21:42 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2008-09-17 16:22 - 2007-09-11 12:59 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2008-09-17 16:25 - 2007-12-20 16:58 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2008-09-17 16:26 - 2007-12-19 21:09 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2008-09-17 16:23 - 2007-12-20 14:33 - 00249856 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2012-03-22 08:06 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{C9EF5EDA-50C2-4BE3-97E4-588F170D901D}] => (Allow) C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{E01BE071-B00A-491D-BB6A-556CA52ABD35}] => (Allow) C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE
FirewallRules: [{47620D60-F3FA-4BF0-A495-1D203C176DA8}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{74D7467A-EEFF-44B9-A907-702E9A129F00}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{48617D48-7F68-434D-8342-547FE235771E}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{C9E71106-7B3B-4CFD-8DA6-D011E8B77B56}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [TCP Query User{C17E2344-6137-465B-AAD7-44082193412C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{BE179C4E-9D59-4E72-AC3B-3B90A91F09D7}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{F2DDA02E-CD32-4E79-9071-6112EE455060}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [{6BDC7595-0823-450D-B246-90610F59F8B5}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [TCP Query User{F10592A5-F603-4E2C-820C-146E3AF4244A}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{1D334044-58D8-40A6-8171-FA7A85505F92}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{5C24DAE7-542C-4D56-B1A4-78BB24E21C26}C:\program files\limewire\limewire.exe] => (Allow) C:\program files\limewire\limewire.exe
FirewallRules: [UDP Query User{725C063C-259C-4DC9-B60C-A56B6230D1FF}C:\program files\limewire\limewire.exe] => (Allow) C:\program files\limewire\limewire.exe
FirewallRules: [{390E7292-8F7E-443E-8784-B7F50965A7B1}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{A8123CDB-6339-4EDC-B3BE-4B0AB039EA18}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{7D48202A-539A-4356-A2FE-88E5F9372552}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{3947B629-6FBA-4962-8A79-545551BA0E0E}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{ABA9C176-A253-44C7-8ED1-33F62868C50B}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{AA4C98B2-CBED-4F05-BD2A-9B1555A857B1}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [{FB6B0841-AEE2-4FC5-AF28-34DA925E84AC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4C76D121-C306-41BD-A695-84DCCFF0828A}] => (Allow) svchost.exe
FirewallRules: [{A619DE9B-E9A6-4B30-BFF3-E5BC3B852692}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{EF7CD1E1-272B-4F16-BBBD-B26D7FE38820}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A43D41CC-946D-4BF5-9DEE-9B49A12FF698}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{396CE697-5AD3-422F-8E81-719CE1A61410}] => (Allow) LPort=2869
FirewallRules: [{BD673127-28AE-4D20-A67C-D13822D08483}] => (Allow) LPort=1900
FirewallRules: [{F5A2B141-767C-46A3-A4A6-13B3784D26B4}] => (Allow) LPort=80
FirewallRules: [{37753C3E-74FE-46F9-892F-61305A197DAD}] => (Allow) LPort=80
FirewallRules: [{F6688556-B806-4927-9655-8396D02B81D1}] => (Allow) LPort=80
FirewallRules: [{E4D2FBD9-ED9A-4925-9CDE-3BE742D85E47}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{58DCA8E1-C0CF-45B1-9030-C7D2468851DF}] => (Allow) C:\Users\Allen\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{DA23D471-DD9A-49CD-977A-19F9E4072849}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{9D8F25DF-6FF0-4F70-863B-35223BF19B2F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe] => Enabled:eDSfsu
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe] => Enabled:encryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe] => Enabled:decryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe] => Enabled:eDSMgr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe] => Enabled:eDStbmngr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe] => Enabled:eDSfsu
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe] => Enabled:encryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe] => Enabled:decryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe] => Enabled:eDSMgr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe] => Enabled:eDStbmngr

==================== Restore Points =========================

19-01-2006 03:01:07 Windows Update
03-06-2016 19:43:44 Windows Update
03-06-2016 20:17:28 Windows Update
06-06-2016 19:25:06 Scheduled Checkpoint
08-06-2016 21:19:54 Windows Update
11-06-2016 09:51:56 Scheduled Checkpoint
15-06-2016 18:32:32 Windows Update
27-06-2016 21:43:22 Windows Update
27-06-2016 22:41:55 Windows Update
28-06-2016 20:54:50 Scheduled Checkpoint
03-07-2016 19:36:27 Windows Update
03-07-2016 20:45:54 Windows Update
05-07-2016 20:26:15 Scheduled Checkpoint
11-07-2016 23:05:29 Windows Update
12-07-2016 00:22:39 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Broadcom NetLink ™ Gigabit Ethernet
Description: Broadcom NetLink ™ Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2016 08:17:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16800 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 444
Start Time: 01d23f9e8cb20b68
Termination Time: 16

Error: (10/18/2016 08:50:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0000e217,
process id 0x15ec, application start time 0x01d2293e09d922b0.

Error: (10/18/2016 08:49:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x000101be,
process id 0x10f8, application start time 0x01d2293dc3487fd0.

Error: (10/18/2016 08:47:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module ntdll.dll, version 6.0.6002.19623, time stamp 0x56ec3707, exception code 0xc0000005, fault offset 0x000666c9,
process id 0xa30, application start time 0x01d2293da954e230.

Error: (10/18/2016 08:46:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0000e197,
process id 0x13b4, application start time 0x01d2293d8ebd05b0.

Error: (10/18/2016 08:45:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0000e197,
process id 0xdc8, application start time 0x01d2293d695bee30.

Error: (10/18/2016 08:44:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0001c3c5,
process id 0xb0c, application start time 0x01d2293d4e627950.

Error: (10/18/2016 08:44:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0001e0a0,
process id 0x142c, application start time 0x01d2293c6be303b0.

Error: (10/17/2016 08:08:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module ntdll.dll, version 6.0.6002.19623, time stamp 0x56ec3707, exception code 0xc0000005, fault offset 0x000666c9,
process id 0x1c8, application start time 0x01c61d4ca4482f80.

Error: (01/19/2006 07:00:19 PM) (Source: Google Update) (EventID: 20) (User: Allen-PC)
Description: Event-ID 20

System errors:
=============
Error: (11/15/2016 08:15:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/15/2016 08:14:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D215781D-019E-4FA0-903D-0CDCDE13A4F5}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2016 08:21:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/10/2016 08:21:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D215781D-019E-4FA0-903D-0CDCDE13A4F5}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2016 08:18:57 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.231.1506.0

 Update Source: Microsoft Update Server

 Update Stage: Search

 Source Path: http://www.microsoft.com

 Signature Type: AntiVirus

 Update Type: Full

 User: NT AUTHORITY\SYSTEM

 Current Engine Version:

 Previous Engine Version: 1.1.13202.0

 Error code: 0x8024001e

 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (11/10/2016 08:05:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/10/2016 08:05:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D215781D-019E-4FA0-903D-0CDCDE13A4F5}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2016 08:30:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

Error: (11/09/2016 07:06:32 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.2.14 on the Network Card with network address 0017C422D0E2.

