Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Im unable to download the avast antivirus software [Solved]


  • This topic is locked This topic is locked

#16
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Farbar Recovery Scan Tool (x86) Version: 19-11-2016 01
Ran by Allen (19-11-2016 16:22:29)
Running from C:\Users\Allen\Desktop
Boot Mode: Normal

================== Search Registry: "microsoft security client" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\InprocHandler32]
""="c:\Program Files\Microsoft Security Client\MpOAV.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\InprocServer32]
""="c:\Program Files\Microsoft Security Client\MpOAv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\InprocHandler32]
""="c:\Program Files\Microsoft Security Client\MsMpCom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\InprocServer32]
""="c:\Program Files\Microsoft Security Client\MsMpCom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}]
"LocalizedString"="@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\Elevation]
"IconReference"="@C:\Program Files\Microsoft Security Client\EppManifest.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\InprocHandler32]
""="c:\Program Files\Microsoft Security Client\MsMpCom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\InprocServer32]
""="c:\Program Files\Microsoft Security Client\MsMpCom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4DB554FBBB06E6E468A74B5FB71C61B4]
"ProductName"="Microsoft Security Client"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4DB554FBBB06E6E468A74B5FB71C61B4\SourceList\Net]
"2"="C:\Program Files\Microsoft Security Client\Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF400}\1.0\0\win32]
""="c:\Program Files\Microsoft Security Client\MsMpCom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF400}\1.0\HELPDIR]
""="c:\Program Files\Microsoft Security Client\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware]
"InstallLocation"="c:\Program Files\Microsoft Security Client\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware]
"ProductIcon"="@C:\Program Files\Microsoft Security Client\EppManifest.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware]
"ProductLocalizedName"="@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware]
"RemediationExe"="C:\Program Files\Microsoft Security Client\msseces.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties]
"PRODUCTICON"="@C:\Program Files\Microsoft Security Client\EppManifest.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties]
"PRODUCTLOCALIZEDNAME"="@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties]
"REMEDIATIONEXE"="C:\Program Files\Microsoft Security Client\msseces.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties]
"INSTALLDIR"="c:\Program Files\Microsoft Security Client\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Security Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files\Microsoft Security Client\Drivers\mpfilter\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files\Microsoft Security Client\Drivers\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files\Microsoft Security Client\Drivers\NisDrv\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"=""c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
"DisplayIcon"="C:\Program Files\Microsoft Security Client\EppManifest.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
"UninstallString"=""C:\Program Files\Microsoft Security Client\Setup.exe" /x"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
"InstallLocation"="C:\Program Files\Microsoft Security Client"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF455BD4-60BB-4E6E-867A-B4F57BC1164B}]
"InstallLocation"="c:\Program Files\Microsoft Security Client\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF455BD4-60BB-4E6E-867A-B4F57BC1164B}]
"DisplayName"="Microsoft Security Client"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Microsoft Security Client]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Microsoft Security Client]
"FileName"="C:\ProgramData\Microsoft\Microsoft Security Client\Support\Application.etl"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Security Client]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Security Client]
"EventMessageFile"="c:\Program Files\Microsoft Security Client\MsMpRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Security Client Setup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware]
"EventMessageFile"="c:\Program Files\Microsoft Security Client\MpEvMsg.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware]
"ParameterMessageFile"="c:\Program Files\Microsoft Security Client\MpEvMsg.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsMpSvc]
"ImagePath"=""c:\Program Files\Microsoft Security Client\MsMpEng.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsMpSvc]
"Description"="@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-240"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NisSrv]
"ImagePath"=""c:\Program Files\Microsoft Security Client\NisSrv.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NisSrv]
"DisplayName"="@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NisSrv]
"Description"="@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-242"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"cf2e533a-40ea-4b17-b431-5f72697d851c"="v2.1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"e43f8fab-1f17-49b8-95d3-fd30843b9ee7"="v2.1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{399BC1ED-7FC0-4825-BBAA-1ABCFA2AABB3}"="v2.0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{B77DB96A-21F3-47E3-A96B-2E1F671F5475}"="v2.0
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000"="Microsoft Security Essentials"

====== End of Search ======


  • 0

Advertisements


#17
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Farbar Recovery Scan Tool (x86) Version: 19-11-2016 01
Ran by Allen (19-11-2016 16:26:19)
Running from C:\Users\Allen\Desktop
Boot Mode: Normal

================== Search Files: "msseces.exe;MpEvMsg.dll;MsMpRes.dll

" =============

C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpRes.dll
[2006-11-02 08:34][2006-11-02 08:34] 0653928 ____A (Microsoft Corporation) 62DB790A860CDFC4278D2F03CC5675D8 [File is digitally signed]

C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll
[2006-11-02 08:34][2006-11-02 08:34] 0653928 ____A (Microsoft Corporation) 62DB790A860CDFC4278D2F03CC5675D8 [File is digitally signed]

C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\MpEvMsg.dll
[2006-11-02 08:34][2006-11-02 08:34] 0065640 ____A (Microsoft Corporation) 08AF125EE3522486011893FBCC962322 [File is digitally signed]

C:\Program Files\Windows Defender\MpEvMsg.dll
[2006-11-02 08:34][2006-11-02 08:34] 0065640 ____A (Microsoft Corporation) 08AF125EE3522486011893FBCC962322 [File is digitally signed]

C:\Program Files\Windows Defender\MsMpRes.dll
[2006-11-02 08:34][2006-11-02 08:34] 0653928 ____A (Microsoft Corporation) 62DB790A860CDFC4278D2F03CC5675D8 [File is digitally signed]

C:\Program Files\Microsoft Security Client\mpevmsg.dll
[2016-01-29 18:40][2016-01-29 18:40] 0039584 ____A (Microsoft Corporation) 0B9BAE8117F1131D17D31829CED8A055 [File is digitally signed]

C:\Program Files\Microsoft Security Client\MsMpRes.dll
[2016-01-29 17:56][2016-01-29 17:56] 0442016 ____A (Microsoft Corporation) 78E08B9A0BD1D0513589932127DE6AE8 [File is digitally signed]

C:\Program Files\Microsoft Security Client\msseces.exe
[2016-01-29 17:56][2016-01-29 17:56] 0986872 ____A (Microsoft Corporation) EE4223FEE8AB8B9202FCA18036F157AE [File is digitally signed]

====== End of Search ======


  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello puthu,

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

StartRegedit:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\InprocHandler32]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\InprocServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\InprocHandler32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\InprocServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\Elevation]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\InprocHandler32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\InprocServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4DB554FBBB06E6E468A74B5FB71C61B4]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4DB554FBBB06E6E468A74B5FB71C61B4\SourceList\Net]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF400}\1.0\0\win32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF400}\1.0\HELPDIR]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Security Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files\Microsoft Security Client\Drivers\mpfilter\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files\Microsoft Security Client\Drivers\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files\Microsoft Security Client\Drivers\NisDrv\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF455BD4-60BB-4E6E-867A-B4F57BC1164B}]
"InstallLocation"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF455BD4-60BB-4E6E-867A-B4F57BC1164B}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Microsoft Security Client]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Security Client]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Security Client Setup]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsMpSvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NisSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"cf2e533a-40ea-4b17-b431-5f72697d851c"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"e43f8fab-1f17-49b8-95d3-fd30843b9ee7"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{399BC1ED-7FC0-4825-BBAA-1ABCFA2AABB3}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{B77DB96A-21F3-47E3-A96B-2E1F671F5475}"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000"=-

EndRegedit:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

After that

 

Please download a new copy of MSE from Microsoft Security Essentials and install.

 

Tell me if that one works.
 

 


  • 0

#19
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-11-2016 01
Ran by Allen (19-11-2016 20:35:05) Run:2
Running from C:\Users\Allen\Desktop
Loaded Profiles: Allen (Available Profiles: Allen)
Boot Mode: Normal

==============================================

fixlist content:
*****************
StartRegedit:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\InprocHandler32]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\InprocServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\InprocHandler32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\InprocServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\Elevation]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\InprocHandler32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\InprocServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4DB554FBBB06E6E468A74B5FB71C61B4]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4DB554FBBB06E6E468A74B5FB71C61B4\SourceList\Net]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF400}\1.0\0\win32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8C389764-F036-48F2-9AE2-88C260DCF400}\1.0\HELPDIR]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup\RememberedProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Security Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files\Microsoft Security Client\Drivers\mpfilter\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files\Microsoft Security Client\Drivers\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files\Microsoft Security Client\Drivers\NisDrv\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF455BD4-60BB-4E6E-867A-B4F57BC1164B}]
"InstallLocation"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF455BD4-60BB-4E6E-867A-B4F57BC1164B}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Microsoft Security Client]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Security Client]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Security Client Setup]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsMpSvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NisSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"cf2e533a-40ea-4b17-b431-5f72697d851c"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"e43f8fab-1f17-49b8-95d3-fd30843b9ee7"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{399BC1ED-7FC0-4825-BBAA-1ABCFA2AABB3}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{B77DB96A-21F3-47E3-A96B-2E1F671F5475}"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000"=-

EndRegedit:

*****************

====> Registry

==== End of Fixlog 20:35:05 ====


  • 0

#20
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

did as u requested. after downloading mse, im not able to run it


  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hmm... Let's do this:

 

Download  Windows Repair (all in one)  from here.
 
 Install the program then run.

When the program opens click on the tab Start Repairs and the button Start

 

At the list that presents ensure there is a check (tick) in the following:
 

  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair MDAC/MS Jet
  • Remove Policies Set By Infections
  • Repair Icons
  • Repair Start Menu Icons Removed By Infections
  • Reset Service Permissions

 

After that re-boot your machine and see whether MSE will work.

 


  • 0

#22
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

OK i so rebooted, and tried to run MSE, it did update, thanks to you.

 

But today morning i tried the same thing, it hangs duriing the update. Like it was earlier. As im typing this, im running the FRST and the AV is hanging and im posting the results, after its run. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2016
Ran by Allen (administrator) on ALLEN-PC (20-11-2016 13:26:40)
Running from C:\Users\Allen\Desktop
Loaded Profiles: Allen (Available Profiles: Allen)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Bison Inc.) C:\Windows\BR040286.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Realtek Semiconductor Corp.) C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_23_0_0_207_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [BisonInst0402] => C:\Windows\BR040286.exe [53248 2007-05-08] (Bison Inc.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [81920 2008-01-22] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-07] (Dritek System Inc.)
HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [Acer Product Registration] => C:\Program Files\Acer\Acer Registration\ACE1.exe [3387392 2007-11-26] (Leader Technologies)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2008-05-02] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-04-17] (Google Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Google Update] => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Logitech Vid HD] => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Facebook Update] => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-06] (Facebook Inc.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1721192 2011-03-30] (Hewlett-Packard Co.)
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27020416 2016-10-09] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-01-03] (Egis Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2008-03-26]
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2008-10-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk [2016-11-19]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{39C7CE13-FD2A-4C69-A839-A7F82396DA33}: [DhcpNameServer] 192.168.2.1 142.166.166.166

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.ca.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
SearchScopes: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> {E6F8E096-4836-47C0-8883-6A99317FB847} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03] (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-534116950-1332898044-2559044525-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files\TurboTax 2014\ic2014pp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Allen\AppData\Roaming\TomTom\HOME\Profiles\n73ldfb0.default [2014-11-24]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-06-05] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @talk.google.com/O1DPlugin -> C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-534116950-1332898044-2559044525-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Allen\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Allen\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [829096 2007-10-29] (Bison Electronics. Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R1 MpKslDrv; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3BE5DBF-6195-46CA-A479-A607FEFF7532}\MpKslDrv.sys [39168 2016-11-20] (Microsoft Corporation)
S3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-26] (NewTech Infosystems, Inc.) [File not signed]
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
U0 Sr; no ImagePath
U2 SrService; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-19 23:29 - 2016-11-19 23:29 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2016-11-19 21:41 - 2016-11-19 21:41 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ALLEN-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
2016-11-19 21:40 - 2016-11-19 21:40 - 00000000 ____D C:\RegBackup
2016-11-19 21:33 - 2016-11-19 21:33 - 00001956 _____ C:\Users\Allen\Desktop\Tweaking.com - Windows Repair.lnk
2016-11-19 21:33 - 2016-11-19 21:33 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-11-19 21:32 - 2016-11-19 21:40 - 00357620 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-11-19 21:32 - 2016-11-19 21:32 - 00000000 ____D C:\Program Files\Tweaking.com
2016-11-19 21:30 - 2016-11-19 21:30 - 29841928 _____ (Tweaking.com) C:\Users\Allen\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-11-19 20:40 - 2016-11-19 20:40 - 00001908 _____ C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-19 20:40 - 2016-11-19 20:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-19 20:37 - 2016-11-19 20:37 - 11640664 _____ (Microsoft Corporation) C:\Users\Allen\Desktop\mseinstall.exe
2016-11-19 20:35 - 2016-11-19 20:35 - 00004173 _____ C:\Users\Allen\Desktop\Fixlog.txt
2016-11-19 20:24 - 2016-11-19 20:24 - 00000000 ____D C:\Users\Allen\AppData\Local\{4666414D-2A33-403B-AEF0-A7065128D83F}
2016-11-19 16:26 - 2016-11-19 16:29 - 00002011 _____ C:\Users\Allen\Desktop\Search.txt
2016-11-19 16:22 - 2016-11-19 16:22 - 00007621 _____ C:\Users\Allen\Desktop\SearchReg.txt
2016-11-18 10:56 - 2016-11-20 13:27 - 00045626 _____ C:\Users\Allen\Desktop\FRST.txt
2016-11-18 10:31 - 2016-11-18 10:31 - 00000000 ____D C:\Users\Allen\AppData\Local\{9B73FD05-BAE5-4287-994D-520539A9AE49}
2016-11-17 10:09 - 2016-11-20 13:26 - 00000000 ____D C:\Users\Allen\Desktop\FRST-OlderVersion
2016-11-16 11:13 - 2016-11-19 08:54 - 00046935 _____ C:\Users\Allen\Desktop\Addition.txt
2016-11-16 11:12 - 2016-11-20 13:26 - 00000000 ____D C:\FRST
2016-11-16 11:10 - 2016-11-20 13:26 - 01762304 _____ (Farbar) C:\Users\Allen\Desktop\FRST.exe
2016-11-10 20:11 - 2016-11-10 20:11 - 00000000 ____D C:\Users\Allen\AppData\Local\{15DD86F3-D13B-4F72-B007-CAF4F21F6DD7}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 13:26 - 2006-11-02 08:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-20 13:26 - 2006-11-02 08:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-20 13:20 - 2015-04-25 10:48 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-20 13:20 - 2009-06-30 15:23 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
2016-11-20 13:10 - 2008-03-26 04:16 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-20 13:01 - 2014-09-24 13:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-20 12:29 - 2015-06-02 14:17 - 00000402 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-11-20 10:44 - 2012-10-06 12:39 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
2016-11-19 23:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-11-19 23:31 - 2006-11-02 06:33 - 00848974 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-19 23:30 - 2010-07-11 22:22 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Skype
2016-11-19 23:29 - 2015-04-25 10:48 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-19 23:29 - 2009-04-19 20:49 - 00000000 ____D C:\Users\Allen\Tracing
2016-11-19 23:26 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-19 23:26 - 2006-11-02 08:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-11-19 23:24 - 2006-11-02 09:01 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-19 23:23 - 2012-03-10 07:39 - 00002115 _____ C:\Windows\epplauncher.mif
2016-11-19 22:49 - 2010-06-23 12:24 - 00105000 _____ C:\Users\Allen\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-19 22:45 - 2006-11-02 08:47 - 00390776 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-19 20:12 - 2009-06-30 15:23 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
2016-11-19 16:23 - 2016-06-01 23:06 - 00000000 ____D C:\Users\Allen\AppData\LocalLow\Adblock Plus for IE
2016-11-19 16:21 - 2012-10-06 12:39 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
2016-11-19 09:11 - 2010-08-30 12:51 - 00486400 _____ C:\Users\Allen\Desktop\Logbook.xls
2016-11-19 09:11 - 2008-10-27 03:35 - 00002607 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2016-11-19 09:09 - 2008-10-27 03:35 - 00002605 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2016-11-19 09:07 - 2016-07-18 18:12 - 00000000 ____D C:\Users\Allen\Desktop\Multi pic log
2016-11-15 20:49 - 2016-05-04 13:05 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-10 21:13 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-11-08 22:01 - 2014-09-24 13:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 22:01 - 2014-09-24 13:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-27 17:37 - 2009-10-02 15:27 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-21 20:41 - 2012-07-14 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2011-04-10 14:23 - 2011-04-10 14:23 - 0000052 _____ () C:\Users\Allen\AppData\Roaming\G1000Trainer_preferences.xml
2011-04-10 14:23 - 2011-06-19 21:14 - 0006733 _____ () C:\Users\Allen\AppData\Roaming\G1000Trainer_student_record.xml
2014-12-10 15:26 - 2014-12-10 15:26 - 0000052 _____ () C:\Users\Allen\AppData\Roaming\pdfcompressor.ini
2008-11-13 01:28 - 2008-11-13 01:28 - 0024206 _____ () C:\Users\Allen\AppData\Roaming\UserTile.png
2012-02-19 19:43 - 2012-03-16 17:36 - 0000680 _____ () C:\Users\Allen\AppData\Local\d3d9caps.dat
2010-07-21 01:59 - 2016-08-27 19:27 - 0062464 _____ () C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 11:28 - 2015-06-02 11:28 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-07-11 22:23 - 2010-07-11 22:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-20 12:15

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2016
Ran by Allen (20-11-2016 13:27:42)
Running from C:\Users\Allen\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2008-09-17 20:14:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-534116950-1332898044-2559044525-500 - Administrator - Disabled)
Allen (S-1-5-21-534116950-1332898044-2559044525-1003 - Administrator - Enabled) => C:\Users\Allen
ASPNET (S-1-5-21-534116950-1332898044-2559044525-1005 - Limited - Enabled)
Guest (S-1-5-21-534116950-1332898044-2559044525-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Crystal Eye (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.13d - Acer Crystal Eye)
Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.20 - Acer Crystal Eye Webcam)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 2.11.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adblock Plus for IE (32-bit) (HKLM\...\{E93152F1-E3AE-4B2A-9BAC-F770203F67E5}) (Version: 1.5 - Eyeo GmbH)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.08 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON NX100 Series Printer Uninstall (HKLM\...\EPSON NX100 Series) (Version:  - SEIKO EPSON Corporation)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.2.183.13 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{AB2228C5-EA86-44E1-AFF6-58B9CC260CE3}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{C40DCEE3-A564-4692-B1D5-DA1F252BA3BC}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version:  - )
HP Photo Creations (HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\HP Photo Creations) (Version: 1.0.0.18332 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MrvlUsgTracking (HKLM\...\{02C85EC5-E864-4847-AF55-42730861004C}) (Version: 1.0.0 - Marvell)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.37 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.37 - NewTech Infosystems) Hidden
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-534116950-1332898044-2559044525-1003\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3730a.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.101 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.16 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahoo! Extras (HKLM\...\Yahoo! Customizations) (Version:  - )
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Internet Mail) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32 -> c:\Program Files\Microsoft Security Client\shellext.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{2781761E-28E1-4109-99FE-B9D127C57AFE}\InprocServer32 -> c:\Program Files\Microsoft Security Client\MpOAv.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{5034A1B7-99A3-43F4-83DB-34B94B13CBA4}\InprocServer32 -> c:\Program Files\Microsoft Security Client\MsMpCom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{546BF232-C9DD-4F28-8E38-30AE2D964D46}\InprocServer32 -> c:\Program Files\Microsoft Security Client\MsMpCom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Allen\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Allen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Allen\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534116950-1332898044-2559044525-1003_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Users\Allen\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1340E10F-6A32-40A5-AB16-57CC12318002} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {18176CC6-1A9D-47F1-A26B-13910E7F909E} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30] (Hewlett-Packard Co.)
Task: {1A4242C0-60C1-4610-A9FE-9D7141CE1931} - System32\Tasks\{99258A10-6B3B-429F-8C29-27D864D109A3} => C:\Program Files\Skype\Phone\Skype.exe [2016-10-09] (Skype Technologies S.A.)
Task: {26597DBB-F5CA-4CAA-B86E-BC0A98609B82} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Allen\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-05-13] ()
Task: {2FA7A48B-76EB-49C5-857F-1258373A5860} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3CF60298-04EC-49DC-BDF6-2B76712045AB} - System32\Tasks\{DF166A33-0B21-42D0-9A6C-D6935E90AB73} => pcalua.exe -a C:\PROGRA~1\SOFTON~1\UNWISE.EXE -c C:\PROGRA~1\SOFTON~1\INSTALL.LOG
Task: {499D5A06-9F22-447F-BCE9-4946F822C169} - System32\Tasks\{5CAFF5CB-CA6E-4A8F-9E7A-D47D6B66AE7E} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLFL9HM6\SetupFSCopilot16[1].exe" -d C:\Users\Allen
Task: {58AE6357-C600-41C8-A2E0-0B4DF5811076} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-06] (Facebook Inc.)
Task: {6062649A-F965-40F4-B90F-18259EBEF2F1} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {645EA812-B73C-4E18-9181-34DB80502938} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {6AF0F6F3-A64E-4D6E-BFF1-D03992F2E9F9} - System32\Tasks\{858EA598-D309-4606-BEBC-70EF9403C894} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07L2HA66\SetupFSInn13B2_3[2].exe" -d C:\Users\Allen
Task: {714E4DED-E175-4C9D-831E-E337DC543BFC} - System32\Tasks\{D8721F9D-7F92-4077-B56D-66C255E56643} => pcalua.exe -a "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" -c REMOVE=TRUE MODIFY=FALSE
Task: {7DC317EB-164C-41F4-9D21-72EFD94806A7} - System32\Tasks\{6E5A1472-C989-48BA-8778-96025461C0AC} => pcalua.exe -a C:\Users\Allen\Desktop\VirtumundoBeGone.exe -d C:\Users\Allen\Desktop
Task: {89192796-C51B-456B-A050-D5E3C45A5D6D} - System32\Tasks\{D5FE861A-C79C-4D59-A538-F3923F67D2A2} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZVZEMVG\SetupFSInn12[1].exe" -d C:\Users\Allen
Task: {BE22A2C9-84B7-40C2-80DB-4EE9515DCD3D} - System32\Tasks\{D785B799-7774-474C-96E6-0D20036729B1} => pcalua.exe -a "C:\Program Files\Fs2002 And Fs2004 Easy Installer Utility!\eesi.exe" -d "C:\Program Files\Fs2002 And Fs2004 Easy Installer Utility!"
Task: {C1EB9403-15B9-4A46-9032-A5525EF30E5F} - System32\Tasks\{F6F3960B-7566-4264-9DD1-908FEFD7C1D5} => pcalua.exe -a "C:\Program Files\FSFDT\uninstallFSCopilot.exe"
Task: {C261008A-2895-44B6-8146-9400682854F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {C4DF8714-3D5B-4F78-AD03-1D5BCFEAFECD} - System32\Tasks\{262F4346-CCEC-4F15-B1D1-AB3419B87696} => pcalua.exe -a D:\setuppls.exe -d D:\ -c /AUTORUN
Task: {C9306C47-F213-4E0D-AE44-D5DBECC04F9C} - System32\Tasks\{88C44967-8EF0-4D52-9323-80C4B50F3543} => pcalua.exe -a "C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O7KXWM6P\wmp11-windowsxp-x86-enu[1].exe" -d C:\Windows\system32
Task: {CE16C034-B03F-4132-8CD6-063422115D25} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {D0F03E06-D15C-45B5-86C8-A93F58BBF3EC} - System32\Tasks\Microsoft\Windows\RestartManager\{9388B6A3-309E-4d7f-B8A8-B87168832CB9} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {DBAB3616-414F-42C3-BD2F-79AC04CD09E3} - System32\Tasks\PDVDServ.EXE_1322400303 => C:\Program Files\CyberLink\PowerDVD\PDVDServ.EXE [2008-01-22] (Cyberlink Corp.)
Task: {F8E07DE8-CE5F-4FDC-951D-69BA2E61FBAC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FA8D32A9-622D-4C18-95C5-09B4106AD01C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-06] (Facebook Inc.)
Task: {FCFA6D6A-FA88-4452-98C5-BFF7A63332CF} - System32\Tasks\{F39A87A9-2776-4442-96B8-82EFD761788E} => pcalua.exe -a "C:\Program Files\Microsoft Games\FS2002\FSUNINSTALL.EXE" -c /runtemp /addremove

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job => C:\Users\Allen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job => C:\Users\Allen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Allen\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{81269CAB-AB40-4890-B356-37C309F68D20}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

ShortcutWithArgument: C:\Users\Allen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=ca&.redir=ymmapi10
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=ca&.redir=ymmapi11

==================== Loaded Modules (Whitelisted) ==============

2008-09-17 16:27 - 2007-11-27 21:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-09-17 16:27 - 2007-11-27 18:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2011-03-30 17:19 - 2011-03-30 17:19 - 01841000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2008-09-17 16:26 - 2007-12-19 21:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-09-17 16:26 - 2007-12-19 21:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
2008-09-17 16:26 - 2007-12-19 21:09 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
2008-09-17 16:21 - 2007-09-20 17:01 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2008-05-02 00:15 - 2008-05-02 00:15 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2008-01-03 05:00 - 2008-01-03 05:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-09-17 17:08 - 2003-06-07 17:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2008-05-02 00:15 - 2008-05-02 00:15 - 00015872 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2008-03-26 04:23 - 2008-01-09 21:43 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2008-03-26 04:23 - 2008-01-09 21:42 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2008-09-17 16:22 - 2007-09-11 12:59 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2008-09-17 16:25 - 2007-12-20 16:58 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2008-09-17 16:26 - 2007-12-19 21:09 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2008-09-17 16:26 - 2007-12-19 21:08 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2008-09-17 16:23 - 2007-12-20 14:33 - 00249856 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2016-11-19 22:34 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{C9EF5EDA-50C2-4BE3-97E4-588F170D901D}] => (Allow) C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{E01BE071-B00A-491D-BB6A-556CA52ABD35}] => (Allow) C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE
FirewallRules: [{47620D60-F3FA-4BF0-A495-1D203C176DA8}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{74D7467A-EEFF-44B9-A907-702E9A129F00}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{48617D48-7F68-434D-8342-547FE235771E}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{C9E71106-7B3B-4CFD-8DA6-D011E8B77B56}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [TCP Query User{C17E2344-6137-465B-AAD7-44082193412C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{BE179C4E-9D59-4E72-AC3B-3B90A91F09D7}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{F2DDA02E-CD32-4E79-9071-6112EE455060}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [{6BDC7595-0823-450D-B246-90610F59F8B5}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [TCP Query User{F10592A5-F603-4E2C-820C-146E3AF4244A}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{1D334044-58D8-40A6-8171-FA7A85505F92}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{5C24DAE7-542C-4D56-B1A4-78BB24E21C26}C:\program files\limewire\limewire.exe] => (Allow) C:\program files\limewire\limewire.exe
FirewallRules: [UDP Query User{725C063C-259C-4DC9-B60C-A56B6230D1FF}C:\program files\limewire\limewire.exe] => (Allow) C:\program files\limewire\limewire.exe
FirewallRules: [{390E7292-8F7E-443E-8784-B7F50965A7B1}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{A8123CDB-6339-4EDC-B3BE-4B0AB039EA18}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{7D48202A-539A-4356-A2FE-88E5F9372552}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{3947B629-6FBA-4962-8A79-545551BA0E0E}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{ABA9C176-A253-44C7-8ED1-33F62868C50B}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{AA4C98B2-CBED-4F05-BD2A-9B1555A857B1}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [{FB6B0841-AEE2-4FC5-AF28-34DA925E84AC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4C76D121-C306-41BD-A695-84DCCFF0828A}] => (Allow) svchost.exe
FirewallRules: [{A619DE9B-E9A6-4B30-BFF3-E5BC3B852692}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{EF7CD1E1-272B-4F16-BBBD-B26D7FE38820}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A43D41CC-946D-4BF5-9DEE-9B49A12FF698}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{396CE697-5AD3-422F-8E81-719CE1A61410}] => (Allow) LPort=2869
FirewallRules: [{BD673127-28AE-4D20-A67C-D13822D08483}] => (Allow) LPort=1900
FirewallRules: [{F5A2B141-767C-46A3-A4A6-13B3784D26B4}] => (Allow) LPort=80
FirewallRules: [{37753C3E-74FE-46F9-892F-61305A197DAD}] => (Allow) LPort=80
FirewallRules: [{F6688556-B806-4927-9655-8396D02B81D1}] => (Allow) LPort=80
FirewallRules: [{E4D2FBD9-ED9A-4925-9CDE-3BE742D85E47}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{58DCA8E1-C0CF-45B1-9030-C7D2468851DF}] => (Allow) C:\Users\Allen\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{DA23D471-DD9A-49CD-977A-19F9E4072849}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{9D8F25DF-6FF0-4F70-863B-35223BF19B2F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe] => Enabled:eDSfsu
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe] => Enabled:encryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe] => Enabled:decryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe] => Enabled:eDSMgr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe] => Enabled:eDStbmngr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe] => Enabled:eDSfsu
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe] => Enabled:encryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe] => Enabled:decryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe] => Enabled:eDSMgr
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe] => Enabled:eDStbmngr

==================== Restore Points =========================

19-01-2006 03:01:07 Windows Update
03-06-2016 19:43:44 Windows Update
03-06-2016 20:17:28 Windows Update
06-06-2016 19:25:06 Scheduled Checkpoint
08-06-2016 21:19:54 Windows Update
11-06-2016 09:51:56 Scheduled Checkpoint
15-06-2016 18:32:32 Windows Update
27-06-2016 21:43:22 Windows Update
27-06-2016 22:41:55 Windows Update
28-06-2016 20:54:50 Scheduled Checkpoint
03-07-2016 19:36:27 Windows Update
03-07-2016 20:45:54 Windows Update
05-07-2016 20:26:15 Scheduled Checkpoint
11-07-2016 23:05:29 Windows Update
12-07-2016 00:22:39 Windows Update
19-11-2016 22:52:36 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Broadcom NetLink ™ Gigabit Ethernet
Description: Broadcom NetLink ™ Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2016 12:25:45 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/20/2016 12:25:45 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/20/2016 12:25:45 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\READ ME.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/20/2016 12:25:45 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\READ ME.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/20/2016 12:25:44 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE REGISTRATION.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/20/2016 12:25:44 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE REGISTRATION.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/20/2016 12:25:44 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/20/2016 12:25:44 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/20/2016 12:25:44 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\CYBERLINK POWERDVD.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/20/2016 12:25:44 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ALLEN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\CYBERLINK POWERDVD.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (11/19/2016 11:26:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/19/2016 11:26:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D215781D-019E-4FA0-903D-0CDCDE13A4F5}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/19/2016 11:22:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

Error: (11/19/2016 11:22:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.

Error: (11/19/2016 11:22:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Error: (11/19/2016 11:22:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.

Error: (11/19/2016 11:19:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (11/19/2016 11:19:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

Error: (11/19/2016 11:08:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/19/2016 11:08:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D215781D-019E-4FA0-903D-0CDCDE13A4F5}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
  Date: 2016-11-15 21:04:01.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:59.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:58.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:56.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:54.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:53.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:51.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:50.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:48.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-15 21:03:46.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 54%
Total physical RAM: 3061.68 MB
Available physical RAM: 1402.1 MB
Total Virtual: 7081.75 MB
Available Virtual: 4412.23 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:232.88 GB) (Free:157.69 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 059CAD89)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#23
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

But today morning i tried the same thing, it hangs duriing the update.


Did you turn your computer off last night and restart this morning? That can sometimes affect your computers clock.

You could try this:

Go to Control Panel > Date and Time > Internet Time > Change Settings and click the Update now button beside the server panel.

Try updating after that.

 

Tell me how it goes.


  • 0

#24
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

I did not turn of the computer. i left it overnight, after a successful update, to run a long scan. Today morning i restarted the computer, then the problem began again. Date and time are accurate even after start.


  • 0

#25
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

 

Today morning i restarted the computer, then the problem began again.

 

Something changed at reboot.

 

 

Date and time are accurate even after start.

 

Did you try that control panel instruction anyway? Sometimes the time looks okay but when you reboot there is a change, for example, the time zone may be wrong even though everything else looks right.

 

Also

 

Let's do this:

 

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe
CMD: ipconfig /flushdns
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 


  • 0

Advertisements


#26
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

ok i tried that route, it says "an error occured while windows was trying to sync with time zone" something like that. ok im going to do other step u suggested


  • 0

#27
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-11-2016 01
Ran by Allen (20-11-2016 22:06:55) Run:3
Running from C:\Users\Allen\Desktop
Loaded Profiles: Allen (Available Profiles: Allen)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe
CMD: ipconfig /flushdns
EmptyTemp:
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe => moved successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3794763 B
Java, Flash, Steam htmlcache => 676 B
Windows/system/drivers => 547965 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
LocalService => 3486977 B
NetworkService => 23029414 B
Allen => 14678128 B

RecycleBin => 3400 B
EmptyTemp: => 51.5 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 22:07:03 ====


  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

 

ok i tried that route, it says "an error occured while windows was trying to sync with time zone"

 

Go to this link and follow the guide.

 

After that see if you can update.

 

Tell me how you get on. :)


  • 0

#29
puthu

puthu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

i followed the guide, but it wont update as it wont let me set the guide parameters. I probably give up at this point. I guess im going to buy a new computer. This laptop has seen better days. It has served me well over the years. YOU helped, thats what matters !


  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Well it did seem to work after you used Windows Repair. Might be worth another try...

 

 

YOU helped, thats what matters !

 

Thank you for your kind words. Didn't solve your problem though so I do feel a bit sad. Hopefully from now on things do get better in the computer world for you.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP