Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Helping A Friend With Possible Malware Infection [Solved]

Started by robkbriggs , Nov 04 2015 06:30 PM

This topic is locked

#1
robkbriggs

Posted 04 November 2015 - 06:30 PM

Member

Member
152 posts

A friend came to me to see and asked if I would take a look at her PC. I asked her to tell me as completely as she could what happened, so this is what I have;

She has a Kodak digital camera, and was trying to download the newest version of Kodak Easy Share software when a window that she didn't recognize popped up. She doesn't remember what it said, but she closed it. Later that day her husband was trying to log on to rtsports.com and they started seeing a bunch of different popups and things flashing and other assorted weird behaviors. She restarted the PC, and then ran an AV scan (McAfee) when it came back up that did not show any problems, but did show that it quarantined a few files. After that she thought she was good.

Judging from the programs on the PC, it looks like a few things were installed on November 1st, so I assume that is when this all went down.

A little while later she had a blue screen pop up that looked similar to a BSOD with a number to call. She called the number and let a technician who said he was from Microsoft connect in. She said she could not follow what all he was doing, but that he told her she had many issues. As soon as he told her that she would have to pay him to clean everything up, she disconnected it from the internet. At the time she brought it to me, It had not been connected again. I have it now, and it is not connected at this point.

I explained to her as plainly as I could how these scams work, but I really couldn't give her a good answer on what caused the original infection or issue. She asked me if I could just get it back to normal for her.

The PC is an Acer touch screen all in one, with 4 GB of RAM, running Windows 8.1. Below are the results from running FRST64.exe.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015
Ran by Shawn&Stacy (administrator) on HOMECOMPUTER (04-11-2015 17:01:15)
Running from E:\Stacy PC
Loaded Profiles: Shawn&Stacy (Available Profiles: Shawn&Stacy & Shawn & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
() C:\Users\Shawn&Stacy\AppData\Local\Crsoft\crsvc.exe
() C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\knsqBC8F.tmp
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
() C:\Users\Shawn&Stacy\AppData\Roaming\NetService\netservice.exe
() C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe
() C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\hnsl1934.tmp
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
() C:\Users\Shawn&Stacy\AppData\Local\gmsd_us_005010133\upgmsd_us_005010133.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
() C:\Users\Public\Documents\windows.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
() C:\Users\Public\Documents\windows.exe
(Acer) C:\Windows\SysWOW64\OSDSrv\OSDApp.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
() C:\Program Files (x86)\gmsd_us_005010133\gmsd_us_005010133.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
() C:\Users\Shawn&Stacy\AppData\Roaming\DailyWiki\DailyWiki.exe
() C:\Users\Shawn&Stacy\AppData\Roaming\DailyWiki\DailyWiki.exe
() C:\Users\Shawn&Stacy\AppData\Roaming\DailyWiki\DailyWiki.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1180.0\McCSPServiceHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [OSDAPP] => C:\Windows\SysWOW64\OSDSrv\OSDApp.exe [2054656 2013-05-16] (Acer)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-09-16] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [385024 2008-01-31] (Apple Inc.)
HKLM-x32\...\Run: [popup] => C:\windows\SysWOW64\MyTrayApp.exe [14336 2015-09-09] (Microsoft)
HKLM-x32\...\Run: [gmsd_us_005010132] => [X]
HKLM-x32\...\Run: [gmsd_us_005010133] => C:\Program Files (x86)\gmsd_us_005010133\gmsd_us_005010133.exe [3972784 2015-11-01] ()
HKLM-x32\...\Run: [DailyWiki] => C:\Users\Shawn&Stacy\AppData\Roaming\DailyWiki\DailyWiki.exe [48673472 2015-10-13] ()
HKLM-x32\...\RunOnce: [upgmsd_us_005010133.exe] => C:\Users\Shawn&Stacy\AppData\Local\gmsd_us_005010133\upgmsd_us_005010133.exe [3332784 2015-11-01] ()
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732448 2015-10-15] (Acer)
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [DV] => C:\ProgramData\DataFile\Downloads\DV.exe [277504 2015-09-04] ()
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [Wixkv] => C:\ProgramData\DataFile\DV.exe [283648 2015-11-01] ()
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [7601110 2015-09-27] ()
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\MountPoints2: {d7cfe58a-9aea-11e3-8250-806e6f6e6963} - "D:\Setup.exe"
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-09-16] ()
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [989696 2015-09-27] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [755200 2015-09-27] (FlashBeat)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2014-09-22]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2015-07-25]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\Localadsiw.dll [283496 2015-10-31] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Localadsiw.dll [283496 2015-10-31] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Localadsiw.dll [283496 2015-10-31] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Localadsiw.dll [283496 2015-10-31] ()
Winsock: Catalog9 05 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-31] (Lavasoft Limited)
Winsock: Catalog9 06 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-31] (Lavasoft Limited)
Winsock: Catalog9 07 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-31] (Lavasoft Limited)
Winsock: Catalog9 08 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-31] (Lavasoft Limited)
Winsock: Catalog9 20 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-31] (Lavasoft Limited)
Winsock: Catalog9 21 C:\Windows\SysWOW64\Localadsiw.dll [283496 2015-10-31] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Localadsiw64.dll [353640 2015-10-31] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Localadsiw64.dll [353640 2015-10-31] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Localadsiw64.dll [353640 2015-10-31] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Localadsiw64.dll [353640 2015-10-31] ()
Winsock: Catalog9-x64 05 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-31] (Lavasoft Limited)
Winsock: Catalog9-x64 06 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-31] (Lavasoft Limited)
Winsock: Catalog9-x64 07 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-31] (Lavasoft Limited)
Winsock: Catalog9-x64 08 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-31] (Lavasoft Limited)
Winsock: Catalog9-x64 20 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-31] (Lavasoft Limited)
Winsock: Catalog9-x64 21 C:\Windows\system32\Localadsiw64.dll [353640 2015-10-31] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CD635BC-E781-4274-B67C-F70D05666F27}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=sunadusv3&uid=S2ANG3CL_ST500DM002-1BD142&tm=1446414608
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=sunadusv3&uid=S2ANG3CL_ST500DM002-1BD142&tm=1446414608
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=sunadusv3&uid=S2ANG3CL_ST500DM002-1BD142&tm=1446414608
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> DefaultScope {FC657D0B-7E98-44D7-B45D-496A95A05471} URL = hxxp://www-searching.com/search.aspx?s=FB1ztutbl011,27728558-f312-4ba6-87db-f8177ba16063&site=shyosie&prd=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D103115-AB747CC590BEC44CD91F&form=CONBDF&conlogo=CT3330962&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {30E9E740-D162-11E4-8278-28E347809B30} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {7817E5E7-AA31-11E4-8273-28E347809B30} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {AA6B1CEC-2D28-46D3-88F5-DA9E49ADFF11} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US662D20140703&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {FC657D0B-7E98-44D7-B45D-496A95A05471} URL = hxxp://www-searching.com/search.aspx?s=FB1ztutbl011,27728558-f312-4ba6-87db-f8177ba16063&site=shyosie&prd=set&q={searchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-09-22] (McAfee)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-09-22] (McAfee)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-09-22] (McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-09-22] (McAfee)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-10-27] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-10-27] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-10-27] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-10-27] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.tohotweb.com?oem=sunadusv3&uid=S2ANG3CL_ST500DM002-1BD142&tm=1446414608

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-28] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-28] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-01-03] ()
FF Plugin HKU\S-1-5-21-1384006192-1193351791-2402037821-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Shawn&Stacy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-03] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-10-21]
FF HKLM\...\Firefox\Extensions: [{9DBE6922-419B-4936-84AE-4D1FE3A06BAC}] - C:\Program Files\shopperz311020151629\Firefox\{9DBE6922-419B-4936-84AE-4D1FE3A06BAC}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{9DBE6922-419B-4936-84AE-4D1FE3A06BAC}] - C:\Program Files\shopperz311020151629\Firefox\{9DBE6922-419B-4936-84AE-4D1FE3A06BAC}.xpi => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-08-14] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-01]
CHR HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-09-09] (Acer Incorporated)
R2 Crashhd; C:\Users\Shawn&Stacy\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] () [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-03] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 jofoqyze; C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\knsqBC8F.tmp [460800 2015-11-01] () [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-10-27] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 NetTcpHandler; C:\Users\Shawn&Stacy\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] () [File not signed]
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 OSDSrv; C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe [220672 2013-05-08] () [File not signed]
R2 qymylofy; C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\hnsl1934.tmp [624640 2015-10-31] () [File not signed]
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-10-27] (ShopperPro)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56736 2015-10-31] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-10-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 PQAWRwa; C:\Windows\SysWOW64\OSDSrv\PQAWDrv.sys [10464 2011-09-08] () [File not signed]
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-18] (Realtek semiconductor corp)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-10-27] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 17:00 - 2015-11-04 17:01 - 00000000 ____D C:\FRST
2015-11-03 14:29 - 2015-11-03 14:29 - 00006958 _____ C:\Users\SHAWNmgn_service-remove_00.log
2015-11-03 14:29 - 2015-11-03 14:29 - 00001627 _____ C:\Users\Shawn\g2ax_uninstaller_customer.log
2015-11-03 14:29 - 2015-11-03 14:29 - 00001185 _____ C:\Users\SHAWNmgn_service-force_shutdown_00.log
2015-11-03 14:16 - 2015-11-03 14:29 - 00304606 _____ C:\Users\SHAWNGoToAssist Remote Support Customer_00.LOG
2015-11-03 14:16 - 2015-11-03 14:29 - 00004604 _____ C:\Users\SHAWNmgn_service-service_00.log
2015-11-03 14:16 - 2015-11-03 14:16 - 00007348 _____ C:\Users\SHAWNmgn_service-install_manual_00.log
2015-11-03 14:16 - 2015-11-03 14:16 - 00001438 _____ C:\Users\SHAWNmgn_service-start_session_00.log
2015-11-03 14:15 - 2015-11-03 14:29 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-11-03 14:15 - 2015-11-03 14:15 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\Citrix
2015-11-01 20:18 - 2015-11-04 16:46 - 00003750 _____ C:\Windows\System32\Tasks\Inst_Rep
2015-11-01 19:35 - 2015-11-03 14:00 - 00000010 _____ C:\Users\Public\Documents\test.txt
2015-11-01 19:34 - 2015-11-04 16:32 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\gmsd_us_005010133
2015-11-01 19:34 - 2015-11-01 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-11-01 19:33 - 2015-11-04 16:30 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\DailyWiki
2015-11-01 19:33 - 2015-11-01 19:34 - 00001360 _____ C:\Windows\unins000.dat
2015-11-01 19:33 - 2015-11-01 19:33 - 00929953 _____ C:\Windows\unins000.exe
2015-11-01 19:33 - 2015-11-01 19:33 - 00004272 _____ C:\Windows\System32\Tasks\F6E70F42-AA4B-47A7-9CC8-E592976436A7
2015-11-01 19:33 - 2015-11-01 19:33 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DailyWiki
2015-11-01 19:33 - 2015-11-01 19:33 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\DailyWiki
2015-11-01 19:33 - 2015-11-01 19:33 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\F6E70F42-AA4B-47A7-9CC8-E592976436A7
2015-11-01 19:33 - 2015-11-01 19:33 - 00000000 ____D C:\Program Files (x86)\MyRegCleaner
2015-11-01 19:33 - 2015-11-01 19:33 - 00000000 ____D C:\Program Files (x86)\CinePlus-1.44V01.11
2015-11-01 19:33 - 2015-09-27 23:48 - 07601110 _____ C:\Users\Public\Documents\windows.exe
2015-11-01 19:30 - 2015-11-01 19:31 - 00000000 ___HD C:\$Windows.~BT
2015-11-01 18:55 - 2015-11-01 18:55 - 00000485 _____ C:\Users\Shawn&Stacy\Desktop\Administrative Tools - Shortcut.lnk
2015-11-01 18:28 - 2015-11-01 18:28 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\Google
2015-11-01 18:07 - 2015-11-01 18:21 - 00000000 ____D C:\Users\Shawn\AppData\Local\WebBar
2015-11-01 18:04 - 2015-11-01 18:04 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\PCAcceleratePro
2015-11-01 18:04 - 2015-11-01 18:04 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\InstantSupport
2015-11-01 15:17 - 2015-11-01 15:17 - 00000008 _____ C:\END
2015-11-01 15:14 - 2015-11-01 18:32 - 00003790 _____ C:\Windows\System32\Tasks\SecurityApps2
2015-11-01 15:13 - 2015-11-01 19:34 - 00000000 ____D C:\Program Files (x86)\gmsd_us_005010133
2015-11-01 15:13 - 2015-11-01 15:13 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2015-11-01 14:50 - 2015-11-01 14:50 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\shortCutStore
2015-11-01 14:50 - 2015-11-01 14:50 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\Crsoft
2015-11-01 14:45 - 2015-11-01 14:45 - 00000000 ____D C:\ProgramData\Radio
2015-11-01 13:48 - 2015-11-01 13:48 - 00002393 _____ C:\Users\Shawn&Stacy\Desktop\BrowserAir.lnk
2015-11-01 13:48 - 2015-11-01 13:48 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2015-11-01 13:47 - 2015-11-01 13:48 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\BrowserAir
2015-11-01 13:47 - 2015-11-01 13:47 - 00004282 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_313335333032383432342d324a574123346c2a556c2a5a
2015-11-01 13:47 - 2015-11-01 13:47 - 00000000 ____D C:\ProgramData\ShopperPro
2015-11-01 13:46 - 2015-11-01 13:47 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-11-01 13:46 - 2015-11-01 13:47 - 00000000 ____D C:\Program Files (x86)\ShopperPro
2015-11-01 13:46 - 2015-11-01 13:46 - 00004430 _____ C:\Windows\System32\Tasks\Installer_smknnodesk
2015-11-01 13:46 - 2015-11-01 13:46 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-11-01 11:55 - 2015-11-01 11:55 - 00000000 ____D C:\Users\Shawn\AppData\Local\TVTime
2015-11-01 11:54 - 2015-11-01 11:54 - 00000000 ____D C:\ProgramData\Browser
2015-10-31 08:04 - 2015-11-04 16:34 - 00000000 ____D C:\ProgramData\Ruwsiawi
2015-10-31 08:02 - 2015-10-31 08:02 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-10-31 08:01 - 2015-10-31 08:01 - 00004228 _____ C:\Windows\System32\Tasks\A282C480-6087-4AB1-A04A-7C7516C6330
2015-10-31 08:01 - 2015-10-31 08:01 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\A282C480-6087-4AB1-A04A-7C7516C6330
2015-10-31 08:00 - 2015-11-04 17:00 - 00003172 _____ C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7.job
2015-10-31 08:00 - 2015-11-04 17:00 - 00003172 _____ C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6.job
2015-10-31 08:00 - 2015-11-04 17:00 - 00002146 _____ C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-10_user.job
2015-10-31 08:00 - 2015-11-04 16:29 - 00002480 _____ C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5_user.job
2015-10-31 08:00 - 2015-11-04 16:29 - 00002480 _____ C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.job
2015-10-31 08:00 - 2015-10-31 08:00 - 00006184 _____ C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7
2015-10-31 08:00 - 2015-10-31 08:00 - 00006184 _____ C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6
2015-10-31 08:00 - 2015-10-31 08:00 - 00005492 _____ C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5
2015-10-31 08:00 - 2015-10-31 08:00 - 00003620 _____ C:\Windows\System32\Tasks\GoogleUp
2015-10-31 08:00 - 2015-10-31 08:00 - 00003612 _____ C:\Windows\System32\Tasks\import
2015-10-31 08:00 - 2015-10-31 08:00 - 00003610 _____ C:\Windows\System32\Tasks\impo
2015-10-31 08:00 - 2015-10-31 08:00 - 00003502 _____ C:\Windows\System32\Tasks\Googleuptodate
2015-10-31 08:00 - 2015-10-31 08:00 - 00003494 _____ C:\Windows\System32\Tasks\MyDailyBackup
2015-10-31 08:00 - 2015-10-31 08:00 - 00003490 _____ C:\Windows\System32\Tasks\win
2015-10-31 08:00 - 2015-10-31 08:00 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\dlg
2015-10-31 08:00 - 2015-10-31 08:00 - 00000000 ____D C:\Program Files (x86)\CinePlus-1.44V31.10
2015-10-31 07:59 - 2015-11-01 18:32 - 00000000 ____D C:\ProgramData\DataFile
2015-10-31 07:58 - 2015-11-01 14:50 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\RunDir
2015-10-31 07:58 - 2015-11-01 14:40 - 00004792 _____ C:\Windows\SysWOW64\Localadsiw.ini
2015-10-31 07:58 - 2015-11-01 14:40 - 00002504 _____ C:\Windows\SysWOW64\LocaladsiwOff.ini
2015-10-31 07:58 - 2015-11-01 14:40 - 00002504 _____ C:\Windows\system32\LocaladsiwOff.ini
2015-10-31 07:58 - 2015-10-31 07:58 - 00003362 _____ C:\Windows\System32\Tasks\Gelomo
2015-10-31 07:58 - 2015-10-31 07:58 - 00000000 ____D C:\Windows\system32\sek
2015-10-31 07:58 - 2015-10-31 07:58 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\ortmp
2015-10-31 07:58 - 2015-10-31 07:58 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\NetService
2015-10-31 07:58 - 2015-10-31 07:58 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\Tempfolder
2015-10-31 07:58 - 2015-10-31 07:31 - 00353640 _____ C:\Windows\system32\Localadsiw64.dll
2015-10-31 07:58 - 2015-10-31 07:30 - 00283496 _____ C:\Windows\SysWOW64\Localadsiw.dll
2015-10-31 07:57 - 2015-11-01 15:01 - 00000000 ____D C:\Program Files\shopperz311020151629
2015-10-31 07:57 - 2015-10-31 07:57 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\LocalLow\Company
2015-10-31 07:57 - 2015-10-31 07:57 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-10-31 07:57 - 2015-10-31 07:57 - 00000000 ____D C:\uninst
2015-10-31 07:56 - 2015-11-04 16:29 - 00000368 _____ C:\Windows\Tasks\DGPUOYA1.job
2015-10-31 07:56 - 2015-10-31 07:56 - 00002890 _____ C:\Windows\System32\Tasks\DGPUOYA1
2015-10-31 07:56 - 2015-10-31 07:56 - 00000000 ____D C:\ProgramData\Service1291
2015-10-31 07:56 - 2015-10-31 07:56 - 00000000 ____D C:\ProgramData\FlashBeat
2015-10-31 07:56 - 2015-10-31 07:56 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-10-31 07:46 - 2015-11-01 14:44 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\DCE8D5F2-1446281210-11E3-BA14-F80F41B551A7
2015-10-31 07:46 - 2013-08-22 06:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-10-31 07:45 - 2015-11-01 13:55 - 00000000 ____D C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7
2015-10-31 07:45 - 2015-10-31 07:45 - 00000000 ____D C:\Users\Shawn&Stacy\Documents\DailyPCClean
2015-10-31 07:44 - 2015-11-01 14:56 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-10-31 07:43 - 2015-11-01 15:22 - 00000158 _____ C:\prefs.js
2015-10-31 07:43 - 2015-10-31 07:43 - 00000000 ____D C:\searchplugins
2015-10-31 07:42 - 2015-11-01 14:39 - 00002976 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-10-31 07:42 - 2015-11-01 14:39 - 00002976 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-10-31 07:42 - 2015-10-31 07:42 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-10-31 07:42 - 2015-10-31 07:42 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-10-31 07:42 - 2015-10-31 07:42 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-10-31 07:39 - 2015-10-31 07:39 - 00000000 ____D C:\Users\Shawn\AppData\Local\KodakGallery
2015-10-31 07:32 - 2015-10-31 07:57 - 00056736 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\cherimoya.sys
2015-10-31 07:16 - 2015-10-31 07:17 - 00003286 _____ C:\Windows\System32\Tasks\SweetLabs App Platform
2015-10-31 07:16 - 2015-10-31 07:16 - 00000000 ____D C:\Users\Shawn\AppData\Local\SweetLabs App Platform
2015-10-28 16:43 - 2015-11-01 20:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-28 16:43 - 2015-10-28 17:11 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-28 16:40 - 2015-10-28 16:40 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-10-26 03:29 - 2015-10-26 03:29 - 00002005 _____ C:\Users\Public\Desktop\abPhoto.lnk
2015-10-22 18:24 - 2015-10-22 18:24 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2015-10-22 18:24 - 2015-10-22 18:24 - 00002028 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-10-22 18:19 - 2015-10-22 18:19 - 00001969 _____ C:\Users\Public\Desktop\abDocs.lnk
2015-10-16 03:24 - 2015-09-18 20:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-16 03:24 - 2015-09-18 06:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-16 03:24 - 2015-09-18 06:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-16 03:24 - 2015-09-18 06:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-16 03:24 - 2015-09-18 06:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-16 03:24 - 2015-09-18 06:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-16 03:24 - 2015-09-18 06:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 07:22 - 2015-10-15 21:51 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-14 07:22 - 2015-10-15 21:51 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 06:52 - 2015-09-29 05:31 - 07457624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 06:52 - 2015-09-29 05:31 - 01658536 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 06:52 - 2015-09-29 05:31 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-14 06:52 - 2015-09-29 05:31 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 06:52 - 2015-09-29 05:31 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-14 06:52 - 2015-09-24 09:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2015-10-14 06:52 - 2015-09-24 09:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-10-14 06:52 - 2015-08-26 19:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 06:52 - 2015-08-26 19:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 06:52 - 2015-08-07 14:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 06:52 - 2015-08-07 14:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 06:52 - 2015-08-07 14:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 06:52 - 2015-08-07 14:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-14 06:52 - 2015-08-07 14:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-14 06:52 - 2015-08-07 07:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 06:52 - 2015-08-06 10:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-10-14 06:52 - 2015-08-06 09:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-10-14 06:52 - 2015-08-06 09:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-10-14 06:52 - 2015-08-06 09:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-10-14 06:51 - 2015-09-29 05:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 06:51 - 2015-09-28 11:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 06:51 - 2015-09-28 11:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-10-14 06:51 - 2015-09-28 11:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 06:51 - 2015-09-28 11:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 06:51 - 2015-09-28 11:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 06:51 - 2015-09-28 11:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 06:51 - 2015-09-28 11:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 06:51 - 2015-09-28 11:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 06:51 - 2015-09-28 11:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 06:51 - 2015-09-28 11:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 06:51 - 2015-09-28 11:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 06:51 - 2015-09-10 11:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 06:51 - 2015-09-10 10:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 06:51 - 2015-09-10 10:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 06:51 - 2015-09-10 10:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 06:51 - 2015-09-10 10:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 06:51 - 2015-09-10 10:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 06:51 - 2015-09-10 10:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 06:51 - 2015-09-10 10:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 06:51 - 2015-09-10 09:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 06:51 - 2015-09-10 09:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 06:51 - 2015-09-10 09:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 06:51 - 2015-09-10 09:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 06:51 - 2015-09-10 09:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 06:51 - 2015-09-10 09:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 06:51 - 2015-09-10 09:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-10-14 06:51 - 2015-09-10 09:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 06:51 - 2015-09-10 09:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 06:51 - 2015-09-10 09:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 06:51 - 2015-09-10 09:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 06:51 - 2015-09-10 09:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 06:51 - 2015-09-10 09:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 06:51 - 2015-09-10 09:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 06:51 - 2015-09-10 09:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 06:51 - 2015-09-10 09:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 06:51 - 2015-09-10 09:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 06:51 - 2015-09-10 09:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 06:51 - 2015-09-10 09:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 06:51 - 2015-09-10 09:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-10-14 06:51 - 2015-09-10 09:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 06:51 - 2015-09-10 08:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 06:51 - 2015-09-10 08:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 06:51 - 2015-09-10 08:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 06:51 - 2015-09-10 08:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 06:51 - 2015-09-10 08:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 06:51 - 2015-09-10 08:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 06:51 - 2015-09-10 08:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 06:51 - 2015-09-10 08:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 06:51 - 2015-09-10 08:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 06:51 - 2015-09-10 08:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 06:51 - 2015-07-16 11:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 06:50 - 2015-08-22 06:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-10 08:04 - 2015-10-10 08:04 - 00000000 ____D C:\Users\Shawn\AppData\Local\Amazon_Services_LLC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 17:02 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-04 16:56 - 2013-09-17 22:55 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-04 16:53 - 2013-08-22 07:46 - 00029079 _____ C:\Windows\setupact.log
2015-11-04 16:46 - 2014-02-21 04:32 - 01238055 _____ C:\Windows\WindowsUpdate.log
2015-11-04 16:39 - 2014-07-03 16:55 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1384006192-1193351791-2402037821-1001
2015-11-04 16:31 - 2014-07-03 16:52 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\clear.fi
2015-11-04 16:29 - 2014-07-03 17:40 - 00000000 __RDO C:\Users\Shawn&Stacy\SkyDrive
2015-11-04 16:27 - 2013-09-17 22:48 - 00060568 _____ C:\Windows\PFRO.log
2015-11-04 16:27 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-03 17:35 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-03 14:29 - 2014-07-05 14:02 - 00000000 ____D C:\Users\Shawn
2015-11-02 07:08 - 2014-02-21 04:48 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-11-01 20:20 - 2014-07-03 16:49 - 00000000 ____D C:\Users\Shawn&Stacy
2015-11-01 19:36 - 2013-09-17 23:47 - 00000000 ____D C:\Windows\Panther
2015-11-01 18:34 - 2014-07-03 16:56 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A89C9A3A-19B4-4FA1-937E-D2CB8095155A}
2015-11-01 18:28 - 2013-08-22 07:44 - 00363320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-01 18:19 - 2014-07-05 15:03 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{644AD842-6A1E-41E8-A61F-A97471BA9E31}
2015-11-01 18:14 - 2014-07-05 14:29 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1384006192-1193351791-2402037821-1004
2015-11-01 18:04 - 2014-07-05 14:25 - 00000000 ____D C:\Users\Shawn\Documents\Bluetooth Folder
2015-11-01 18:03 - 2014-08-09 18:32 - 00000000 ___DO C:\Users\Shawn\OneDrive
2015-11-01 14:48 - 2014-11-24 18:18 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\Skype
2015-11-01 13:54 - 2014-07-03 16:51 - 00000000 ____D C:\Users\Shawn&Stacy\Documents\Bluetooth Folder
2015-10-31 07:58 - 2015-04-16 02:40 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-10-31 07:58 - 2015-04-16 02:39 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-10-31 07:33 - 2014-07-03 16:50 - 00000000 ____D C:\ProgramData\OEM
2015-10-31 07:26 - 2014-07-05 14:25 - 00000000 ____D C:\Users\Shawn\AppData\Local\clear.fi
2015-10-31 07:17 - 2014-07-05 14:02 - 00000000 ____D C:\Users\Shawn\AppData\Local\Pokki
2015-10-31 01:25 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-10-26 03:29 - 2013-09-17 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-10-26 03:28 - 2015-07-22 04:20 - 00003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2015-10-26 03:28 - 2013-09-17 23:42 - 00000000 ___HD C:\OEM
2015-10-25 01:23 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-10-22 19:51 - 2014-12-11 18:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-22 19:51 - 2014-07-13 13:07 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-22 19:40 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-22 18:24 - 2013-09-17 23:02 - 00000000 ____D C:\Program Files (x86)\Acer
2015-10-15 02:50 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-10-14 07:16 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-14 07:00 - 2014-07-05 13:59 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 06:55 - 2014-07-05 13:59 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-10 08:04 - 2015-04-18 06:39 - 00000000 __SHD C:\Users\Shawn\AppData\Local\EmieBrowserModeList
2015-10-10 08:04 - 2014-08-21 06:24 - 00000000 __SHD C:\Users\Shawn\AppData\Local\EmieUserList
2015-10-10 08:04 - 2014-08-21 06:24 - 00000000 __SHD C:\Users\Shawn\AppData\Local\EmieSiteList
2015-10-10 08:02 - 2014-11-27 18:31 - 00000000 __SHD C:\Users\Shawn\AppData\LocalLow\EmieBrowserModeList
2015-10-10 08:02 - 2014-08-21 06:24 - 00000000 __SHD C:\Users\Shawn\AppData\LocalLow\EmieUserList
2015-10-10 08:02 - 2014-08-17 15:46 - 00000000 __SHD C:\Users\Shawn\AppData\LocalLow\EmieSiteList
2015-10-07 04:34 - 2015-04-04 15:09 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-05 19:25 - 2015-04-04 15:09 - 00000000 ___SD C:\Windows\SysWOW64\GWX

==================== Files in the root of some directories =======

2014-09-22 19:15 - 2014-09-22 19:15 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-21 04:57 - 2014-02-21 04:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-03 17:03 - 2014-07-03 17:03 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Shawn&Stacy\AppData\Local\Temp\3564.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\7.8.20.2-EasyShrx.Dll
C:\Users\Shawn&Stacy\AppData\Local\Temp\8202.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct1521.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct22FE.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct269A.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct2E14.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct2E6E.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct3768.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct71DE.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct7239.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct75E8.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct76A7.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct8BB3.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oct927B.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\octB778.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\octB8F7.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\octCA7D.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\octCC39.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\octE914.tmp.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\oprun2973.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Shawn&Stacy\AppData\Local\Temp\SpOrder.dll
C:\Users\Shawn&Stacy\AppData\Local\Temp\UninstallModule.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2015-04-16 02:40] - [2015-10-31 07:58] - 0657920 ____A (Microsoft Corporation) AB885282BC94C27A363E91A1D3CF1354

C:\Windows\SysWOW64\dnsapi.dll
[2015-04-16 02:39] - [2015-10-31 07:58] - 0498688 ____A (Microsoft Corporation) C713C83A39F881353163AC621D2FBEA3

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-24 04:28

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-11-2015
Ran by Shawn&Stacy (2015-11-04 17:03:52)
Running from E:\Stacy PC
Windows 8.1 (X64) (2014-07-03 23:49:52)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1384006192-1193351791-2402037821-500 - Administrator - Disabled)
Guest (S-1-5-21-1384006192-1193351791-2402037821-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1384006192-1193351791-2402037821-1003 - Limited - Enabled)
Shawn (S-1-5-21-1384006192-1193351791-2402037821-1004 - Limited - Enabled) => C:\Users\Shawn
Shawn&Stacy (S-1-5-21-1384006192-1193351791-2402037821-1001 - Administrator - Enabled) => C:\Users\Shawn&Stacy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.05.2001.1 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer PanelOnOff (HKLM-x32\...\{55F2D48B-6022-4722-9B55-47CC4FA7DBD6}) (Version: 1.0.3.822 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.08.2006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.01.3004 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.00.3013 - Acer Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{D32B2CEB-7220-9558-DF92-787B0E715684}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AOL (HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5) (Version: v1.0.3 - Pokki)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.11.2000.2 - Acer Incorporated)
CCScore (x32 Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3323.57 - CyberLink Corp.)
DailyWiki - DailyWiki for Desktop (HKLM-x32\...\DailyWiki) (Version: 5.4.0cm - DailyWiki)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ESSBrwr (x32 Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 7.00.0000.0008 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
fflink (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FlashBeat (HKLM-x32\...\FlashBeat) (Version: - ) <==== ATTENTION
FlextimePlayer1.0.3 (HKLM-x32\...\{AEAC4397-9CE9-4DCE-850C-8E0AF7728DDF}) (Version: 1.0.3 - south-star)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 9.2.0.11 - WildTangent, Inc.)
GamesDesktop 025.005010133 (HKLM-x32\...\gmsd_us_005010133_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Host App Service (HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Pokki) (Version: 0.269.7.698 - Pokki)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcbase (x32 Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.192 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
netbrdg (x32 Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{E142AB79-FD0D-34F7-8D4D-56E78C536467}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OfotoXMI (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Pokki_Start_Menu) (Version: 0.269.7.698 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{BFD96B89-B769-4CD6-B11E-E79FFD46F067}) (Version: 7.4.1.14 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Registry Cleaner version 2.0.0 (HKLM-x32\...\{B3E84B4A-ACDB-4B40-BA8A-5AD2675B8735}_is1) (Version: 2.0.0 - Wasoftware)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
SFR (x32 Version: 7.00.0000.0004 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - ) <==== ATTENTION
skin0001 (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
staticcr (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
tooltips (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VPRINTOL (x32 Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WIRELESS (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

13-10-2015 04:13:32 Scheduled Checkpoint
22-10-2015 19:38:08 Windows Update
31-10-2015 01:27:43 Scheduled Checkpoint
01-11-2015 14:57:47 Removed OnePCOptimizer.
01-11-2015 18:42:35 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02318FF0-DF16-46D3-9A4C-3B1AF3E75C00} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
Task: {064C78EB-8723-446D-AE33-FCAC638EA4E9} - System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6 => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6.exe <==== ATTENTION
Task: {0D1E3881-F144-4D72-8D66-9EB30FEE3687} - System32\Tasks\GoogleUp => C:\Windows\system32\hsysinfo.exe
Task: {10A72AE7-1A25-4DAE-BE5A-37C564FD4554} - System32\Tasks\import => C:\Windows\system32\Mint.exe
Task: {11E3DEA9-8E3A-4D7C-9E8E-765D58B6C675} - System32\Tasks\A282C480-6087-4AB1-A04A-7C7516C6330 => C:\Users\Shawn&Stacy\AppData\Local\A282C480-6087-4AB1-A04A-7C7516C6330\A282C480-6087-4AB1-A04A-7C7516C6330.exe [2015-10-31] () <==== ATTENTION
Task: {17511F17-937C-43E8-8E5D-B2AF1C8179C8} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-07-01] (Acer Incorporated)
Task: {2B0CBDC2-0F0A-423B-891E-BED0825EF3CE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {2B90FF25-DA06-41C1-BC94-412150ECAA58} - System32\Tasks\DGPUOYA1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-09-27] (FlashBeat) <==== ATTENTION
Task: {2DA13C03-D570-453A-870A-0D4855211503} - System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-10_user => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-10.exe <==== ATTENTION
Task: {2F8736E1-91A2-4D76-BD42-D0B88FA53A3D} - System32\Tasks\win => C:\Windows\system32\win.exe
Task: {3A374187-C67C-4EF7-BAC2-1AA82CEDAA48} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {3C6CA005-6220-4BFE-9DB6-F46B194CB55E} - System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5 => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.exe <==== ATTENTION
Task: {4B9D7097-EB42-4502-AE86-9798B9475DDE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {4FC81656-989E-49A3-B41E-E553D23F29DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {51443AFA-5D49-4C0F-A2CB-75042A7EDE56} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.20.2.sxt _RegistrationOffer@16
Task: {6042C362-59D5-4245-AAD6-4DDF8ACE0EFE} - System32\Tasks\Gelomo => C:\PROGRA~1\SHOPPE~1\Uifevfan.bat
Task: {6C05B76E-812C-47A3-9DBB-546574A95880} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-08-12] (Acer Incorporated)
Task: {6CE13A9A-CF04-49E2-AE19-67D7039423E2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {703FE3C1-2E63-4DE7-8E29-E09399DA4143} - System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7 => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7.exe <==== ATTENTION
Task: {74D43DA1-A8B5-4CD8-B706-ACDEBF1D5E28} - System32\Tasks\SweetLabs App Platform => %LOCALAPPDATA%\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {74F4637D-B0CD-4FD7-87B2-E8C3268EC013} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: {78710094-4D08-4701-93AD-98CFE5EE564D} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {7D1E590C-B816-4C65-BBEA-580C1CBB9E29} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-07-01] (Acer Incorporated)
Task: {82CA3464-8725-4207-8B6D-1D9B3FBF3C46} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-08-26] (Acer Incorporated)
Task: {8884467B-CFCC-4E17-964F-6DB84BDB63FD} - System32\Tasks\Installer_smknnodesk => C:\Users\Shawn&Stacy\AppData\Local\Installer\Installsmknnodesk_27399\brakietut_tutbl_setup.exe [2015-11-01] () <==== ATTENTION
Task: {8DD1FD75-546E-4AF8-BB44-02BFD98B11ED} - System32\Tasks\impo => C:\Windows\system32\bs1.exe
Task: {9307E414-2143-40D7-A6C5-861529E57DC6} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-09-10] (Acer Incorporated)
Task: {AD2E9353-B0FB-46BA-9D70-457BC78B7956} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {B4063394-9776-4FAA-ABDF-EE9D892572A9} - System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5_user => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.exe <==== ATTENTION
Task: {BCD4D772-64BF-4C04-AC41-D5F033F40B89} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)
Task: {BF11D8DA-B994-4F42-91F4-08DF5A707577} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {C3DA6889-734A-418E-A830-A911999F1D43} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe
Task: {C8543B43-2872-45EC-BD11-D1602E420070} - System32\Tasks\SPBIW_UpdateTask_Time_313335333032383432342d324a574123346c2a556c2a5a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {CCA551B1-CC04-4C17-8B3C-87CE5ED4A5A0} - System32\Tasks\SecurityApps2 => C:\Program Files (x86)\PC FIX LABS LLC\Smart Security Suite\SecurityApps.exe
Task: {D5F43C43-FC2F-4990-9EDD-A654824AD4B2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-10-15] (Acer)
Task: {D8A618D9-A8F4-4B69-A788-A2A6DAB40297} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {E49C164B-1294-43C0-9318-B08E06A7965F} - System32\Tasks\F6E70F42-AA4B-47A7-9CC8-E592976436A7 => C:\Users\Shawn&Stacy\AppData\Local\F6E70F42-AA4B-47A7-9CC8-E592976436A7\F6E70F42-AA4B-47A7-9CC8-E592976436A7.exe [2015-11-01] () <==== ATTENTION
Task: {F40101A4-305F-40EF-ABF1-51EC9F3DB20C} - System32\Tasks\Inst_Rep => C:\Users\Shawn&Stacy\AppData\Local\Installer\Install_23488\brakietut_tutbl_setup.exe [2015-11-01] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DGPUOYA1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\EasyShare Registration Task.job => C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.20.2.sxt
Task: C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6.job => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7.job => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-10_user.job => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.job => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5_user.job => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-10-31 07:58 - 2015-10-31 07:31 - 00353640 _____ () C:\Windows\system32\Localadsiw64.dll
2015-11-01 14:50 - 2015-09-24 19:19 - 00185800 _____ () C:\Users\Shawn&Stacy\AppData\Local\Crsoft\crsvc.exe
2015-11-01 13:21 - 2015-11-01 13:21 - 00460800 _____ () C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\knsqBC8F.tmp
2015-10-31 07:58 - 2015-07-08 18:26 - 00173088 _____ () C:\Users\Shawn&Stacy\AppData\Roaming\NetService\netservice.exe
2014-02-21 04:46 - 2013-05-08 10:21 - 00220672 _____ () C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe
2015-10-31 07:46 - 2015-10-31 07:46 - 00624640 _____ () C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\hnsl1934.tmp
2013-01-29 13:28 - 2013-01-29 13:28 - 00109024 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-01-29 13:28 - 2013-01-29 13:28 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 00207872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2013-01-29 13:28 - 2013-01-29 13:28 - 00109024 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2015-11-01 19:34 - 2015-11-01 09:19 - 03332784 _____ () C:\Users\Shawn&Stacy\AppData\Local\gmsd_us_005010133\upgmsd_us_005010133.exe
2013-09-25 04:04 - 2013-09-25 04:04 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 04:01 - 2013-09-25 04:01 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 04:08 - 2013-09-25 04:08 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-08-08 17:53 - 2013-08-08 17:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2015-11-01 19:33 - 2015-09-27 23:48 - 07601110 _____ () C:\Users\Public\Documents\windows.exe
2015-09-16 13:58 - 2015-09-16 13:58 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-11-01 19:34 - 2015-11-01 09:19 - 03972784 _____ () C:\Program Files (x86)\gmsd_us_005010133\gmsd_us_005010133.exe
2015-09-16 13:58 - 2015-09-16 13:58 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-10-13 11:38 - 2015-10-13 11:38 - 48673472 _____ () C:\Users\Shawn&Stacy\AppData\Roaming\DailyWiki\DailyWiki.exe
2015-10-15 10:56 - 2015-10-15 10:56 - 00201568 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-10-15 10:56 - 2015-10-15 10:56 - 00118112 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-11-04 16:29 - 2015-11-04 16:29 - 00046080 _____ () C:\Users\Shawn&Stacy\AppData\Local\Temp\_MEI62562\_socket.pyd
2015-11-04 16:29 - 2015-11-04 16:29 - 01160704 _____ () C:\Users\Shawn&Stacy\AppData\Local\Temp\_MEI62562\_ssl.pyd
2015-11-04 16:29 - 2015-11-04 16:29 - 00715264 _____ () C:\Users\Shawn&Stacy\AppData\Local\Temp\_MEI62562\_hashlib.pyd
2015-11-04 16:29 - 2015-11-04 16:29 - 00686080 _____ () C:\Users\Shawn&Stacy\AppData\Local\Temp\_MEI62562\unicodedata.pyd
2015-11-04 16:29 - 2015-11-04 16:29 - 00010240 _____ () C:\Users\Shawn&Stacy\AppData\Local\Temp\_MEI62562\select.pyd
2015-11-04 16:29 - 2015-11-04 16:29 - 00087552 _____ () C:\Users\Shawn&Stacy\AppData\Local\Temp\_MEI62562\_ctypes.pyd
2015-11-04 16:29 - 2015-11-04 16:29 - 00036352 _____ () C:\Users\Shawn&Stacy\AppData\Local\Temp\_MEI62562\_tkinter.pyd
2015-11-04 16:29 - 2015-11-04 16:29 - 00027136 _____ () C:\Users\Shawn&Stacy\AppData\Local\Temp\_MEI62562\pyHook._cpyHook.pyd
2015-11-04 16:29 - 2015-11-04 16:29 - 00110080 _____ () C:\Users\Shawn&Stacy\AppData\Local\Temp\_MEI62562\pywintypes27.dll
2015-11-04 16:29 - 2015-11-04 16:29 - 00358912 _____ () C:\Users\Shawn&Stacy\AppData\Local\Temp\_MEI62562\pythoncom27.dll
2008-05-10 06:33 - 2015-07-25 13:18 - 00403968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
2008-05-10 06:31 - 2015-07-25 13:18 - 00258560 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
2008-05-10 06:28 - 2015-07-25 13:18 - 00354816 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
2008-05-10 06:27 - 2015-07-25 13:19 - 00233472 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2008-05-10 06:46 - 2015-07-25 13:18 - 00232448 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2008-05-10 06:22 - 2015-07-25 13:18 - 00086016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2008-05-10 06:47 - 2015-07-25 13:18 - 00077312 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2008-05-10 06:16 - 2015-07-25 13:18 - 00062464 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 09:05 - 2015-07-25 13:18 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2008-05-10 06:45 - 2015-07-25 13:18 - 00757760 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2008-05-10 07:02 - 2015-07-25 13:18 - 00675840 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2008-05-10 06:35 - 2015-07-25 13:18 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
2008-05-10 06:20 - 2015-07-25 13:18 - 00128512 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
2008-05-10 06:53 - 2015-07-25 13:18 - 01229312 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2008-04-14 14:30 - 2015-07-25 13:19 - 00786432 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
2008-04-21 14:19 - 2015-07-25 13:19 - 00462848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
2008-04-21 14:20 - 2015-07-25 13:19 - 00528384 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
2008-04-11 14:59 - 2015-07-25 13:19 - 00872448 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
2008-04-21 14:19 - 2015-07-25 13:19 - 02236416 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
2008-04-21 14:19 - 2015-07-25 13:19 - 00798720 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
2008-04-21 14:20 - 2015-07-25 13:19 - 01396736 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
2008-04-11 14:59 - 2015-07-25 13:19 - 00159744 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
2008-05-10 06:24 - 2015-07-25 13:18 - 00117760 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2008-05-10 07:02 - 2015-07-25 13:18 - 00171008 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
2008-05-10 06:45 - 2015-07-25 13:18 - 00052224 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2008-05-10 06:43 - 2015-07-25 13:19 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2008-05-10 06:20 - 2015-07-25 13:18 - 00083968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2008-05-10 03:06 - 2015-07-25 13:18 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2008-05-10 07:11 - 2015-07-25 13:18 - 00339968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2008-05-10 07:00 - 2015-07-25 13:18 - 00096256 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2008-05-10 07:02 - 2015-07-25 13:18 - 00311296 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2008-05-10 06:57 - 2015-07-25 13:19 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2008-05-10 07:09 - 2015-07-25 13:18 - 00466944 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
2008-05-10 06:23 - 2015-07-25 13:18 - 00044544 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2015-09-16 13:58 - 2015-09-16 13:58 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-10-26 03:28 - 2015-10-26 03:28 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-09-10 13:51 - 2015-09-10 13:51 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-09-10 13:43 - 2015-09-10 13:43 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\StartupApproved\Run: => "Web Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FDC08722-1CE3-43A7-8B3E-17674C90EDB0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A8C9CC76-CA41-4BA4-B03F-B044DD0B5FD0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9CC9B05E-26EA-4C47-92EA-1A61051A83F3}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{9473A690-5732-45D4-A9FC-CBD01F303A8D}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{E0630D42-2423-4BD5-8275-30BB724CD000}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{7125DF2C-F349-46A6-BC20-267652787EDB}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E81A1461-7AFA-485E-9AE2-9066743AD152}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C1A040C1-4256-4D0C-926B-4F73E66DDBE1}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8E528487-F3E2-49A8-A97F-BC33E24FCEE4}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{9FC500CF-3B73-4B16-ABE2-CFBA7BA412F7}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{C301FC4B-0658-4DC1-8AA7-556450B9EC56}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{202AA06A-6CAB-4B0A-9A0F-5A1596E91CD0}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{4DF5A859-FDA5-481D-BDA4-F2988BCA12BE}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{2C363D1E-609D-4221-A45B-42C9A8B2A4B4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{F9B00CA6-B2DE-43CE-B0A0-2E4BAC248D2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{05FBA20B-1510-44A4-A0AE-A96ADD124E36}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{21CE6F56-3DF7-452D-8E73-ACB38475FE05}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{E00451D0-E4A4-4851-A723-DE33B0A59EA3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{2BAEC749-E316-4D0A-81C9-1029C89B239D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7D869259-8FCE-448C-929A-B2FFE7235083}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{6927FE7F-7D0D-465B-A8BA-0E126FB317D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{EE11B56E-5151-4052-879D-1198ACC5F881}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{C91FC168-FFE3-4B00-ACD8-77397BDFE3C1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{84FEE8CC-56AB-450B-A8B9-1A49B998A713}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{5941C0D1-E490-4A12-A407-836C7776BFF0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{81E4E403-C6D3-45F1-B6EA-950FA4AE87F5}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{0FDA4A0E-0806-4F0F-B676-7B9CECA884FD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{13ABF16F-26B0-4A3E-A47B-6DEF7861595E}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{453C3065-36BA-4C60-8685-1164595A6806}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{B163FF3C-A75A-44DB-A2F5-49788A016FDA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{61E9EBB5-9F1C-4253-B2C9-B4743AA8922B}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{AD8F5E22-A7DC-4909-9677-2267DF0E958E}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{90564819-C985-4928-8902-594999EC63C9}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{DEB90374-0343-48E1-954F-F34EDB20F34A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{5BE3D58C-6C81-4CE7-8DF5-E221213D1EE6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{5F1E1056-A408-4C1F-9AF5-38AEEA62081F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{DEB5EE9B-2E1E-4124-9EF2-8E57AD0B49C1}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{0574559E-471E-470D-8407-A60B89BD7A3F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{04FE7C51-55C8-405A-8BB4-07859D2B3D42}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{2387A4E4-3B7D-4101-9378-41BB69A10223}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{8EDD6D65-D72A-4125-88FC-2F0C8C7E2343}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{A9328F6A-14BF-4C83-A9CD-49BE14D62A58}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{454A4D09-22FB-4AFB-A81F-FBC9F0EFDA8A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{C3B367FC-DAF3-40CD-A31C-D1CA38425D9F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BAD4F667-A4C7-4B33-BB64-4EDA893D4E66}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D77DCB75-4F7B-49B7-8ECB-E5A1499015C5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{6ED13B48-2148-466D-B6AA-1FBD7B86D42E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{DF472A62-FD5F-4B4F-8828-40C647E9D8DC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{67660D8A-D492-49BD-B890-292F416F786B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{9C9AE099-E88A-4694-9322-97140236A6AD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{77269000-9E2F-432E-A13F-DFE672F6CBF5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{56BA2440-0422-45AC-B6F2-C46AFD6BBB40}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{774E5940-B399-46E3-9E5C-ACF52970FA84}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{CFE9977E-04E8-427D-9A43-D923C73E4945}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{7B733AF1-69E1-4753-8FB7-7825147ABA37}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{66F0D8E1-182D-42A9-B956-3989B2EFFD2C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{0AFA1073-D707-4126-8CA1-B8C211DF0911}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D89F6CD8-8381-43AC-8AA6-7B3BFC2A0307}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{610F53C8-A7C2-4245-9F39-DEA757FDEA8D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{CB9CE838-C244-40E9-9B84-A9871A48E596}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{03C6B5D3-A699-404A-8626-37BC5E360A3B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{117B7D51-3FB6-4819-B213-1F37331F29FE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{E0496A87-E2A7-4F70-905C-45C02BFD9ECE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{CF40DE4E-46B8-471B-B938-2AF33032457D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8D64CC98-9423-4FF8-AFD6-D1AA817BBD33}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{AB2ABED2-51E0-4725-AE8F-7D300D0CEB0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{62E42CEA-0600-420C-BC43-48323FA4D665}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7B277605-FD39-4805-8357-36C7634FAF0C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{886E5149-9E3C-4E61-AD4E-09009D2DCB09}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{5C60B1D5-13A4-4689-9692-1150814C14FD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8E26BDB1-A14D-4963-9553-4833094F9249}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6FF37E87-89A4-414B-AF96-32975F185A15}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{03DBE48B-B50F-4714-BA97-3A50A7935A98}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{71E73B3E-E7B2-4D7B-B5C2-DBB70373A181}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6A9421A6-FA6C-443F-B675-5BCFBB031E94}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{299C46BD-7431-4E56-809A-FC714D97ED9B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{ECFF9172-FFBC-4969-B7A4-DEF61B53D3F6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F33FAE1C-3366-4E18-96FC-B0234998151E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{566778AD-29E5-41B8-AE0A-78BA61B158ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{DB0C8778-FD09-4C42-A83A-481F633F5DB4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{1AB2E972-306F-4166-B9E1-E66699F2DC0B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F9965D8E-79E7-4809-943D-E259EE09C4B8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{85F38537-6708-4B6B-BB00-86B761E0F734}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F62EDDA9-44FE-4E4F-8606-1EA5EFD02C5B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{1CEBA387-343B-4CE2-8840-B59594A59A6E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F3C9B635-A375-4BD9-B321-F942B8424830}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{7303311B-FC3D-4DFD-9F0C-D59A41BE90F2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{51AE53E0-61F1-4864-AC19-9F72C253F988}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{03F5E795-4944-479A-AD8C-1B2C30A8853F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{BF70BFAD-B786-4042-BB74-4FBEBDCF1D33}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{D8A8E519-0761-45EF-AA32-2A2D52F5D6A1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{B1A72CC4-84B8-472C-80F4-2F942DD627AC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F461EEA5-01E5-4FB4-976E-405E6C31B0E6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{626A605A-3D65-45DA-A034-AD3F3F34BC21}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F7F2269B-E6D5-4721-A5D1-1765CB851D7C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{FD00FE4E-48E4-4352-B975-89504D1420BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{78DB12C1-261E-4B6B-B24E-742FCCD068BC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{A706ED69-CE81-42F6-A0FC-897412615BA4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C3411C12-EDD5-43DC-843B-35F741B08A66}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1CF671F7-82E6-4D6B-8A5D-8BA86433A28A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E106F08A-0BD0-4E2C-8313-1217C272028D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C7C0C084-0FB3-4210-9FB5-D6DE6D634EDF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4BE1A93F-0CD4-4925-AB12-039D982118DB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C8E84A9E-C1D2-4BFD-89C5-5DBB4C69F3A6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{20FDBB2D-B9CF-4980-8A8F-6FF8A5506CD5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{04C9CAE2-56DF-43A3-9A32-8CF1B3D0C237}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1EA50A95-4DA7-4952-83B6-6E43252AA22B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ABA2CE47-2545-4121-AA0B-FE2F143706D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{25F2F857-D51E-4A8A-A3C8-C461E639B02D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{20BC9CAB-9986-4E48-8A0C-565FC019D9E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{6F5AF227-688B-45C4-A811-60FCF5C29999}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A862BCD2-0FF1-433B-8933-D81D5D3BA206}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0025F073-D5EC-4774-8612-2545A7B5A334}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{76B5E072-A2D3-4C95-BD51-76F099D51E4E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{2E03FB6E-A4FA-47FB-AC97-975CFB4F38FB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9032C42E-5A38-49BF-881D-676A92B725A8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F2272D03-573E-412A-822D-F139B1226407}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1D2EB9BA-7779-4A46-88E2-9DA362DF0F7D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1CB22CFF-53E8-4138-AEB2-0E331E7784A3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{33211C01-5A0E-4A20-88F5-E5C1BEB7A9AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{16DAE5B9-E3D6-45F6-80DD-8A855652E0EF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{69323F96-6C59-4D4F-BF06-D02E9269E839}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A3DFBE88-8A7A-4CA2-9982-91ADF4D96F85}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{90A4E74B-D9E3-465C-BE35-6621A0FD4B5F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5E5AAAC3-4C19-4E19-93A5-1502E067D7EB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{68E027E2-61DE-4766-99CD-A8CB49EFD204}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{3C7411D1-606C-4FBB-8234-027EC658EAE4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1FFE71EB-F8B7-47DF-B105-B92B87619739}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{02E6DF8F-5B79-4384-A54E-4D78B73F3505}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{7341C4A2-2128-4BC1-84DD-77093EB03B27}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{23DAD63D-15AE-42EB-BECD-136B2FF6E8BC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A670BF28-5E94-476A-8707-F856CE18406C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9FE19220-E52A-4F7B-B3A2-2D69654D2A50}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{2BEC4DBB-B753-4B2A-A150-1536F62E0E1A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1FA42D8D-BFA4-4451-A4E1-B881BB676069}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{95800EEE-986B-42DF-B1B5-099AE79956D7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1BFFDCC8-3BFC-475F-8D33-015B29D96E7C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{02194DA1-9AB5-4AEC-8291-F6BB6794DC42}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F9A2F763-E9A2-42C0-8939-356C1B610C72}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1C261352-F8A7-4DE5-B66C-12910B26E47D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7146937E-95DD-484B-93A9-50C65EF07D33}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7FEBBFCE-460F-4C38-9FD0-85AF766B1119}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{024E45A1-5550-493C-8F83-9B53F45FFFEE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A7B78BCF-43FA-4E80-A838-FEF9DA16E6C6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F3A871E7-7569-4762-A9DC-70CD15BA8C96}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B513B862-BEC0-4ED8-A5FA-D0C5C7981BB7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{B0C5F174-50AA-43A9-95B5-6BB78280193C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F2C0A3E8-75AD-410A-ABCB-7798E3FF2E42}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{38F01295-BCB0-4224-8103-8246380EC731}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CC091AF8-6963-4865-8B4D-CBA517245B3F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A6C0B69C-C24A-414F-AD74-D2C2441359BE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ED663DD5-5A60-46F2-AB79-B3B003B0A553}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{FCD53B2C-FD79-41AA-8B38-E28744714A53}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0651F5BA-A002-4821-932E-4F1CBA7712EC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{7D53EE8B-A817-4743-A226-FD71A91D27AA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9B874862-8B7C-4F44-A33C-9AA8667F0A59}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2AAE2669-E12D-44E7-B70D-DA39A4377E34}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{41EF63AF-6B12-4C95-983A-1A0CE5558D68}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{7CA6D470-9E4B-4199-B1C0-15ABAF0B2722}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{12BFA713-448E-4FB1-87BA-70059278582F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{615FD2A4-B496-4909-A46D-35E57EFC6435}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6A127BC7-C0AB-476B-BEDC-377BDE624D71}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{88AED184-DFD1-40EC-B6B0-A9BC4EC1CA70}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C6086823-84A8-4F87-BFFE-B0786A56EC93}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{359B54E1-B798-4CD1-A861-442AEB9DE97C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CA0DF8C6-AE74-4B3F-B7F2-543828AEB300}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{41EAB6F4-05D6-4689-9F7E-759A23383848}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1B0E947D-1F85-40CE-8432-93530CE29317}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BD4B928C-664D-4F90-B7AE-2C3186A4D6DC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{98598C46-F9D0-4537-BF94-C28C5511DF04}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C1D04AD4-DF5F-4AAF-9EDE-2A03CA7F8F21}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DEBE1939-B4D6-43FB-A4E5-4C6384A06AA0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D7E405FA-FCD7-469E-8612-8E9714997783}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B666650D-E46C-4591-93A7-B68BE1397A75}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{69ECE65C-CDAC-47B4-8EA8-BE5264BC35A2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B7C4EB87-F37A-46F2-A048-36D4120F6F23}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{806B0F53-7806-4B46-A0D2-9EB26A505D39}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E3945EB2-1C22-43C8-948F-56D528E41894}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9B3816D1-C0AF-47CC-B4E6-D97382E20FBE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{126318BB-9B47-4496-8F8D-12F7F9BD3488}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A50C592F-2C04-4C5A-B839-C64172A8FE23}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{08CB5100-2E61-4908-8270-07A1C6509E24}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{05C8863A-A219-40A7-8E50-CCA79B78177D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0710B92F-910A-4A4C-A396-5688B523DEFF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{30D04AB3-E532-4AAB-BC6C-6739FFA842DC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C24DFBB0-96AB-4D57-A23F-EBDEBE65EA60}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{67D749A0-A59B-4F36-8B85-DD5DCB688222}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B0D72BDD-C2E1-4B03-B404-9A732A8801BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B2DCE348-9540-4E2B-A662-F927939A5D2B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{18F41886-2915-4A0F-A809-7F4818F3C853}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3FBC5380-F26B-4FF5-9AC9-1B3EF3D23D37}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1C1A961C-B8E3-43B7-8433-8799347FBE7C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{139E4300-A6F8-4039-895D-23C2C3C5586F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{189F6B5F-0028-4AB8-99BA-BD78540450F2}] => (Allow) C:\Users\Shawn&Stacy\AppData\Local\BrowserAir\Application\BrowserAir.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2015 04:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DV.exe, version: 1.0.0.0, time stamp: 0x55e96721
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0xe0434352
Fault offset: 0x00015b68
Faulting process id: 0x910
Faulting application start time: 0xDV.exe0
Faulting application path: DV.exe1
Faulting module path: DV.exe2
Report Id: DV.exe3
Faulting package full name: DV.exe4
Faulting package-relative application ID: DV.exe5

Error: (11/04/2015 04:29:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DV.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at System.Windows.Application.Run()
   at demoforupdaterwindow.App.Main()

Error: (11/04/2015 04:29:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DV.exe, version: 1.0.0.0, time stamp: 0x5628d0db
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0xe0434352
Fault offset: 0x00015b68
Faulting process id: 0x180c
Faulting application start time: 0xDV.exe0
Faulting application path: DV.exe1
Faulting module path: DV.exe2
Report Id: DV.exe3
Faulting package full name: DV.exe4
Faulting package-relative application ID: DV.exe5

Error: (11/04/2015 04:29:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DV.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
Stack:

Server stack trace:
   at System.Runtime.Remoting.Messaging.MethodCall.ResolveMethod(Boolean bThrowIfNotResolved)
   at System.Runtime.Remoting.Messaging.MethodCall..ctor(Object handlerObject, BinaryMethodCallMessage smuggledMsg)
   at System.Runtime.Serialization.Formatters.Binary.BinaryMethodCall.ReadArray(Object[] callA, Object handlerObject)
   at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
   at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
   at System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage(String objectUri, Stream inputStream, Boolean bStrictBinding, TypeFilterLevel securityLevel)
   at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at Microsoft.Shell.SingleInstance`1+IPCRemoteService[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeFirstInstance(System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SignalFirstInstance(System.String, System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InitializeAsFirstInstance(System.String)
   at demoforupdaterwindow.App.Main()

Error: (11/04/2015 04:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0xd04
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5

Error: (11/03/2015 02:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DV.exe, version: 1.0.0.0, time stamp: 0x55e96721
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0xe0434352
Fault offset: 0x00015b68
Faulting process id: 0x6d4
Faulting application start time: 0xDV.exe0
Faulting application path: DV.exe1
Faulting module path: DV.exe2
Report Id: DV.exe3
Faulting package full name: DV.exe4
Faulting package-relative application ID: DV.exe5

Error: (11/03/2015 02:06:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DV.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at System.Windows.Application.Run()
   at demoforupdaterwindow.App.Main()

Error: (11/03/2015 02:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0x1024
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5

Error: (11/03/2015 02:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DV.exe, version: 1.0.0.0, time stamp: 0x5628d0db
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0xe0434352
Fault offset: 0x00015b68
Faulting process id: 0x1074
Faulting application start time: 0xDV.exe0
Faulting application path: DV.exe1
Faulting module path: DV.exe2
Report Id: DV.exe3
Faulting package full name: DV.exe4
Faulting package-relative application ID: DV.exe5

Error: (11/03/2015 02:05:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DV.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
Stack:

System errors:
=============
Error: (11/03/2015 05:34:18 PM) (Source: DCOM) (EventID: 10005) (User: HOMECOMPUTER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/03/2015 05:30:18 PM) (Source: DCOM) (EventID: 10005) (User: HOMECOMPUTER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/03/2015 05:20:18 PM) (Source: DCOM) (EventID: 10005) (User: HOMECOMPUTER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/03/2015 05:10:18 PM) (Source: DCOM) (EventID: 10005) (User: HOMECOMPUTER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/03/2015 05:00:18 PM) (Source: DCOM) (EventID: 10005) (User: HOMECOMPUTER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/03/2015 04:50:18 PM) (Source: DCOM) (EventID: 10005) (User: HOMECOMPUTER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/03/2015 04:40:18 PM) (Source: DCOM) (EventID: 10005) (User: HOMECOMPUTER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/03/2015 04:30:18 PM) (Source: DCOM) (EventID: 10005) (User: HOMECOMPUTER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/03/2015 04:20:18 PM) (Source: DCOM) (EventID: 10005) (User: HOMECOMPUTER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/03/2015 04:10:18 PM) (Source: DCOM) (EventID: 10005) (User: HOMECOMPUTER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

CodeIntegrity:
===================================
Date: 2015-11-01 13:18:28.848
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 13:18:28.396
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 13:14:06.073
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 13:14:05.588
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 13:09:43.292
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 13:09:42.792
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 13:07:16.271
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 13:07:15.818
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 13:05:33.288
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-01 13:05:32.881
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 3516.92 MB
Available physical RAM: 1965.54 MB
Total Virtual: 4668.92 MB
Available Virtual: 2565.42 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.63 GB) (Free:398.14 GB) NTFS
Drive e: (Voyager) (Removable) (Total:15.12 GB) (Free:15.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A96AE5F6)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15.1 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Please let me know if there is anything additional I can provide and thanks in advance,

Rob

#2
Bruce1270

Posted 05 November 2015 - 04:38 PM

Trusted Helper

Malware Removal
1,714 posts

Hello RobkBriggs and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.

Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
I am UK based so there may be a difference in time zones on replies.
Please follow all instructions in the order given.
Please do not install any other software unless advised. This may hinder the removal process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.

Important!

Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

I would strongly recommend you back up your personal data and folders before we begin.

Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

OK. Let's move on.

I need a little time to analyse your logs and will get back to you as soon as possible with a fix.

#3
robkbriggs

Posted 05 November 2015 - 05:44 PM

Member

Topic Starter
Member
152 posts

No worries, I completely understand. Thank you for taking the time to help.

#4
Bruce1270

Posted 07 November 2015 - 02:43 AM

Trusted Helper

Malware Removal
1,714 posts

Hi Robkbriggs

The file dnsapi.dll has been compromised so i would like you to do a search first for this file on your machine.

Step1 - Search for files using FRST

Right click on the file FRST64.exe and select Run as administrator you should see the following screen.
The tool will check for any updates. Allow it to do so until the message tool is ready for use is displayed.
Copy and paste the following into the search box (ignoring the word quote):

dnsapi.dll
Click on the Search Files button.
When the search completes notepad will open and a search report will be displayed on the screen.
Please copy and paste this in your next reply.

#5
robkbriggs

Posted 08 November 2015 - 07:55 PM

Member

Topic Starter
Member
152 posts

Hello,

Below are the results;

Search.txt

Farbar Recovery Scan Tool (x64) Version:04-11-2015

Ran by Shawn&Stacy (2015-11-08 18:37:03)

Running from E:\Stacy PC

Boot Mode: Normal

================== Search Files: "dnsapi.dll" =============

C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll

[2015-04-16 02:39][2014-10-28 18:06] 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930AB [File is digitally signed]

C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_90d9b2b12b50777f\dnsapi.dll

[2014-07-10 11:59][2015-04-24 19:53] 0106819 ____A () 8352637D2731E59DD15E7D8DA9E2A1A0 [File not signed]

C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16423_none_90de9f412b4d9e7f\dnsapi.dll

[2014-07-04 13:30][2014-07-28 20:53] 0084987 ____A () 86CAF33E26CDDF3A2AC01D99456BD74C [File not signed]

C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16384_none_909ebe1d2b7d6255\dnsapi.dll

[2013-08-21 19:55][2014-07-28 20:53] 0088262 ____A () D2075C385F63E652354933ABC969619F [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_8696aea6f6e30ce2\dnsapi.dll

[2015-04-16 02:40][2014-10-28 18:30] 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46A [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_8685085ef6efb584\dnsapi.dll

[2014-07-10 11:59][2015-04-23 06:04] 0150063 ____A () 317AD768649A884ADF8325B18CD77A15 [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16423_none_8689f4eef6ecdc84\dnsapi.dll

[2014-07-04 13:30][2014-07-25 17:23] 0116405 ____A () D97A9913EAA1898611CF0DEFDED34FD4 [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16384_none_864a13caf71ca05a\dnsapi.dll

[2013-08-22 03:06][2014-07-25 17:23] 0115413 ____A () EE6EFF218640DF73E027876E2822ECD7 [File not signed]

C:\Windows\SysWOW64\dnsapi.dll

[2015-04-16 02:39][2015-10-31 07:58] 0498688 ____A (Microsoft Corporation) C713C83A39F881353163AC621D2FBEA3 [File not signed]

C:\Windows\System32\dnsapi.dll

[2015-04-16 02:40][2015-10-31 07:58] 0657920 ____A (Microsoft Corporation) AB885282BC94C27A363E91A1D3CF1354 [File not signed]

====

#6
Bruce1270

Posted 10 November 2015 - 04:24 PM

Trusted Helper

Malware Removal
1,714 posts

Hi RobkBriggs

I haven't forgotten about you. I have a fix awaiting approval with my instructor but they are unavailable at present - we are all volunteers.

As soon as it's ready I'll get back to you.

Thanks

#7
robkbriggs

Posted 10 November 2015 - 04:43 PM

Member

Topic Starter
Member
152 posts

No worries,

I understand that you are volunteers, so I am appreciative of whatever time you can spend on this.

#8
Bruce1270

Posted 11 November 2015 - 01:54 PM

Trusted Helper

Malware Removal
1,714 posts

Hi Robkbriggs

Thanks for the information.

First a bit of advice

Without knowing the full extent of what the bogus technician was doing there is a high risk to your system. I would recommend.

Disconnect this machine from the internet.
Change your online passwords from a well-known clean computer (not this one!).
It would be also wise to inform financial institutions about your situation -See Here.

Many experts believe that the best action should be reformat and reinstall.
If you plan to rather reinstall your system, let me know if I could provide any help during that procedure.
If you wish to omit the reinstallation, just please proceed with the next steps.

Step1 - Move FRST to the Desktop

I noticed that you run FRST64.exe from a removable Drive. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then go to Desktop, right-click any free space and click Paste. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from.

Step2 - Remove unwanted programs

Please uninstall the following unwanted programs:

Acer Games
AOL
FlashBeat
GamesDesktop 025.005010133
Host App Service
Pokki Start Menu
Registry Cleaner version 2.0.0
Setup
Shopper-Pro

Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the top-right corner of the screen, move the mouse pointer down, then click Search.)
Enter control panel in the search box, then tap or click Control Panel.
Under View by:, select Large Icons, then tap or click Programs and features.
Tap or click the program, then tap or click Uninstall.
Follow the instructions on screen.
Repeat the above steps for all the other programs to remove.

Step3 - FRST fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop. fixlist.txt 18.5KB 273 downloads
Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

Things for your next post:
Any issues with uninstalling the programs?
fixlog.txt
How is the computer running now?

#9
robkbriggs

Posted 11 November 2015 - 04:13 PM

Member

Topic Starter
Member
152 posts

I will ask the user if she would prefer to reformat the PC, but for right now I would like to continue along the path of getting it cleaned. She had mentioned trying to updated it to Windows 10, and I don't think she would lose much off of it. However, I would rather not do it without her consent. One thing I would be concerned with it losing pre-installed programs that she might not have back up or restore disks for.

I have moved FRST64.exe to the desktop. The PC has been disconnected from the internet since it was brought to me, thus why everything is being transferred via USB Drive.

Program Unistallation;

Acer Games - It gave a message that the program had already been uninstalled.

AOL - Uninstalled without incident.
FlashBeat - Says uninstall was completed, however the program remains in the programs and features list.

GamesDesktop 025.005010133 - Uninstalled without incident.
Host App Service - Uninstalled without incident.
Pokki Start Menu - Was no longer listed after uninstalling host app service.
Registry Cleaner version 2.0.0 - Uninstall hung for a very long time with no activity. after a reboot was still listed. Seemed to uninstall fine after a reboot.
Setup - Was not listed.
Shopper-Pro - Message reads the uninstall process has been interrupted, possibly by a conflicting process or lack of internet connection.

Should I go ahead and run the script, or should we try to get these programs off the PC first? I have also noticed two messages that come up upon reboot. Would you like me to include them or a screen shot of them?

#10
Bruce1270

Posted 11 November 2015 - 04:18 PM

Trusted Helper

Malware Removal
1,714 posts

Hi RobkBriggs

Go ahead and run the script.

After you have ran the script and the system rebooted, if the messages still persist then please post screenshots.

#11
robkbriggs

Posted 11 November 2015 - 05:12 PM

Member

Topic Starter
Member
152 posts

Hello,

I ran the fix, here is the frstlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:04-11-2015

Ran by Shawn&Stacy (2015-11-11 15:39:43) Run:1

Running from C:\Users\Shawn&Stacy\Desktop

Loaded Profiles: Shawn&Stacy (Available Profiles: Shawn&Stacy & Shawn & Guest)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

() C:\Users\Shawn&Stacy\AppData\Local\Crsoft\crsvc.exe

() C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\knsqBC8F.tmp

() C:\Users\Shawn&Stacy\AppData\Roaming\NetService\netservice.exe

() C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\hnsl1934.tmp

(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe

(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe

() C:\Users\Shawn&Stacy\AppData\Local\gmsd_us_005010133\upgmsd_us_005010133.exe

() C:\Users\Public\Documents\windows.exe

() C:\Program Files (x86)\gmsd_us_005010133\gmsd_us_005010133.exe

() C:\Users\Shawn&Stacy\AppData\Roaming\DailyWiki\DailyWiki.exe

HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"

HKLM-x32\...\Run: [gmsd_us_005010132] => [X]

HKLM-x32\...\Run: [gmsd_us_005010133] => C:\Program Files (x86)\gmsd_us_005010133\gmsd_us_005010133.exe [3972784 2015-11-01] ()

HKLM-x32\...\Run: [DailyWiki] => C:\Users\Shawn&Stacy\AppData\Roaming\DailyWiki\DailyWiki.exe [48673472 2015-10-13] ()

HKLM-x32\...\RunOnce: [upgmsd_us_005010133.exe] => C:\Users\Shawn&Stacy\AppData\Local\gmsd_us_005010133\upgmsd_us_005010133.exe [3332784 2015-11-01] ()

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [DV] => C:\ProgramData\DataFile\Downloads\DV.exe [277504 2015-09-04] ()

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [Wixkv] => C:\ProgramData\DataFile\DV.exe [283648 2015-11-01] ()

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [7601110 2015-09-27] ()

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Policies\Explorer: [NoLogOff] 0

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\MountPoints2: {d7cfe58a-9aea-11e3-8250-806e6f6e6963} - "D:\Setup.exe"

AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [989696 2015-09-27] (FlashBeat)

AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [755200 2015-09-27] (FlashBeat)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=sunadusv3&uid=S2ANG3CL_ST500DM002-1BD142&tm=1446414608

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=sunadusv3&uid=S2ANG3CL_ST500DM002-1BD142&tm=1446414608

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=sunadusv3&uid=S2ANG3CL_ST500DM002-1BD142&tm=1446414608

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> DefaultScope {FC657D0B-7E98-44D7-B45D-496A95A05471} URL = hxxp://www-searching.com/search.aspx?s=FB1ztutbl011,27728558-f312-4ba6-87db-f8177ba16063&site=shyosie&prd=set&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {30E9E740-D162-11E4-8278-28E347809B30} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {7817E5E7-AA31-11E4-8273-28E347809B30} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {FC657D0B-7E98-44D7-B45D-496A95A05471} URL = hxxp://www-searching.com/search.aspx?s=FB1ztutbl011,27728558-f312-4ba6-87db-f8177ba16063&site=shyosie&prd=set&q={searchTerms}

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.tohotweb.com?oem=sunadusv3&uid=S2ANG3CL_ST500DM002-1BD142&tm=1446414608

FF HKLM\...\Firefox\Extensions: [{9DBE6922-419B-4936-84AE-4D1FE3A06BAC}] - C:\Program Files\shopperz311020151629\Firefox\{9DBE6922-419B-4936-84AE-4D1FE3A06BAC}.xpi => not found

FF HKLM-x32\...\Firefox\Extensions: [{9DBE6922-419B-4936-84AE-4D1FE3A06BAC}] - C:\Program Files\shopperz311020151629\Firefox\{9DBE6922-419B-4936-84AE-4D1FE3A06BAC}.xpi => not found

R2 Crashhd; C:\Users\Shawn&Stacy\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] () [File not signed]

R2 jofoqyze; C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\knsqBC8F.tmp [460800 2015-11-01] () [File not signed]

R2 NetTcpHandler; C:\Users\Shawn&Stacy\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] () [File not signed]

R2 qymylofy; C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\hnsl1934.tmp [624640 2015-10-31] () [File not signed]

R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-10-27] (ShopperPro)

R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56736 2015-10-31] (Windows ® Win 7 DDK provider)

R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-10-27] ()

R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

S1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]

2015-11-01 19:34 - 2015-11-04 16:32 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\gmsd_us_005010133

2015-11-01 19:33 - 2015-11-04 16:30 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\DailyWiki

2015-11-01 19:33 - 2015-11-01 19:34 - 00001360 _____ C:\Windows\unins000.dat

2015-11-01 19:33 - 2015-11-01 19:33 - 00929953 _____ C:\Windows\unins000.exe

2015-11-01 19:33 - 2015-11-01 19:33 - 00004272 _____ C:\Windows\System32\Tasks\F6E70F42-AA4B-47A7-9CC8-E592976436A7

2015-11-01 19:33 - 2015-11-01 19:33 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DailyWiki

2015-11-01 19:33 - 2015-11-01 19:33 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\DailyWiki

2015-11-01 19:33 - 2015-11-01 19:33 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\F6E70F42-AA4B-47A7-9CC8-E592976436A7

2015-11-01 19:33 - 2015-11-01 19:33 - 00000000 ____D C:\Program Files (x86)\MyRegCleaner

2015-11-01 19:33 - 2015-11-01 19:33 - 00000000 ____D C:\Program Files (x86)\CinePlus-1.44V01.11

2015-11-01 19:33 - 2015-09-27 23:48 - 07601110 _____ C:\Users\Public\Documents\windows.exe

2015-11-01 18:07 - 2015-11-01 18:21 - 00000000 ____D C:\Users\Shawn\AppData\Local\WebBar

2015-11-01 18:04 - 2015-11-01 18:04 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\PCAcceleratePro

2015-11-01 18:04 - 2015-11-01 18:04 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\InstantSupport

2015-11-01 15:17 - 2015-11-01 15:17 - 00000008 _____ C:\END

2015-11-01 15:14 - 2015-11-01 18:32 - 00003790 _____ C:\Windows\System32\Tasks\SecurityApps2

2015-11-01 15:13 - 2015-11-01 19:34 - 00000000 ____D C:\Program Files (x86)\gmsd_us_005010133

2015-11-01 15:13 - 2015-11-01 15:13 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader

2015-11-01 14:50 - 2015-11-01 14:50 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\shortCutStore

2015-11-01 14:50 - 2015-11-01 14:50 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\Crsoft

2015-11-01 14:45 - 2015-11-01 14:45 - 00000000 ____D C:\ProgramData\Radio

2015-11-01 13:48 - 2015-11-01 13:48 - 00002393 _____ C:\Users\Shawn&Stacy\Desktop\BrowserAir.lnk

2015-11-01 13:48 - 2015-11-01 13:48 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir

2015-11-01 13:47 - 2015-11-01 13:48 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\BrowserAir

2015-11-01 13:47 - 2015-11-01 13:47 - 00004282 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_313335333032383432342d324a574123346c2a556c2a5a

2015-11-01 13:47 - 2015-11-01 13:47 - 00000000 ____D C:\ProgramData\ShopperPro

2015-11-01 13:46 - 2015-11-01 13:47 - 00000000 ____D C:\Program Files\Common Files\ShopperPro

2015-11-01 13:46 - 2015-11-01 13:47 - 00000000 ____D C:\Program Files (x86)\ShopperPro

2015-11-01 13:46 - 2015-11-01 13:46 - 00004430 _____ C:\Windows\System32\Tasks\Installer_smknnodesk

2015-11-01 13:46 - 2015-11-01 13:46 - 00000000 ____D C:\Users\Public\Documents\ShopperPro

2015-11-01 11:55 - 2015-11-01 11:55 - 00000000 ____D C:\Users\Shawn\AppData\Local\TVTime

2015-11-01 11:54 - 2015-11-01 11:54 - 00000000 ____D C:\ProgramData\Browser

2015-10-31 08:04 - 2015-11-04 16:34 - 00000000 ____D C:\ProgramData\Ruwsiawi

2015-10-31 08:02 - 2015-10-31 08:02 - 00000000 ____D C:\Program Files (x86)\Crossbrowse

2015-10-31 08:01 - 2015-10-31 08:01 - 00004228 _____ C:\Windows\System32\Tasks\A282C480-6087-4AB1-A04A-7C7516C6330

2015-10-31 08:01 - 2015-10-31 08:01 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\A282C480-6087-4AB1-A04A-7C7516C6330

C:\Windows\Tasks\f52*.job

2015-10-31 08:00 - 2015-10-31 08:00 - 00006184 _____ C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7

2015-10-31 08:00 - 2015-10-31 08:00 - 00006184 _____ C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6

2015-10-31 08:00 - 2015-10-31 08:00 - 00005492 _____ C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5

2015-10-31 08:00 - 2015-10-31 08:00 - 00003620 _____ C:\Windows\System32\Tasks\GoogleUp

2015-10-31 08:00 - 2015-10-31 08:00 - 00003612 _____ C:\Windows\System32\Tasks\import

2015-10-31 08:00 - 2015-10-31 08:00 - 00003610 _____ C:\Windows\System32\Tasks\impo

2015-10-31 08:00 - 2015-10-31 08:00 - 00003502 _____ C:\Windows\System32\Tasks\Googleuptodate

2015-10-31 08:00 - 2015-10-31 08:00 - 00003494 _____ C:\Windows\System32\Tasks\MyDailyBackup

2015-10-31 08:00 - 2015-10-31 08:00 - 00003490 _____ C:\Windows\System32\Tasks\win

2015-10-31 08:00 - 2015-10-31 08:00 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\dlg

2015-10-31 08:00 - 2015-10-31 08:00 - 00000000 ____D C:\Program Files (x86)\CinePlus-1.44V31.10

2015-10-31 07:59 - 2015-11-01 18:32 - 00000000 ____D C:\ProgramData\DataFile

2015-10-31 07:58 - 2015-11-01 14:50 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\RunDir

2015-10-31 07:58 - 2015-11-01 14:40 - 00004792 _____ C:\Windows\SysWOW64\Localadsiw.ini

2015-10-31 07:58 - 2015-11-01 14:40 - 00002504 _____ C:\Windows\SysWOW64\LocaladsiwOff.ini

2015-10-31 07:58 - 2015-11-01 14:40 - 00002504 _____ C:\Windows\system32\LocaladsiwOff.ini

2015-10-31 07:58 - 2015-10-31 07:58 - 00003362 _____ C:\Windows\System32\Tasks\Gelomo

2015-10-31 07:58 - 2015-10-31 07:58 - 00000000 ____D C:\Windows\system32\sek

2015-10-31 07:58 - 2015-10-31 07:58 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\ortmp

2015-10-31 07:58 - 2015-10-31 07:58 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\NetService

2015-10-31 07:58 - 2015-10-31 07:58 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\Tempfolder

2015-10-31 07:58 - 2015-10-31 07:31 - 00353640 _____ C:\Windows\system32\Localadsiw64.dll

2015-10-31 07:58 - 2015-10-31 07:30 - 00283496 _____ C:\Windows\SysWOW64\Localadsiw.dll

2015-10-31 07:57 - 2015-11-01 15:01 - 00000000 ____D C:\Program Files\shopperz311020151629

2015-10-31 07:57 - 2015-10-31 07:57 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\LocalLow\Company

2015-10-31 07:57 - 2015-10-31 07:57 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}

2015-10-31 07:57 - 2015-10-31 07:57 - 00000000 ____D C:\uninst

2015-10-31 07:56 - 2015-11-04 16:29 - 00000368 _____ C:\Windows\Tasks\DGPUOYA1.job

2015-10-31 07:56 - 2015-10-31 07:56 - 00002890 _____ C:\Windows\System32\Tasks\DGPUOYA1

2015-10-31 07:56 - 2015-10-31 07:56 - 00000000 ____D C:\ProgramData\Service1291

2015-10-31 07:56 - 2015-10-31 07:56 - 00000000 ____D C:\ProgramData\FlashBeat

2015-10-31 07:56 - 2015-10-31 07:56 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e

2015-10-31 07:46 - 2015-11-01 14:44 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\DCE8D5F2-1446281210-11E3-BA14-F80F41B551A7

2015-10-31 07:45 - 2015-11-01 13:55 - 00000000 ____D C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7

2015-10-31 07:45 - 2015-10-31 07:45 - 00000000 ____D C:\Users\Shawn&Stacy\Documents\DailyPCClean

2015-10-31 07:44 - 2015-11-01 14:56 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support

2015-10-31 07:43 - 2015-11-01 15:22 - 00000158 _____ C:\prefs.js

2015-10-31 07:43 - 2015-10-31 07:43 - 00000000 ____D C:\searchplugins

2015-10-31 07:42 - 2015-11-01 14:39 - 00002976 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini

2015-10-31 07:42 - 2015-11-01 14:39 - 00002976 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini

2015-10-31 07:42 - 2015-10-31 07:42 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll

2015-10-31 07:42 - 2015-10-31 07:42 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll

2015-10-31 07:42 - 2015-10-31 07:42 - 00000000 ____D C:\Program Files (x86)\Lavasoft

2015-10-31 07:32 - 2015-10-31 07:57 - 00056736 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\cherimoya.sys

2015-10-31 07:16 - 2015-10-31 07:17 - 00003286 _____ C:\Windows\System32\Tasks\SweetLabs App Platform

2015-10-31 07:16 - 2015-10-31 07:16 - 00000000 ____D C:\Users\Shawn\AppData\Local\SweetLabs App Platform

2015-10-31 07:17 - 2014-07-05 14:02 - 00000000 ____D C:\Users\Shawn\AppData\Local\Pokki

2014-02-21 04:57 - 2014-02-21 04:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Task: {02318FF0-DF16-46D3-9A4C-3B1AF3E75C00} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION

Task: {064C78EB-8723-446D-AE33-FCAC638EA4E9} - System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6 => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6.exe <==== ATTENTION

Task: {11E3DEA9-8E3A-4D7C-9E8E-765D58B6C675} - System32\Tasks\A282C480-6087-4AB1-A04A-7C7516C6330 => C:\Users\Shawn&Stacy\AppData\Local\A282C480-6087-4AB1-A04A-7C7516C6330\A282C480-6087-4AB1-A04A-7C7516C6330.exe [2015-10-31] () <==== ATTENTION

Task: {0D1E3881-F144-4D72-8D66-9EB30FEE3687} - System32\Tasks\GoogleUp => C:\Windows\system32\hsysinfo.exe

Task: {10A72AE7-1A25-4DAE-BE5A-37C564FD4554} - System32\Tasks\import => C:\Windows\system32\Mint.exe

Task: {2B90FF25-DA06-41C1-BC94-412150ECAA58} - System32\Tasks\DGPUOYA1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-09-27] (FlashBeat) <==== ATTENTION

Task: {2DA13C03-D570-453A-870A-0D4855211503} - System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-10_user => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-10.exe <==== ATTENTION

Task: {2F8736E1-91A2-4D76-BD42-D0B88FA53A3D} - System32\Tasks\win => C:\Windows\system32\win.exe

Task: {3C6CA005-6220-4BFE-9DB6-F46B194CB55E} - System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5 => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.exe <==== ATTENTION

Task: {6042C362-59D5-4245-AAD6-4DDF8ACE0EFE} - System32\Tasks\Gelomo => C:\PROGRA~1\SHOPPE~1\Uifevfan.bat

Task: {703FE3C1-2E63-4DE7-8E29-E09399DA4143} - System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7 => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7.exe <==== ATTENTION

Task: {74D43DA1-A8B5-4CD8-B706-ACDEBF1D5E28} - System32\Tasks\SweetLabs App Platform => %LOCALAPPDATA%\Pokki\Engine\ServiceHostAppUpdater.exe

ask: {8884467B-CFCC-4E17-964F-6DB84BDB63FD} - System32\Tasks\Installer_smknnodesk => C:\Users\Shawn&Stacy\AppData\Local\Installer\Installsmknnodesk_27399\brakietut_tutbl_setup.exe [2015-11-01] () <==== ATTENTION

Task: {8DD1FD75-546E-4AF8-BB44-02BFD98B11ED} - System32\Tasks\impo => C:\Windows\system32\bs1.exe

Task: {B4063394-9776-4FAA-ABDF-EE9D892572A9} - System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5_user => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.exe <==== ATTENTION

Task: {C3DA6889-734A-418E-A830-A911999F1D43} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe

Task: {C8543B43-2872-45EC-BD11-D1602E420070} - System32\Tasks\SPBIW_UpdateTask_Time_313335333032383432342d324a574123346c2a556c2a5a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION

Task: {E49C164B-1294-43C0-9318-B08E06A7965F} - System32\Tasks\F6E70F42-AA4B-47A7-9CC8-E592976436A7 => C:\Users\Shawn&Stacy\AppData\Local\F6E70F42-AA4B-47A7-9CC8-E592976436A7\F6E70F42-AA4B-47A7-9CC8-E592976436A7.exe [2015-11-01] () <==== ATTENTION

Task: {F40101A4-305F-40EF-ABF1-51EC9F3DB20C} - System32\Tasks\Inst_Rep => C:\Users\Shawn&Stacy\AppData\Local\Installer\Install_23488\brakietut_tutbl_setup.exe [2015-11-01] () <==== ATTENTION

Task: C:\Windows\Tasks\DGPUOYA1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION

Task: C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6.job => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6.exe <==== ATTENTION

Task: C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7.job => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7.exe <==== ATTENTION

Task: C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-10_user.job => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-10.exe <==== ATTENTION

Task: C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.job => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.exe <==== ATTENTION

Task: C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5_user.job => C:\Program Files (x86)\CinePlus-1.44V31.10\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.exe <==== ATTENTION

Task: {CCA551B1-CC04-4C17-8B3C-87CE5ED4A5A0} - System32\Tasks\SecurityApps2 => C:\Program Files (x86)\PC FIX LABS LLC\Smart Security Suite\SecurityApps.exe

D:\Setup.exe

C:\Program Files (x86)\PC FIX LABS LLC

C:\Program Files\SpaceSoundPro

CMD: sfc /scanfile=c:\windows\system32\dnsapi.dll

CMD: sfc /scanfile=c:\windows\syswow64\dnsapi.dll

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

CMD: netsh winsock reset

Hosts:

EmptyTemp:

*****************

Restore point was successfully created.

[1916] C:\Users\Shawn&Stacy\AppData\Local\Crsoft\crsvc.exe => process closed successfully.

[2008] C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\knsqBC8F.tmp => process closed successfully.

[2148] C:\Users\Shawn&Stacy\AppData\Roaming\NetService\netservice.exe => process closed successfully.

[2248] C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\hnsl1934.tmp => process closed successfully.

[2804] C:\Program Files\Common Files\ShopperPro\spbiu.exe => process closed successfully.

[5348] C:\ProgramData\FlashBeat\FlashBeat.exe => process closed successfully.

C:\Users\Shawn&Stacy\AppData\Local\gmsd_us_005010133\upgmsd_us_005010133.exe => No running process found

[6452] C:\Users\Public\Documents\windows.exe => process closed successfully.

C:\Program Files (x86)\gmsd_us_005010133\gmsd_us_005010133.exe => No running process found

[6428] C:\Users\Shawn&Stacy\AppData\Roaming\DailyWiki\DailyWiki.exe => process closed successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpaceSoundPro => value removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010132 => value removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010133 => value removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DailyWiki => value removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_us_005010133.exe => value not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DV => value removed successfully

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Wixkv => value removed successfully

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Application => value removed successfully

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogOff => value removed successfully

"HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7cfe58a-9aea-11e3-8250-806e6f6e6963}" => key removed successfully

HKCR\CLSID\{d7cfe58a-9aea-11e3-8250-806e6f6e6963} => key not found.

"C:\ProgramData\FlashBeat\FlashBeat64.dll" => Value data removed successfully.

"C:\ProgramData\FlashBeat\FlashBeat32.dll" => Value data removed successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully

HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully

HKCR\Wow6432Node\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found.

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

"HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30E9E740-D162-11E4-8278-28E347809B30}" => key removed successfully

HKCR\CLSID\{30E9E740-D162-11E4-8278-28E347809B30} => key not found.

"HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7817E5E7-AA31-11E4-8273-28E347809B30}" => key removed successfully

HKCR\CLSID\{7817E5E7-AA31-11E4-8273-28E347809B30} => key not found.

"HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully

HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found.

"HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC657D0B-7E98-44D7-B45D-496A95A05471}" => key removed successfully

HKCR\CLSID\{FC657D0B-7E98-44D7-B45D-496A95A05471} => key not found.

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully

HKLM\Software\Mozilla\Firefox\Extensions\\{9DBE6922-419B-4936-84AE-4D1FE3A06BAC} => value removed successfully

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{9DBE6922-419B-4936-84AE-4D1FE3A06BAC} => value removed successfully

Crashhd => service removed successfully

jofoqyze => service removed successfully

NetTcpHandler => service removed successfully

qymylofy => service removed successfully

SPBIUpd => service removed successfully

cherimoya => Unable to stop service.

cherimoya => service removed successfully

SPBIUpdd => Unable to stop service.

SPBIUpdd => service removed successfully

cpuz136 => Unable to stop service.

cpuz136 => service removed successfully

swsedrvr_vw_1_10_0_25 => service removed successfully

"C:\Users\Shawn&Stacy\AppData\Local\gmsd_us_005010133" => not found.

C:\Users\Shawn&Stacy\AppData\Local\DailyWiki => moved successfully

"C:\Windows\unins000.dat" => not found.

"C:\Windows\unins000.exe" => not found.

C:\Windows\System32\Tasks\F6E70F42-AA4B-47A7-9CC8-E592976436A7 => moved successfully

C:\Users\Shawn&Stacy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DailyWiki => moved successfully

C:\Users\Shawn&Stacy\AppData\Roaming\DailyWiki => moved successfully

C:\Users\Shawn&Stacy\AppData\Local\F6E70F42-AA4B-47A7-9CC8-E592976436A7 => moved successfully

"C:\Program Files (x86)\MyRegCleaner" => not found.

C:\Program Files (x86)\CinePlus-1.44V01.11 => moved successfully

Could not move "C:\Users\Public\Documents\windows.exe" => Scheduled to move on reboot.

C:\Users\Shawn\AppData\Local\WebBar => moved successfully

C:\Users\Shawn\AppData\Roaming\PCAcceleratePro => moved successfully

C:\Users\Shawn\AppData\Roaming\InstantSupport => moved successfully

C:\END => moved successfully

C:\Windows\System32\Tasks\SecurityApps2 => moved successfully

"C:\Program Files (x86)\gmsd_us_005010133" => not found.

C:\Program Files (x86)\PCAPDownloader => moved successfully

C:\Users\Shawn&Stacy\AppData\Roaming\shortCutStore => moved successfully

C:\Users\Shawn&Stacy\AppData\Local\Crsoft => moved successfully

C:\ProgramData\Radio => moved successfully

C:\Users\Shawn&Stacy\Desktop\BrowserAir.lnk => moved successfully

C:\Users\Shawn&Stacy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir => moved successfully

C:\Users\Shawn&Stacy\AppData\Local\BrowserAir => moved successfully

C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_313335333032383432342d324a574123346c2a556c2a5a => moved successfully

C:\ProgramData\ShopperPro => moved successfully

C:\Program Files\Common Files\ShopperPro => moved successfully

C:\Program Files (x86)\ShopperPro => moved successfully

C:\Windows\System32\Tasks\Installer_smknnodesk => moved successfully

C:\Users\Public\Documents\ShopperPro => moved successfully

C:\Users\Shawn\AppData\Local\TVTime => moved successfully

C:\ProgramData\Browser => moved successfully

C:\ProgramData\Ruwsiawi => moved successfully

C:\Program Files (x86)\Crossbrowse => moved successfully

C:\Windows\System32\Tasks\A282C480-6087-4AB1-A04A-7C7516C6330 => moved successfully

C:\Users\Shawn&Stacy\AppData\Local\A282C480-6087-4AB1-A04A-7C7516C6330 => moved successfully

=========== "C:\Windows\Tasks\f52*.job" ==========

C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6.job => moved successfully

C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7.job => moved successfully

C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-10_user.job => moved successfully

C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.job => moved successfully

C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5_user.job => moved successfully

========= End -> "C:\Windows\Tasks\f52*.job" ========

C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7 => moved successfully

C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6 => moved successfully

C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5 => moved successfully

C:\Windows\System32\Tasks\GoogleUp => moved successfully

C:\Windows\System32\Tasks\import => moved successfully

C:\Windows\System32\Tasks\impo => moved successfully

C:\Windows\System32\Tasks\Googleuptodate => moved successfully

C:\Windows\System32\Tasks\MyDailyBackup => moved successfully

C:\Windows\System32\Tasks\win => moved successfully

C:\Users\Shawn&Stacy\AppData\Roaming\dlg => moved successfully

C:\Program Files (x86)\CinePlus-1.44V31.10 => moved successfully

C:\ProgramData\DataFile => moved successfully

C:\Users\Shawn&Stacy\AppData\Roaming\RunDir => moved successfully

C:\Windows\SysWOW64\Localadsiw.ini => moved successfully

C:\Windows\SysWOW64\LocaladsiwOff.ini => moved successfully

C:\Windows\system32\LocaladsiwOff.ini => moved successfully

C:\Windows\System32\Tasks\Gelomo => moved successfully

C:\Windows\system32\sek => moved successfully

C:\Users\Shawn&Stacy\AppData\Roaming\ortmp => moved successfully

C:\Users\Shawn&Stacy\AppData\Roaming\NetService => moved successfully

C:\Users\Shawn&Stacy\AppData\Local\Tempfolder => moved successfully

C:\Windows\system32\Localadsiw64.dll => moved successfully

C:\Windows\SysWOW64\Localadsiw.dll => moved successfully

C:\Program Files\shopperz311020151629 => moved successfully

C:\Users\Shawn&Stacy\AppData\LocalLow\Company => moved successfully

C:\Users\Shawn&Stacy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} => moved successfully

C:\uninst => moved successfully

C:\Windows\Tasks\DGPUOYA1.job => moved successfully

C:\Windows\System32\Tasks\DGPUOYA1 => moved successfully

C:\ProgramData\Service1291 => moved successfully

"C:\ProgramData\FlashBeat" folder move:

Could not move "C:\ProgramData\FlashBeat" => Scheduled to move on reboot.

C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully

C:\Users\Shawn&Stacy\AppData\Local\DCE8D5F2-1446281210-11E3-BA14-F80F41B551A7 => moved successfully

C:\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7 => moved successfully

C:\Users\Shawn&Stacy\Documents\DailyPCClean => moved successfully

C:\Program Files (x86)\DailyPcClean Support => moved successfully

C:\prefs.js => moved successfully

C:\searchplugins => moved successfully

C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini => moved successfully

C:\Windows\system32\LavasoftTcpServiceOff.ini => moved successfully

C:\Windows\system32\LavasoftTcpService64.dll => moved successfully

C:\Windows\SysWOW64\LavasoftTcpService.dll => moved successfully

C:\Program Files (x86)\Lavasoft => moved successfully

C:\Windows\system32\Drivers\cherimoya.sys => moved successfully

C:\Windows\System32\Tasks\SweetLabs App Platform => moved successfully

C:\Users\Shawn\AppData\Local\SweetLabs App Platform => moved successfully

C:\Users\Shawn\AppData\Local\Pokki => moved successfully

Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02318FF0-DF16-46D3-9A4C-3B1AF3E75C00}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02318FF0-DF16-46D3-9A4C-3B1AF3E75C00}" => key removed successfully

C:\Windows\System32\Tasks\MyDailyBackup => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyDailyBackup" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{064C78EB-8723-446D-AE33-FCAC638EA4E9}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{064C78EB-8723-446D-AE33-FCAC638EA4E9}" => key removed successfully

C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6 => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11E3DEA9-8E3A-4D7C-9E8E-765D58B6C675}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11E3DEA9-8E3A-4D7C-9E8E-765D58B6C675}" => key removed successfully

C:\Windows\System32\Tasks\A282C480-6087-4AB1-A04A-7C7516C6330 => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\A282C480-6087-4AB1-A04A-7C7516C6330" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D1E3881-F144-4D72-8D66-9EB30FEE3687}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D1E3881-F144-4D72-8D66-9EB30FEE3687}" => key removed successfully

C:\Windows\System32\Tasks\GoogleUp => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10A72AE7-1A25-4DAE-BE5A-37C564FD4554}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10A72AE7-1A25-4DAE-BE5A-37C564FD4554}" => key removed successfully

C:\Windows\System32\Tasks\import => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\import" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11E3DEA9-8E3A-4D7C-9E8E-765D58B6C675} => key not found.

C:\Windows\System32\Tasks\A282C480-6087-4AB1-A04A-7C7516C6330 => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\A282C480-6087-4AB1-A04A-7C7516C6330 => key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B90FF25-DA06-41C1-BC94-412150ECAA58}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B90FF25-DA06-41C1-BC94-412150ECAA58}" => key removed successfully

C:\Windows\System32\Tasks\DGPUOYA1 => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DGPUOYA1" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2DA13C03-D570-453A-870A-0D4855211503}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DA13C03-D570-453A-870A-0D4855211503}" => key removed successfully

C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-10_user => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f52c8f69-3487-4ac4-bfff-b1aa07793633-10_user" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F8736E1-91A2-4D76-BD42-D0B88FA53A3D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F8736E1-91A2-4D76-BD42-D0B88FA53A3D}" => key removed successfully

C:\Windows\System32\Tasks\win => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\win" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C6CA005-6220-4BFE-9DB6-F46B194CB55E}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C6CA005-6220-4BFE-9DB6-F46B194CB55E}" => key removed successfully

C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5 => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f52c8f69-3487-4ac4-bfff-b1aa07793633-5" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6042C362-59D5-4245-AAD6-4DDF8ACE0EFE}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6042C362-59D5-4245-AAD6-4DDF8ACE0EFE}" => key removed successfully

C:\Windows\System32\Tasks\Gelomo => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Gelomo" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{703FE3C1-2E63-4DE7-8E29-E09399DA4143}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{703FE3C1-2E63-4DE7-8E29-E09399DA4143}" => key removed successfully

C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7 => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74D43DA1-A8B5-4CD8-B706-ACDEBF1D5E28}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74D43DA1-A8B5-4CD8-B706-ACDEBF1D5E28}" => key removed successfully

C:\Windows\System32\Tasks\SweetLabs App Platform => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DD1FD75-546E-4AF8-BB44-02BFD98B11ED}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DD1FD75-546E-4AF8-BB44-02BFD98B11ED}" => key removed successfully

C:\Windows\System32\Tasks\impo => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\impo" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B4063394-9776-4FAA-ABDF-EE9D892572A9}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4063394-9776-4FAA-ABDF-EE9D892572A9}" => key removed successfully

C:\Windows\System32\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5_user => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f52c8f69-3487-4ac4-bfff-b1aa07793633-5_user" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3DA6889-734A-418E-A830-A911999F1D43}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3DA6889-734A-418E-A830-A911999F1D43}" => key removed successfully

C:\Windows\System32\Tasks\Googleuptodate => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Googleuptodate" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8543B43-2872-45EC-BD11-D1602E420070}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8543B43-2872-45EC-BD11-D1602E420070}" => key removed successfully

C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_313335333032383432342d324a574123346c2a556c2a5a => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_313335333032383432342d324a574123346c2a556c2a5a" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E49C164B-1294-43C0-9318-B08E06A7965F}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E49C164B-1294-43C0-9318-B08E06A7965F}" => key removed successfully

C:\Windows\System32\Tasks\F6E70F42-AA4B-47A7-9CC8-E592976436A7 => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\F6E70F42-AA4B-47A7-9CC8-E592976436A7" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F40101A4-305F-40EF-ABF1-51EC9F3DB20C} => key not found.

C:\Windows\System32\Tasks\Inst_Rep => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep" => key removed successfully

C:\Windows\Tasks\DGPUOYA1.job => not found.

C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-6.job => not found.

C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-1-7.job => not found.

C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-10_user.job => not found.

C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5.job => not found.

C:\Windows\Tasks\f52c8f69-3487-4ac4-bfff-b1aa07793633-5_user.job => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCA551B1-CC04-4C17-8B3C-87CE5ED4A5A0}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCA551B1-CC04-4C17-8B3C-87CE5ED4A5A0}" => key removed successfully

C:\Windows\System32\Tasks\SecurityApps2 => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityApps2" => key removed successfully

"D:\Setup.exe" => not found.

"C:\Program Files (x86)\PC FIX LABS LLC" => not found.

"C:\Program Files\SpaceSoundPro" => not found.

========= sfc /scanfile=c:\windows\system32\dnsapi.dll =========

W i n d o w s R e s o u r c e P r o t e c t i o n f o u n d c o r r u p t f i l e s a n d s u c c e s s f u l l y r e p a i r e d

t h e m . D e t a i l s a r e i n c l u d e d i n t h e C B S . L o g w i n d i r \ L o g s \ C B S \ C B S . l o g . F o r

e x a m p l e C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g . N o t e t h a t l o g g i n g i s c u r r e n t l y n o t

s u p p o r t e d i n o f f l i n e s e r v i c i n g s c e n a r i o s .

T h e s y s t e m f i l e r e p a i r c h a n g e s w i l l t a k e e f f e c t a f t e r t h e n e x t r e b o o t .

========= End of CMD: =========

========= sfc /scanfile=c:\windows\syswow64\dnsapi.dll =========

T h e r e i s a s y s t e m r e p a i r p e n d i n g w h i c h r e q u i r e s r e b o o t t o c o m p l e t e . R e s t a r t

W i n d o w s a n d r u n s f c a g a i n .

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= netsh winsock reset =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

EmptyTemp: => 9.6 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-11-11 15:51:44)

C:\Users\Public\Documents\windows.exe => Is moved successfully

C:\ProgramData\FlashBeat => Is moved successfully

C:\ProgramData\DP45977C.lfl => Is moved successfully

==== End of Fixlog 15:51:44 ====

I have attached a file showing the screen shot of the .NET Framework exception. I'm not sure how to just copy the screen shot into the post. One of the things I noticed that I don't like is that there is an icon in the task bar that looks like a shield with the Microsoft colors on it. If you hover over it, it shows Microsoft Defenders. I'm assuming that it is something that isn't kosher, but I didn't want to dig around too much.

#12
Bruce1270

Posted 11 November 2015 - 06:03 PM

Trusted Helper

Malware Removal
1,714 posts

Hi RobkBriggs

Sorry I don't see the file attached.

You can post a screenshot though by using the snipping tool. See this guide on how to use this. Once it has been saved you can add it to your response using the Choose Files button.
Select the file saved and then click cursor into the post where you want to insert the image and then click Add to Post.

Try this for your screenshot message and post in your next reply.

It's late here in the UK so I am signing off now but will be back tomorrow with the next steps for you.

#13
Bruce1270

Posted 12 November 2015 - 04:32 PM

Trusted Helper

Malware Removal
1,714 posts

Hi RobkBriggs

Here are the next steps for you.

Step1 - FRST fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Task: {8884467B-CFCC-4E17-964F-6DB84BDB63FD} - System32\Tasks\Installer_smknnodesk => C:\Users\Shawn&Stacy\AppData\Local\Installer\Installsmknnodesk_27399\brakietut_tutbl_setup.exe [2015-11-01] () <==== ATTENTION
C:\Users\Shawn&Stacy\AppData\Local\Installer
EmptyTemp:

Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

Step2 - Junkware Removal Tool

Download Junkware Removal Tool by thisisu and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.

Step3 - AdwCleaner Scan

Download AdwCleaner from here to the Desktop
Close all open windows and browsers
Double click the Adwcleaner icon to execute the program
When the Tool opens for the first time accept the Terms of use
Click the Scan button and wait for the program to finish.
Click on options - untick Reset proxy settings and Reset winsock settings.
When finished, please click Cleaning button.
Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
Please copy and paste this in your next reply.

Step4 - Malwarebytes Scan

Please download Malwarebytes' Anti-Malware from Here or Here
- Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
- During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later :
- If an update is found, it will download and install the latest updates automatically:
- Now select the Settings tab, and check the box next to Scan for rootkits:
- Go back to the Dashboard tab, and click the Scan Now button:
- The scan may take some time to finish,so please be patient.
- When the scan is complete, it will show you the results. (This one is clean):
- Make sure that everything is checked, and click Quarantine All (or similar).
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
- The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
- Choose the latest Scan Log, and click on the View button:
- In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
- Copy & Paste the entire contents of the report log in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.

Step5 - Fresh FRST scan
Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
Please tick the Addition.txt box under Optional Scan.
Press Scan button.
It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
Please copy and paste the FRST.txt and Addition.txt to your reply.

Things for your next post:
fixlog.txt
JRT.txt
adwCleaner[C*].txt
MBAM log
FRST.txt and Addition.txt
What issues are remaining with the computer?

#14
robkbriggs

Posted 15 November 2015 - 02:30 PM

Member

Topic Starter
Member
152 posts

Hello,

Sorry, it showed the screen shot was attached. Let's see if it works this time.

Here is the fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:04-11-2015
Ran by Shawn&Stacy (2015-11-15 12:49:42) Run:2
Running from C:\Users\Shawn&Stacy\Desktop
Loaded Profiles: Shawn&Stacy (Available Profiles: Shawn&Stacy & Shawn & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Task: {8884467B-CFCC-4E17-964F-6DB84BDB63FD} - System32\Tasks\Installer_smknnodesk => C:\Users\Shawn&Stacy\AppData\Local\Installer\Installsmknnodesk_27399\brakietut_tutbl_setup.exe [2015-11-01] () <==== ATTENTION
C:\Users\Shawn&Stacy\AppData\Local\Installer
EmptyTemp:

*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8884467B-CFCC-4E17-964F-6DB84BDB63FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8884467B-CFCC-4E17-964F-6DB84BDB63FD}" => key removed successfully
C:\Windows\System32\Tasks\Installer_smknnodesk => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_smknnodesk" => key removed successfully
C:\Users\Shawn&Stacy\AppData\Local\Installer => moved successfully
EmptyTemp: => 1053 KB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 12:50:47 ====

I copied the JRT.exe to the desktop of the users machine and ran it. It opened the black window and ran through to the point where it showed Checking Registry, then the black window just went away and there was nothing. It did not seem to finish, or leave the JRT.txt on the desktop. It only took about two minutes to get to the point where the back window went away. I though maybe it just needed a little time, so I waited for about 45 minutes after the windows went away, and there was still nothing. I'm not sure if it finished, or if there is something impeding it. She is using McAfee LiveSafe, but I disabled it as directed by your previous post.

Should I go ahead and continue on with the instructions an come back to the JRT later? Or, should I reboot and try it again?

#15
robkbriggs

Posted 15 November 2015 - 02:44 PM

Member

Topic Starter
Member
152 posts

I went ahead and rebooted the PC and tried to run JRT.exe again. It looks as if the program is not completing. Right as the black window closes, it says something with the word unexpected in it, but it flashed too fast, I couldn't catch it.

Here is a screen shot from right before the black windows went away.