Error: (10/17/2016 09:47:27 AM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.2.14 on the Network Card with network address 0017C422D0E2.

CodeIntegrity:
===================================
  Date: 2016-11-15 21:04:01.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:59.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:58.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:56.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:54.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:53.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:51.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:50.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:48.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:46.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 67%
Total physical RAM: 3061.68 MB
Available physical RAM: 992.63 MB
Total Virtual: 7079.78 MB
Available Virtual: 4593.35 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:232.88 GB) (Free:158.58 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 059CAD89)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

FRST says MSE is enabled (which suggests that it is running) but that it hasn't been updated. Have you tried going to the MSE console, clicking on the Update tab and updating the definitions?
 

The recommendation i was referring to was : MSE


Yes but I am wondering why you said I had recommended it? Not that I don't think it is a sound AV. Far from it, it's simple to use and I do think it especially suits the less sophisticated user.

Moving on

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 


  • 0

#10
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Fix result of Farbar Recovery Scan Tool (x86) Version: 16-11-2016 01
Ran by Allen (17-11-2016 10:09:57) Run:1
Running from C:\Users\Allen\Desktop
Loaded Profiles: Allen (Available Profiles: Allen)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5231647 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 47105917 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 65960 B
LocalService => 0 B
NetworkService => 232624673 B
Allen => 66612271 B

RecycleBin => 0 B
EmptyTemp: => 343.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 10:10:36 ====

 

I was recommended the aV by another member of G2G a while ago, since im just a less sophisticated user, lol so sorry for quoting that it was recommended by you. It was an oversight. I tried running the software by clickiing the update tab but it wouldnt work. it hangs, i will try again after this message.


  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

I tried running the software by clickiing the update tab but it wouldnt work. it hangs, i will try again after this message.


When I look at the FRST log I do see some old components of MSE still there. That might be the problem. They should have gone with an uninstall but it seems they did not.
 
Things you can try:
 
I know you have already done these but sometimes it works second time around.
  • Check the date and time again: Right click the clock in the system tray. Select Adjust
    Date and Time.
    Verify and correct the month, day, year, hour, minutes and time zone.
    Reboot if you changed any of the above.
  • Uninstall MSE and download and install again.
After that if you still can't update, run another scan with FRST and post the results back here.
  • 0

#12
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

I tried the above, still not updating. Dates and timings are good.

 

here is the results

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2016
Ran by Allen (administrator) on ALLEN-PC (18-11-2016 10:56:33)
Running from C:\Users\Allen\Desktop
Loaded Profiles: Allen (Available Profiles: Allen)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Bison Inc.) C:\Windows\BR040286.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Facebook Inc.) C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Realtek Semiconductor Corp.) C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [BisonInst0402] => C:\Windows\BR040286.exe [53248 2007-05-08] (Bison Inc.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [81920 2008-01-22] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-07] (Dritek System Inc.)
HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [Acer Product Registration] => C:\Program Files\Acer\Acer Registration\ACE1.exe [3387392 2007-11-26] (Leader Technologies)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2008-05-02] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-04-17] (Google Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Google Update] => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Logitech Vid HD] => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Facebook Update] => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-06] (Facebook Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1721192 2011-03-30] (Hewlett-Packard Co.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27020416 2016-10-09] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-01-03] (Egis Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2008-03-26]
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2008-10-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk [2016-11-18]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{39C7CE13-FD2A-4C69-A839-A7F82396DA33}: [DhcpNameServer] 192.168.2.1 142.166.166.166

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.ca.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
SearchScopes: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> {E6F8E096-4836-47C0-8883-6A99317FB847} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03] (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files\TurboTax 2014\ic2014pp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Allen\AppData\Roaming\TomTom\HOME\Profiles\n73ldfb0.default [2014-11-24]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-06-05] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @talk.google.com/O1DPlugin -> C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Allen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Allen\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [829096 2007-10-29] (Bison Electronics. Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-26] (NewTech Infosystems, Inc.) [File not signed]
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
U0 Sr; no ImagePath
U2 SrService; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-18 10:56 - 2016-11-18 10:58 - 00044867 _____ C:\Users\Allen\Desktop\FRST.txt
2016-11-18 10:51 - 2016-11-18 10:51 - 00001830 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-18 10:51 - 2016-11-18 10:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-18 10:48 - 2016-11-18 10:52 - 00000000 ____D C:\a2289cf9ca804e2270dd6e
2016-11-18 10:48 - 2016-11-18 10:48 - 11640664 _____ (Microsoft Corporation) C:\Users\Allen\Desktop\mseinstall.exe
2016-11-18 10:44 - 2016-11-18 10:44 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2016-11-18 10:31 - 2016-11-18 10:31 - 00000000 ____D C:\Users\Allen\AppData\Local\{9B73FD05-BAE5-4287-994D-520539A9AE49}
2016-11-17 10:09 - 2016-11-18 10:55 - 00000000 ____D C:\Users\Allen\Desktop\FRST-OlderVersion
2016-11-17 10:09 - 2016-11-17 10:10 - 00002856 _____ C:\Users\Allen\Desktop\Fixlog.txt
2016-11-16 11:13 - 2016-11-16 11:15 - 00048329 _____ C:\Users\Allen\Desktop\Addition.txt
2016-11-16 11:12 - 2016-11-18 10:56 - 00000000 ____D C:\FRST
2016-11-16 11:10 - 2016-11-18 10:55 - 01761280 _____ (Farbar) C:\Users\Allen\Desktop\FRST.exe
2016-11-10 20:11 - 2016-11-10 20:11 - 00000000 ____D C:\Users\Allen\AppData\Local\{15DD86F3-D13B-4F72-B007-CAF4F21F6DD7}
2016-10-20 07:39 - 2016-10-20 07:39 - 00000000 ____D C:\Users\Allen\AppData\Local\{B2DB9628-F0D9-40CB-A7BB-591FB7841E42}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-18 10:53 - 2008-03-26 04:16 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-18 10:52 - 2012-03-10 07:39 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-18 10:51 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-11-18 10:51 - 2006-11-02 06:33 - 00860232 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-18 10:46 - 2010-07-11 22:22 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Skype
2016-11-18 10:45 - 2009-04-19 20:49 - 00000000 ____D C:\Users\Allen\Tracing
2016-11-18 10:44 - 2015-04-25 10:48 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-18 10:44 - 2012-10-06 12:39 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
2016-11-18 10:43 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-18 10:43 - 2006-11-02 08:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-18 10:43 - 2006-11-02 08:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-18 10:42 - 2006-11-02 09:01 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-18 10:38 - 2016-06-01 23:06 - 00000000 ____D C:\Users\Allen\AppData\LocalLow\Adblock Plus for IE
2016-11-18 10:29 - 2015-06-02 14:17 - 00000402 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-11-18 10:20 - 2015-04-25 10:48 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-18 10:20 - 2009-06-30 15:23 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
2016-11-18 10:01 - 2014-09-24 13:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-18 08:38 - 2010-08-30 12:51 - 00485888 _____ C:\Users\Allen\Desktop\Logbook.xls
2016-11-18 08:35 - 2008-10-27 03:35 - 00002605 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2016-11-18 08:34 - 2008-10-27 03:35 - 00002607 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2016-11-18 08:33 - 2016-07-18 18:12 - 00000000 ____D C:\Users\Allen\Desktop\Multi pic log
2016-11-17 18:20 - 2009-06-30 15:23 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
2016-11-17 13:44 - 2012-10-06 12:39 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
2016-11-15 20:49 - 2016-05-04 13:05 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-10 21:13 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-11-08 22:01 - 2014-09-24 13:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 22:01 - 2014-09-24 13:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-27 17:37 - 2009-10-02 15:27 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-21 20:41 - 2012-07-14 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2011-04-10 14:23 - 2011-04-10 14:23 - 0000052 _____ () C:\Users\Allen\AppData\Roaming\G1000Trainer_preferences.xml
2011-04-10 14:23 - 2011-06-19 21:14 - 0006733 _____ () C:\Users\Allen\AppData\Roaming\G1000Trainer_student_record.xml
2014-12-10 15:26 - 2014-12-10 15:26 - 0000052 _____ () C:\Users\Allen\AppData\Roaming\pdfcompressor.ini
2008-11-13 01:28 - 2008-11-13 01:28 - 0024206 _____ () C:\Users\Allen\AppData\Roaming\UserTile.png
2012-02-19 19:43 - 2012-03-16 17:36 - 0000680 _____ () C:\Users\Allen\AppData\Local\d3d9caps.dat
2010-07-21 01:59 - 2016-08-27 19:27 - 0062464 _____ () C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 11:28 - 2015-06-02 11:28 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-07-11 22:23 - 2010-07-11 22:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-18 10:51

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2016
Ran by Allen (18-11-2016 10:59:19)
Running from C:\Users\Allen\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2008-09-17 20:14:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-534116950-1332898044-2559044525-500 - Administrator - Disabled)
Allen (S-1-5-21-534116950-1332898044-2559044525-1003 - Administrator - Enabled) => C:\Users\Allen
ASPNET (S-1-5-21-534116950-1332898044-2559044525-1005 - Limited - Enabled)
Guest (S-1-5-21-534116950-1332898044-2559044525-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Crystal Eye (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.13d - Acer Crystal Eye)
Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.20 - Acer Crystal Eye Webcam)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 2.11.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adblock Plus for IE (32-bit) (HKLM\...\{E93152F1-E3AE-4B2A-9BAC-F770203F67E5}) (Version: 1.5 - Eyeo GmbH)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON NX100 Series Printer Uninstall (HKLM\...\EPSON NX100 Series) (Version:  - SEIKO EPSON Corporation)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.2.183.13 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{AB2228C5-EA86-44E1-AFF6-58B9CC260CE3}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{C40DCEE3-A564-4692-B1D5-DA1F252BA3BC}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version:  - )
HP Photo Creations (HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\HP Photo Creations) (Version: 1.0.0.18332 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MrvlUsgTracking (HKLM\...\{02C85EC5-E864-4847-AF55-42730861004C}) (Version: 1.0.0 - Marvell)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.37 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.37 - NewTech Infosystems) Hidden
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3730a.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.101 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahoo! Extras (HKLM\...\Yahoo! Customizations) (Version:  - )
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Internet Mail) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Allen\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1340E10F-6A32-40A5-AB16-57CC12318002} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {18176CC6-1A9D-47F1-A26B-13910E7F909E} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30] (Hewlett-Packard Co.)
Task: {1A4242C0-60C1-4610-A9FE-9D7141CE1931} - System32\Tasks\{99258A10-6B3B-429F-8C29-27D864D109A3} => C:\Program Files\Skype\Phone\Skype.exe [2016-10-09] (Skype Technologies S.A.)
Task: {26597DBB-F5CA-4CAA-B86E-BC0A98609B82} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Allen\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-05-13] ()
Task: {2FA7A48B-76EB-49C5-857F-1258373A5860} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3CF60298-04EC-49DC-BDF6-2B76712045AB} - System32\Tasks\{DF166A33-0B21-42D0-9A6C-D6935E90AB73} => pcalua.exe -a C:\PROGRA~1\SOFTON~1\UNWISE.EXE -c C:\PROGRA~1\SOFTON~1\INSTALL.LOG
Task: {499D5A06-9F22-447F-BCE9-4946F822C169} - System32\Tasks\{5CAFF5CB-CA6E-4A8F-9E7A-D47D6B66AE7E} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLFL9HM6\SetupFSCopilot16[1].exe" -d C:\Users\Allen
Task: {58AE6357-C600-41C8-A2E0-0B4DF5811076} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-06] (Facebook Inc.)
Task: {645EA812-B73C-4E18-9181-34DB80502938} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {6AF0F6F3-A64E-4D6E-BFF1-D03992F2E9F9} - System32\Tasks\{858EA598-D309-4606-BEBC-70EF9403C894} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07L2HA66\SetupFSInn13B2_3[2].exe" -d C:\Users\Allen
Task: {714E4DED-E175-4C9D-831E-E337DC543BFC} - System32\Tasks\{D8721F9D-7F92-4077-B56D-66C255E56643} => pcalua.exe -a "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" -c REMOVE=TRUE MODIFY=FALSE
Task: {7DC317EB-164C-41F4-9D21-72EFD94806A7} - System32\Tasks\{6E5A1472-C989-48BA-8778-96025461C0AC} => pcalua.exe -a C:\Users\Allen\Desktop\VirtumundoBeGone.exe -d C:\Users\Allen\Desktop
Task: {89192796-C51B-456B-A050-D5E3C45A5D6D} - System32\Tasks\{D5FE861A-C79C-4D59-A538-F3923F67D2A2} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZVZEMVG\SetupFSInn12[1].exe" -d C:\Users\Allen
Task: {BE22A2C9-84B7-40C2-80DB-4EE9515DCD3D} - System32\Tasks\{D785B799-7774-474C-96E6-0D20036729B1} => pcalua.exe -a "C:\Program Files\Fs2002 And Fs2004 Easy Installer Utility!\eesi.exe" -d "C:\Program Files\Fs2002 And Fs2004 Easy Installer Utility!"
Task: {C1EB9403-15B9-4A46-9032-A5525EF30E5F} - System32\Tasks\{F6F3960B-7566-4264-9DD1-908FEFD7C1D5} => pcalua.exe -a "C:\Program Files\FSFDT\uninstallFSCopilot.exe"
Task: {C261008A-2895-44B6-8146-9400682854F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {C4DF8714-3D5B-4F78-AD03-1D5BCFEAFECD} - System32\Tasks\{262F4346-CCEC-4F15-B1D1-AB3419B87696} => pcalua.exe -a D:\setuppls.exe -d D:\ -c /AUTORUN
Task: {C9306C47-F213-4E0D-AE44-D5DBECC04F9C} - System32\Tasks\{88C44967-8EF0-4D52-9323-80C4B50F3543} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O7KXWM6P\wmp11-windowsxp-x86-enu[1].exe" -d C:\Windows\system32
Task: {CE16C034-B03F-4132-8CD6-063422115D25} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {D0F03E06-D15C-45B5-86C8-A93F58BBF3EC} - System32\Tasks\Microsoft\Windows\RestartManager\{9388B6A3-309E-4d7f-B8A8-B87168832CB9} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {DBAB3616-414F-42C3-BD2F-79AC04CD09E3} - System32\Tasks\PDVDServ.EXE_1322400303 => C:\Program Files\CyberLink\PowerDVD\PDVDServ.EXE [2008-01-22] (Cyberlink Corp.)
Task: {F8E07DE8-CE5F-4FDC-951D-69BA2E61FBAC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FA8D32A9-622D-4C18-95C5-09B4106AD01C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-06] (Facebook Inc.)
Task: {FCFA6D6A-FA88-4452-98C5-BFF7A63332CF} - System32\Tasks\{F39A87A9-2776-4442-96B8-82EFD761788E} => pcalua.exe -a "C:\Program Files\Microsoft Games\FS2002\FSUNINSTALL.EXE" -c /runtemp /addremove

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Allen\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{81269CAB-AB40-4890-B356-37C309F68D20}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

ShortcutWithArgument: C:\Users\Allen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=ca&.redir=ymmapi10
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=ca&.redir=ymmapi11

==================== Loaded Modules (Whitelisted) ==============

2008-09-17 16:27 - 2007-11-27 21:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-09-17 16:27 - 2007-11-27 18:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2011-03-30 17:19 - 2011-03-30 17:19 - 01841000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2008-09-17 16:26 - 2007-12-19 21:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-09-17 16:26 - 2007-12-19 21:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
2008-09-17 16:26 - 2007-12-19 21:09 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
2008-09-17 16:21 - 2007-09-20 17:01 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2008-05-02 00:15 - 2008-05-02 00:15 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2008-01-03 05:00 - 2008-01-03 05:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-09-17 17:08 - 2003-06-07 17:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2008-05-02 00:15 - 2008-05-02 00:15 - 00015872 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2008-03-26 04:23 - 2008-01-09 21:43 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2008-03-26 04:23 - 2008-01-09 21:42 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2008-09-17 16:22 - 2007-09-11 12:59 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2008-09-17 16:25 - 2007-12-20 16:58 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2008-09-17 16:26 - 2007-12-19 21:09 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2008-09-17 16:23 - 2007-12-20 14:33 - 00249856 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2012-03-22 08:06 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{C9EF5EDA-50C2-4BE3-97E4-588F170D901D}] => (Allow) C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{E01BE071-B00A-491D-BB6A-556CA52ABD35}] => (Allow) C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE
FirewallRules: [{47620D60-F3FA-4BF0-A495-1D203C176DA8}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{74D7467A-EEFF-44B9-A907-702E9A129F00}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{48617D48-7F68-434D-8342-547FE235771E}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{C9E71106-7B3B-4CFD-8DA6-D011E8B77B56}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [TCP Query User{C17E2344-6137-465B-AAD7-44082193412C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{BE179C4E-9D59-4E72-AC3B-3B90A91F09D7}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{F2DDA02E-CD32-4E79-9071-6112EE455060}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [{6BDC7595-0823-450D-B246-90610F59F8B5}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [TCP Query User{F10592A5-F603-4E2C-820C-146E3AF4244A}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{1D334044-58D8-40A6-8171-FA7A85505F92}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{5C24DAE7-542C-4D56-B1A4-78BB24E21C26}C:\program files\limewire\limewire.exe] => (Allow) C:\program files\limewire\limewire.exe
FirewallRules: [UDP Query User{725C063C-259C-4DC9-B60C-A56B6230D1FF}C:\program files\limewire\limewire.exe] => (Allow) C:\program files\limewire\limewire.exe
FirewallRules: [{390E7292-8F7E-443E-8784-B7F50965A7B1}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{A8123CDB-6339-4EDC-B3BE-4B0AB039EA18}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{7D48202A-539A-4356-A2FE-88E5F9372552}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{3947B629-6FBA-4962-8A79-545551BA0E0E}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{ABA9C176-A253-44C7-8ED1-33F62868C50B}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{AA4C98B2-CBED-4F05-BD2A-9B1555A857B1}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [{FB6B0841-AEE2-4FC5-AF28-34DA925E84AC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4C76D121-C306-41BD-A695-84DCCFF0828A}] => (Allow) svchost.exe
FirewallRules: [{A619DE9B-E9A6-4B30-BFF3-E5BC3B852692}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{EF7CD1E1-272B-4F16-BBBD-B26D7FE38820}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A43D41CC-946D-4BF5-9DEE-9B49A12FF698}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{396CE697-5AD3-422F-8E81-719CE1A61410}] => (Allow) LPort=2869
FirewallRules: [{BD673127-28AE-4D20-A67C-D13822D08483}] => (Allow) LPort=1900
FirewallRules: [{F5A2B141-767C-46A3-A4A6-13B3784D26B4}] => (Allow) LPort=80
FirewallRules: [{37753C3E-74FE-46F9-892F-61305A197DAD}] => (Allow) LPort=80
FirewallRules: [{F6688556-B806-4927-9655-8396D02B81D1}] => (Allow) LPort=80
FirewallRules: [{E4D2FBD9-ED9A-4925-9CDE-3BE742D85E47}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{58DCA8E1-C0CF-45B1-9030-C7D2468851DF}] => (Allow) C:\Users\Allen\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{DA23D471-DD9A-49CD-977A-19F9E4072849}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{9D8F25DF-6FF0-4F70-863B-35223BF19B2F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe] => Enabled:eDSfsu
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe] => Enabled:encryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe] => Enabled:decryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe] => Enabled:eDSMgr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe] => Enabled:eDStbmngr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe] => Enabled:eDSfsu
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe] => Enabled:encryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe] => Enabled:decryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe] => Enabled:eDSMgr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe] => Enabled:eDStbmngr

==================== Restore Points =========================

19-01-2006 03:01:07 Windows Update
03-06-2016 19:43:44 Windows Update
03-06-2016 20:17:28 Windows Update
06-06-2016 19:25:06 Scheduled Checkpoint
08-06-2016 21:19:54 Windows Update
11-06-2016 09:51:56 Scheduled Checkpoint
15-06-2016 18:32:32 Windows Update
27-06-2016 21:43:22 Windows Update
27-06-2016 22:41:55 Windows Update
28-06-2016 20:54:50 Scheduled Checkpoint
03-07-2016 19:36:27 Windows Update
03-07-2016 20:45:54 Windows Update
05-07-2016 20:26:15 Scheduled Checkpoint
11-07-2016 23:05:29 Windows Update
12-07-2016 00:22:39 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Broadcom NetLink ™ Gigabit Ethernet
Description: Broadcom NetLink ™ Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2016 08:17:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16800 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 444
Start Time: 01d23f9e8cb20b68
Termination Time: 16

Error: (10/18/2016 08:50:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0000e217,
process id 0x15ec, application start time 0x01d2293e09d922b0.

Error: (10/18/2016 08:49:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x000101be,
process id 0x10f8, application start time 0x01d2293dc3487fd0.

Error: (10/18/2016 08:47:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module ntdll.dll, version 6.0.6002.19623, time stamp 0x56ec3707, exception code 0xc0000005, fault offset 0x000666c9,
process id 0xa30, application start time 0x01d2293da954e230.

Error: (10/18/2016 08:46:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0000e197,
process id 0x13b4, application start time 0x01d2293d8ebd05b0.

Error: (10/18/2016 08:45:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0000e197,
process id 0xdc8, application start time 0x01d2293d695bee30.

Error: (10/18/2016 08:44:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0001c3c5,
process id 0xb0c, application start time 0x01d2293d4e627950.

Error: (10/18/2016 08:44:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0001e0a0,
process id 0x142c, application start time 0x01d2293c6be303b0.

Error: (10/17/2016 08:08:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module ntdll.dll, version 6.0.6002.19623, time stamp 0x56ec3707, exception code 0xc0000005, fault offset 0x000666c9,
process id 0x1c8, application start time 0x01c61d4ca4482f80.

Error: (01/19/2006 07:00:19 PM) (Source: Google Update) (EventID: 20) (User: Allen-PC)
Description: Event-ID 20

System errors:
=============
Error: (11/18/2016 10:43:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/18/2016 10:43:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D215781D-019E-4FA0-903D-0CDCDE13A4F5}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/18/2016 10:29:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/18/2016 10:29:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D215781D-019E-4FA0-903D-0CDCDE13A4F5}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/17/2016 10:28:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version:

 Update Source: User

 Update Stage: Install

 Source Path:

 Signature Type:

 Update Type:

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version:

 Previous Engine Version:

 Error code: 0x80070652

 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (11/17/2016 10:28:13 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 0.0.0.0

 Update Source: Microsoft Malware Protection Center

 Update Stage: Install

 Source Path: http://go.microsoft....5D-99752CCA7094

 Signature Type: AntiSpyware

 Update Type: Full

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version:

 Previous Engine Version: 0.0.0.0

 Error code: 0x80070652

 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (11/17/2016 10:28:13 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 0.0.0.0

 Update Source: Microsoft Malware Protection Center

 Update Stage: Install

 Source Path: http://go.microsoft....5D-99752CCA7094

 Signature Type: AntiVirus

 Update Type: Full

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version:

 Previous Engine Version: 0.0.0.0

 Error code: 0x80070652

 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (11/17/2016 10:28:10 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version:

 Update Source: User

 Update Stage: Install

 Source Path:

 Signature Type:

 Update Type:

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version:

 Previous Engine Version:

 Error code: 0x80070652

 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (11/17/2016 10:15:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (11/17/2016 10:12:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================
  Date: 2016-11-15 21:04:01.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:59.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:58.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:56.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:54.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:53.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:51.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:50.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:48.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:46.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 79%
Total physical RAM: 3061.68 MB
Available physical RAM: 634.03 MB
Total Virtual: 7085.75 MB
Available Virtual: 4436.06 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:232.88 GB) (Free:158.55 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 059CAD89)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Okay, I am still seeing the old MSE registry entry.

 

Let's try uninstalling MSE again, running a FRST scan and then removing any the old registry entry. After that you can download a fresh version and reinstall.

 

So, please uninstall MSE and run a fresh FRST scan. Post the log back here. I will prepare a fix to remove the entry for you. In the meantime, do not use the internet except to post here. :)


  • 0

#14
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2016
Ran by Allen (administrator) on ALLEN-PC (19-11-2016 08:47:27)
Running from C:\Users\Allen\Desktop
Loaded Profiles: Allen (Available Profiles: Allen)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Bison Inc.) C:\Windows\BR040286.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Realtek Semiconductor Corp.) C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [BisonInst0402] => C:\Windows\BR040286.exe [53248 2007-05-08] (Bison Inc.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [81920 2008-01-22] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-07] (Dritek System Inc.)
HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [Acer Product Registration] => C:\Program Files\Acer\Acer Registration\ACE1.exe [3387392 2007-11-26] (Leader Technologies)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2008-05-02] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-04-17] (Google Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Google Update] => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Logitech Vid HD] => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Facebook Update] => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-06] (Facebook Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1721192 2011-03-30] (Hewlett-Packard Co.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27020416 2016-10-09] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-01-03] (Egis Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2008-03-26]
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2008-10-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk [2016-11-19]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{39C7CE13-FD2A-4C69-A839-A7F82396DA33}: [DhcpNameServer] 192.168.2.1 142.166.166.166

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.ca.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
SearchScopes: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> {E6F8E096-4836-47C0-8883-6A99317FB847} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03] (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files\TurboTax 2014\ic2014pp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Allen\AppData\Roaming\TomTom\HOME\Profiles\n73ldfb0.default [2014-11-24]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-06-05] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @talk.google.com/O1DPlugin -> C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Allen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Allen\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [829096 2007-10-29] (Bison Electronics. Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-26] (NewTech Infosystems, Inc.) [File not signed]
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
U0 Sr; no ImagePath
U2 SrService; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-19 08:46 - 2016-11-19 08:46 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2016-11-18 10:56 - 2016-11-19 08:49 - 00043911 _____ C:\Users\Allen\Desktop\FRST.txt
2016-11-18 10:31 - 2016-11-18 10:31 - 00000000 ____D C:\Users\Allen\AppData\Local\{9B73FD05-BAE5-4287-994D-520539A9AE49}
2016-11-17 10:09 - 2016-11-19 08:40 - 00000000 ____D C:\Users\Allen\Desktop\FRST-OlderVersion
2016-11-17 10:09 - 2016-11-17 10:10 - 00002856 _____ C:\Users\Allen\Desktop\Fixlog.txt
2016-11-16 11:13 - 2016-11-19 08:41 - 00049633 _____ C:\Users\Allen\Desktop\Addition.txt
2016-11-16 11:12 - 2016-11-19 08:47 - 00000000 ____D C:\FRST
2016-11-16 11:10 - 2016-11-19 08:40 - 01762304 _____ (Farbar) C:\Users\Allen\Desktop\FRST.exe
2016-11-10 20:11 - 2016-11-10 20:11 - 00000000 ____D C:\Users\Allen\AppData\Local\{15DD86F3-D13B-4F72-B007-CAF4F21F6DD7}
2016-10-20 07:39 - 2016-10-20 07:39 - 00000000 ____D C:\Users\Allen\AppData\Local\{B2DB9628-F0D9-40CB-A7BB-591FB7841E42}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-19 08:48 - 2010-07-11 22:22 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Skype
2016-11-19 08:47 - 2009-04-19 20:49 - 00000000 ____D C:\Users\Allen\Tracing
2016-11-19 08:46 - 2015-04-25 10:48 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-19 08:45 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-19 08:45 - 2006-11-02 08:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-19 08:45 - 2006-11-02 08:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-19 08:44 - 2006-11-02 09:01 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-19 08:43 - 2009-06-30 15:23 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
2016-11-19 08:42 - 2012-03-10 07:39 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-19 08:40 - 2015-04-25 10:48 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-19 08:40 - 2009-06-30 15:23 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
2016-11-19 08:39 - 2015-06-02 14:17 - 00000402 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-11-19 08:39 - 2014-09-24 13:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-19 08:39 - 2012-10-06 12:39 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
2016-11-18 15:43 - 2008-03-26 04:16 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-18 15:33 - 2012-10-06 12:39 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
2016-11-18 10:51 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-11-18 10:51 - 2006-11-02 06:33 - 00860232 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-18 10:38 - 2016-06-01 23:06 - 00000000 ____D C:\Users\Allen\AppData\LocalLow\Adblock Plus for IE
2016-11-18 08:38 - 2010-08-30 12:51 - 00485888 _____ C:\Users\Allen\Desktop\Logbook.xls
2016-11-18 08:35 - 2008-10-27 03:35 - 00002605 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2016-11-18 08:34 - 2008-10-27 03:35 - 00002607 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2016-11-18 08:33 - 2016-07-18 18:12 - 00000000 ____D C:\Users\Allen\Desktop\Multi pic log
2016-11-15 20:49 - 2016-05-04 13:05 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-10 21:13 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-11-08 22:01 - 2014-09-24 13:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 22:01 - 2014-09-24 13:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-27 17:37 - 2009-10-02 15:27 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-21 20:41 - 2012-07-14 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2011-04-10 14:23 - 2011-04-10 14:23 - 0000052 _____ () C:\Users\Allen\AppData\Roaming\G1000Trainer_preferences.xml
2011-04-10 14:23 - 2011-06-19 21:14 - 0006733 _____ () C:\Users\Allen\AppData\Roaming\G1000Trainer_student_record.xml
2014-12-10 15:26 - 2014-12-10 15:26 - 0000052 _____ () C:\Users\Allen\AppData\Roaming\pdfcompressor.ini
2008-11-13 01:28 - 2008-11-13 01:28 - 0024206 _____ () C:\Users\Allen\AppData\Roaming\UserTile.png
2012-02-19 19:43 - 2012-03-16 17:36 - 0000680 _____ () C:\Users\Allen\AppData\Local\d3d9caps.dat
2010-07-21 01:59 - 2016-08-27 19:27 - 0062464 _____ () C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 11:28 - 2015-06-02 11:28 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-07-11 22:23 - 2010-07-11 22:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-19 08:51

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2016
Ran by Allen (19-11-2016 08:49:58)
Running from C:\Users\Allen\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2008-09-17 20:14:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-534116950-1332898044-2559044525-500 - Administrator - Disabled)
Allen (S-1-5-21-534116950-1332898044-2559044525-1003 - Administrator - Enabled) => C:\Users\Allen
ASPNET (S-1-5-21-534116950-1332898044-2559044525-1005 - Limited - Enabled)
Guest (S-1-5-21-534116950-1332898044-2559044525-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Crystal Eye (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.13d - Acer Crystal Eye)
Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.20 - Acer Crystal Eye Webcam)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 2.11.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adblock Plus for IE (32-bit) (HKLM\...\{E93152F1-E3AE-4B2A-9BAC-F770203F67E5}) (Version: 1.5 - Eyeo GmbH)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON NX100 Series Printer Uninstall (HKLM\...\EPSON NX100 Series) (Version:  - SEIKO EPSON Corporation)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.2.183.13 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{AB2228C5-EA86-44E1-AFF6-58B9CC260CE3}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{C40DCEE3-A564-4692-B1D5-DA1F252BA3BC}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version:  - )
HP Photo Creations (HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\HP Photo Creations) (Version: 1.0.0.18332 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MrvlUsgTracking (HKLM\...\{02C85EC5-E864-4847-AF55-42730861004C}) (Version: 1.0.0 - Marvell)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.37 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.37 - NewTech Infosystems) Hidden
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3730a.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.101 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahoo! Extras (HKLM\...\Yahoo! Customizations) (Version:  - )
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Internet Mail) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Allen\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1340E10F-6A32-40A5-AB16-57CC12318002} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {18176CC6-1A9D-47F1-A26B-13910E7F909E} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30] (Hewlett-Packard Co.)
Task: {1A4242C0-60C1-4610-A9FE-9D7141CE1931} - System32\Tasks\{99258A10-6B3B-429F-8C29-27D864D109A3} => C:\Program Files\Skype\Phone\Skype.exe [2016-10-09] (Skype Technologies S.A.)
Task: {26597DBB-F5CA-4CAA-B86E-BC0A98609B82} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Allen\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-05-13] ()
Task: {2FA7A48B-76EB-49C5-857F-1258373A5860} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3CF60298-04EC-49DC-BDF6-2B76712045AB} - System32\Tasks\{DF166A33-0B21-42D0-9A6C-D6935E90AB73} => pcalua.exe -a C:\PROGRA~1\SOFTON~1\UNWISE.EXE -c C:\PROGRA~1\SOFTON~1\INSTALL.LOG
Task: {499D5A06-9F22-447F-BCE9-4946F822C169} - System32\Tasks\{5CAFF5CB-CA6E-4A8F-9E7A-D47D6B66AE7E} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLFL9HM6\SetupFSCopilot16[1].exe" -d C:\Users\Allen
Task: {58AE6357-C600-41C8-A2E0-0B4DF5811076} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-06] (Facebook Inc.)
Task: {645EA812-B73C-4E18-9181-34DB80502938} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {6AF0F6F3-A64E-4D6E-BFF1-D03992F2E9F9} - System32\Tasks\{858EA598-D309-4606-BEBC-70EF9403C894} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07L2HA66\SetupFSInn13B2_3[2].exe" -d C:\Users\Allen
Task: {714E4DED-E175-4C9D-831E-E337DC543BFC} - System32\Tasks\{D8721F9D-7F92-4077-B56D-66C255E56643} => pcalua.exe -a "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" -c REMOVE=TRUE MODIFY=FALSE
Task: {7DC317EB-164C-41F4-9D21-72EFD94806A7} - System32\Tasks\{6E5A1472-C989-48BA-8778-96025461C0AC} => pcalua.exe -a C:\Users\Allen\Desktop\VirtumundoBeGone.exe -d C:\Users\Allen\Desktop
Task: {89192796-C51B-456B-A050-D5E3C45A5D6D} - System32\Tasks\{D5FE861A-C79C-4D59-A538-F3923F67D2A2} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZVZEMVG\SetupFSInn12[1].exe" -d C:\Users\Allen
Task: {BE22A2C9-84B7-40C2-80DB-4EE9515DCD3D} - System32\Tasks\{D785B799-7774-474C-96E6-0D20036729B1} => pcalua.exe -a "C:\Program Files\Fs2002 And Fs2004 Easy Installer Utility!\eesi.exe" -d "C:\Program Files\Fs2002 And Fs2004 Easy Installer Utility!"
Task: {C1EB9403-15B9-4A46-9032-A5525EF30E5F} - System32\Tasks\{F6F3960B-7566-4264-9DD1-908FEFD7C1D5} => pcalua.exe -a "C:\Program Files\FSFDT\uninstallFSCopilot.exe"
Task: {C261008A-2895-44B6-8146-9400682854F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {C4DF8714-3D5B-4F78-AD03-1D5BCFEAFECD} - System32\Tasks\{262F4346-CCEC-4F15-B1D1-AB3419B87696} => pcalua.exe -a D:\setuppls.exe -d D:\ -c /AUTORUN
Task: {C9306C47-F213-4E0D-AE44-D5DBECC04F9C} - System32\Tasks\{88C44967-8EF0-4D52-9323-80C4B50F3543} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O7KXWM6P\wmp11-windowsxp-x86-enu[1].exe" -d C:\Windows\system32
Task: {CE16C034-B03F-4132-8CD6-063422115D25} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {D0F03E06-D15C-45B5-86C8-A93F58BBF3EC} - System32\Tasks\Microsoft\Windows\RestartManager\{9388B6A3-309E-4d7f-B8A8-B87168832CB9} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {DBAB3616-414F-42C3-BD2F-79AC04CD09E3} - System32\Tasks\PDVDServ.EXE_1322400303 => C:\Program Files\CyberLink\PowerDVD\PDVDServ.EXE [2008-01-22] (Cyberlink Corp.)
Task: {F8E07DE8-CE5F-4FDC-951D-69BA2E61FBAC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FA8D32A9-622D-4C18-95C5-09B4106AD01C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-06] (Facebook Inc.)
Task: {FCFA6D6A-FA88-4452-98C5-BFF7A63332CF} - System32\Tasks\{F39A87A9-2776-4442-96B8-82EFD761788E} => pcalua.exe -a "C:\Program Files\Microsoft Games\FS2002\FSUNINSTALL.EXE" -c /runtemp /addremove

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Allen\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{81269CAB-AB40-4890-B356-37C309F68D20}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

ShortcutWithArgument: C:\Users\Allen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=ca&.redir=ymmapi10
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=ca&.redir=ymmapi11

==================== Loaded Modules (Whitelisted) ==============

2008-09-17 16:27 - 2007-11-27 21:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-09-17 16:27 - 2007-11-27 18:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2011-03-30 17:19 - 2011-03-30 17:19 - 01841000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2008-09-17 16:26 - 2007-12-19 21:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-09-17 16:26 - 2007-12-19 21:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-09-17 16:21 - 2007-09-20 17:01 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2008-05-02 00:15 - 2008-05-02 00:15 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2008-01-03 05:00 - 2008-01-03 05:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-09-17 17:08 - 2003-06-07 17:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2008-05-02 00:15 - 2008-05-02 00:15 - 00015872 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2008-03-26 04:23 - 2008-01-09 21:43 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2008-03-26 04:23 - 2008-01-09 21:42 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2008-09-17 16:22 - 2007-09-11 12:59 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2008-09-17 16:25 - 2007-12-20 16:58 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2008-09-17 16:26 - 2007-12-19 21:09 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2008-09-17 16:23 - 2007-12-20 14:33 - 00249856 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2012-03-22 08:06 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{C9EF5EDA-50C2-4BE3-97E4-588F170D901D}] => (Allow) C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{E01BE071-B00A-491D-BB6A-556CA52ABD35}] => (Allow) C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE
FirewallRules: [{47620D60-F3FA-4BF0-A495-1D203C176DA8}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{74D7467A-EEFF-44B9-A907-702E9A129F00}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{48617D48-7F68-434D-8342-547FE235771E}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{C9E71106-7B3B-4CFD-8DA6-D011E8B77B56}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [TCP Query User{C17E2344-6137-465B-AAD7-44082193412C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{BE179C4E-9D59-4E72-AC3B-3B90A91F09D7}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{F2DDA02E-CD32-4E79-9071-6112EE455060}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [{6BDC7595-0823-450D-B246-90610F59F8B5}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [TCP Query User{F10592A5-F603-4E2C-820C-146E3AF4244A}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{1D334044-58D8-40A6-8171-FA7A85505F92}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{5C24DAE7-542C-4D56-B1A4-78BB24E21C26}C:\program files\limewire\limewire.exe] => (Allow) C:\program files\limewire\limewire.exe
FirewallRules: [UDP Query User{725C063C-259C-4DC9-B60C-A56B6230D1FF}C:\program files\limewire\limewire.exe] => (Allow) C:\program files\limewire\limewire.exe
FirewallRules: [{390E7292-8F7E-443E-8784-B7F50965A7B1}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{A8123CDB-6339-4EDC-B3BE-4B0AB039EA18}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{7D48202A-539A-4356-A2FE-88E5F9372552}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{3947B629-6FBA-4962-8A79-545551BA0E0E}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{ABA9C176-A253-44C7-8ED1-33F62868C50B}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{AA4C98B2-CBED-4F05-BD2A-9B1555A857B1}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [{FB6B0841-AEE2-4FC5-AF28-34DA925E84AC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4C76D121-C306-41BD-A695-84DCCFF0828A}] => (Allow) svchost.exe
FirewallRules: [{A619DE9B-E9A6-4B30-BFF3-E5BC3B852692}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{EF7CD1E1-272B-4F16-BBBD-B26D7FE38820}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A43D41CC-946D-4BF5-9DEE-9B49A12FF698}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{396CE697-5AD3-422F-8E81-719CE1A61410}] => (Allow) LPort=2869
FirewallRules: [{BD673127-28AE-4D20-A67C-D13822D08483}] => (Allow) LPort=1900
FirewallRules: [{F5A2B141-767C-46A3-A4A6-13B3784D26B4}] => (Allow) LPort=80
FirewallRules: [{37753C3E-74FE-46F9-892F-61305A197DAD}] => (Allow) LPort=80
FirewallRules: [{F6688556-B806-4927-9655-8396D02B81D1}] => (Allow) LPort=80
FirewallRules: [{E4D2FBD9-ED9A-4925-9CDE-3BE742D85E47}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{58DCA8E1-C0CF-45B1-9030-C7D2468851DF}] => (Allow) C:\Users\Allen\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{DA23D471-DD9A-49CD-977A-19F9E4072849}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{9D8F25DF-6FF0-4F70-863B-35223BF19B2F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe] => Enabled:eDSfsu
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe] => Enabled:encryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe] => Enabled:decryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe] => Enabled:eDSMgr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe] => Enabled:eDStbmngr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe] => Enabled:eDSfsu
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe] => Enabled:encryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe] => Enabled:decryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe] => Enabled:eDSMgr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe] => Enabled:eDStbmngr

==================== Restore Points =========================

19-01-2006 03:01:07 Windows Update
03-06-2016 19:43:44 Windows Update
03-06-2016 20:17:28 Windows Update
06-06-2016 19:25:06 Scheduled Checkpoint
08-06-2016 21:19:54 Windows Update
11-06-2016 09:51:56 Scheduled Checkpoint
15-06-2016 18:32:32 Windows Update
27-06-2016 21:43:22 Windows Update
27-06-2016 22:41:55 Windows Update
28-06-2016 20:54:50 Scheduled Checkpoint
03-07-2016 19:36:27 Windows Update
03-07-2016 20:45:54 Windows Update
05-07-2016 20:26:15 Scheduled Checkpoint
11-07-2016 23:05:29 Windows Update
12-07-2016 00:22:39 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Broadcom NetLink ™ Gigabit Ethernet
Description: Broadcom NetLink ™ Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2016 08:17:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16800 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 444
Start Time: 01d23f9e8cb20b68
Termination Time: 16

Error: (10/18/2016 08:50:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0000e217,
process id 0x15ec, application start time 0x01d2293e09d922b0.

Error: (10/18/2016 08:49:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x000101be,
process id 0x10f8, application start time 0x01d2293dc3487fd0.

Error: (10/18/2016 08:47:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module ntdll.dll, version 6.0.6002.19623, time stamp 0x56ec3707, exception code 0xc0000005, fault offset 0x000666c9,
process id 0xa30, application start time 0x01d2293da954e230.

Error: (10/18/2016 08:46:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0000e197,
process id 0x13b4, application start time 0x01d2293d8ebd05b0.

Error: (10/18/2016 08:45:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0000e197,
process id 0xdc8, application start time 0x01d2293d695bee30.

Error: (10/18/2016 08:44:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0001c3c5,
process id 0xb0c, application start time 0x01d2293d4e627950.

Error: (10/18/2016 08:44:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module AdblockPlus32.dll, version 1.5.0.0, time stamp 0x56017e35, exception code 0xc0000005, fault offset 0x0001e0a0,
process id 0x142c, application start time 0x01d2293c6be303b0.

Error: (10/17/2016 08:08:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module ntdll.dll, version 6.0.6002.19623, time stamp 0x56ec3707, exception code 0xc0000005, fault offset 0x000666c9,
process id 0x1c8, application start time 0x01c61d4ca4482f80.

Error: (01/19/2006 07:00:19 PM) (Source: Google Update) (EventID: 20) (User: Allen-PC)
Description: Event-ID 20

System errors:
=============
Error: (11/19/2016 08:45:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/19/2016 08:45:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D215781D-019E-4FA0-903D-0CDCDE13A4F5}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/18/2016 10:43:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/18/2016 10:43:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D215781D-019E-4FA0-903D-0CDCDE13A4F5}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/18/2016 10:29:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/18/2016 10:29:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D215781D-019E-4FA0-903D-0CDCDE13A4F5}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/17/2016 10:28:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (11/17/2016 10:28:13 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (11/17/2016 10:28:13 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (11/17/2016 10:28:10 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Event-ID 2001

CodeIntegrity:
===================================
  Date: 2016-11-15 21:04:01.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:59.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:58.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:56.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:54.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:53.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:51.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:50.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:48.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:46.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 66%
Total physical RAM: 3061.68 MB
Available physical RAM: 1011.04 MB
Total Virtual: 7077.75 MB
Available Virtual: 4853.27 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:232.88 GB) (Free:158.58 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 059CAD89)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

im downloading MSE now


  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Hello puthu,

Hmm... not showing in that scan.

 

Let's do this:

Please run (FRST) Farbar Recovery Scan Tool

Type or copy and paste the following in the edit box after "Search:".

Microsoft Security Client

Click Search Registy button and post the log (SearchReg.txt) it makes to your reply.

After that

Please run (FRST) Farbar Recovery Scan Tool

Type or copy and paste the following in the edit box after "Search:".

msseces.exe;MpEvMsg.dll;MsMpRes.dll

Click Search button and post the log (Search.txt) it makes to your reply.

So when you return please post

  • SearchReg.txt
  • Search.txt

 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP