Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Helping A Friend With Possible Malware Infection [Solved]


  • This topic is locked This topic is locked

#16
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Ok. Proceed with other steps. :)
  • 0

Advertisements


#17
robkbriggs

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Here is the AdwCleaner log;

 

# AdwCleaner v5.021 - Logfile created 15/11/2015 at 14:24:07
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.1 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Shawn&Stacy - HOMECOMPUTER
# Running from : C:\Users\Shawn&Stacy\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Guest\AppData\Local\pokki

***** [ Files ] *****

[-] File Deleted : C:\Users\Shawn&Stacy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk

***** [ DLLs ] *****

[-] File Disinfected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0B9675FD-945F-4080-BF25-962404552011}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0663388-9CED-490A-A6B7-8CD2100A805C}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81760934-915A-499A-8169-A140374DBED6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0B9675FD-945F-4080-BF25-962404552011}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0663388-9CED-490A-A6B7-8CD2100A805C}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\CrossBrowser
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\BrowserAir
[-] Key Deleted : HKCU\Software\__SP__browser_name__SP__
[-] Key Deleted : HKCU\Software\{84C174EB-D95A-473D-aB5E-E5878B73B3A3}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\DailyWiki
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\FlashBeat
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\navegaki
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\SpaceSondPro
[-] Key Deleted : HKLM\SOFTWARE\im-dosearch
[-] Key Deleted : HKLM\SOFTWARE\Crashhd
[-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DailyWiki
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : [x64] HKLM\SOFTWARE\navegaki
[-] Key Deleted : [x64] HKLM\SOFTWARE\im-dosearch
[-] Key Deleted : [x64] HKLM\SOFTWARE\SAKURA
[-] Key Deleted : HKU\.DEFAULT\Software\{84C174EB-D95A-473D-aB5E-E5878B73B3A3}
[-] Key Deleted : HKU\S-1-5-19\Software\{84C174EB-D95A-473D-aB5E-E5878B73B3A3}
[-] Key Deleted : HKU\S-1-5-20\Software\{84C174EB-D95A-473D-aB5E-E5878B73B3A3}
[-] Key Deleted : HKU\S-1-5-21-1384006192-1193351791-2402037821-1001_Classes\Software\{84C174EB-D95A-473D-aB5E-E5878B73B3A3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homepage-web.com

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6563 bytes] ##########

 

 

MalwareBytes showed some not harmful things that were quarantined, but nothing serious. Here is the MBAM Log;

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/15/2015
Scan Time: 2:28 PM
Logfile: MB.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.15.04
Rootkit Database: v2015.11.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Shawn&Stacy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404247
Time Elapsed: 33 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Shawn&Stacy (administrator) on HOMECOMPUTER (15-11-2015 15:32:05)
Running from C:\Users\Shawn&Stacy\Desktop
Loaded Profiles: Shawn&Stacy & Shawn (Available Profiles: Shawn&Stacy & Shawn & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
() C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1180.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Acer) C:\Windows\SysWOW64\OSDSrv\OSDApp.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [OSDAPP] => C:\Windows\SysWOW64\OSDSrv\OSDApp.exe [2054656 2013-05-16] (Acer)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-09-16] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [385024 2008-01-31] (Apple Inc.)
HKLM-x32\...\Run: [popup] => C:\windows\SysWOW64\MyTrayApp.exe [14336 2015-09-09] (Microsoft)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732448 2015-10-15] (Acer)
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732448 2015-10-15] (Acer)
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\...\Run: [Wixkv] => C:\ProgramData\DataFile\DV.exe
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\...\RunOnce: [Application Restart #2] => C:\Users\Shawn\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (the data entry has 571 more characters).
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-09-16] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2014-09-22]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2015-07-25]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.6.1.101 10.6.1.102
Tcpip\..\Interfaces\{2CD635BC-E781-4274-B67C-F70D05666F27}: [DhcpNameServer] 10.6.1.101 10.6.1.102

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {AA6B1CEC-2D28-46D3-88F5-DA9E49ADFF11} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US662D20140703&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1004 -> DefaultScope {27E25D5D-5A60-4427-BD61-AE63CFEB8E3A} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US662D20140703&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1004 -> {27E25D5D-5A60-4427-BD61-AE63CFEB8E3A} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US662D20140703&p={searchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-09-22] (McAfee)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-09-22] (McAfee)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-09-22] (McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-09-22] (McAfee)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-06] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-28] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-28] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-01-03] ()
FF Plugin HKU\S-1-5-21-1384006192-1193351791-2402037821-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Shawn&Stacy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-03] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-08-14] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-15]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-09-09] (Acer Incorporated)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 OSDSrv; C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe [220672 2013-05-08] () [File not signed]
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 PQAWRwa; C:\Windows\SysWOW64\OSDSrv\PQAWDrv.sys [10464 2011-09-08] () [File not signed]
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-18] (Realtek semiconductor corp)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-15 15:32 - 2015-11-15 15:33 - 00017456 _____ C:\Users\Shawn&Stacy\Desktop\FRST.txt
2015-11-15 15:31 - 2015-11-15 15:31 - 00000000 ____D C:\Users\Shawn&Stacy\Desktop\FRST-OlderVersion
2015-11-15 15:23 - 2015-11-15 15:23 - 00001044 _____ C:\Users\Shawn&Stacy\Desktop\MB.txt
2015-11-15 14:27 - 2015-11-15 15:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-15 14:27 - 2015-11-15 14:27 - 00001122 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-15 14:27 - 2015-11-15 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-15 14:27 - 2015-11-15 14:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-15 14:27 - 2015-11-15 14:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-15 14:27 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-15 14:27 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-15 14:27 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-15 14:20 - 2015-11-15 14:24 - 00000000 ____D C:\AdwCleaner
2015-11-15 13:36 - 2015-11-15 13:36 - 00011776 ___SH C:\Users\Shawn&Stacy\Desktop\Thumbs.db
2015-11-15 12:48 - 2015-11-15 11:11 - 01801288 _____ (Malwarebytes) C:\Users\Shawn&Stacy\Desktop\JRT.exe
2015-11-15 12:48 - 2015-11-15 11:11 - 01732096 _____ C:\Users\Shawn&Stacy\Desktop\AdwCleaner.exe
2015-11-11 15:52 - 2015-11-11 15:52 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-11-11 14:17 - 2015-11-15 15:31 - 02198528 _____ (Farbar) C:\Users\Shawn&Stacy\Desktop\FRST64.exe
2015-11-04 17:00 - 2015-11-15 15:32 - 00000000 ____D C:\FRST
2015-11-03 14:29 - 2015-11-03 14:29 - 00006958 _____ C:\Users\SHAWNmgn_service-remove_00.log
2015-11-03 14:29 - 2015-11-03 14:29 - 00001627 _____ C:\Users\Shawn\g2ax_uninstaller_customer.log
2015-11-03 14:29 - 2015-11-03 14:29 - 00001185 _____ C:\Users\SHAWNmgn_service-force_shutdown_00.log
2015-11-03 14:16 - 2015-11-03 14:29 - 00304606 _____ C:\Users\SHAWNGoToAssist Remote Support Customer_00.LOG
2015-11-03 14:16 - 2015-11-03 14:29 - 00004604 _____ C:\Users\SHAWNmgn_service-service_00.log
2015-11-03 14:16 - 2015-11-03 14:16 - 00007348 _____ C:\Users\SHAWNmgn_service-install_manual_00.log
2015-11-03 14:16 - 2015-11-03 14:16 - 00001438 _____ C:\Users\SHAWNmgn_service-start_session_00.log
2015-11-03 14:15 - 2015-11-03 14:29 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-11-03 14:15 - 2015-11-03 14:15 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\Citrix
2015-11-01 19:35 - 2015-11-03 14:00 - 00000010 _____ C:\Users\Public\Documents\test.txt
2015-11-01 19:30 - 2015-11-01 19:31 - 00000000 ___HD C:\$Windows.~BT
2015-11-01 18:55 - 2015-11-01 18:55 - 00000485 _____ C:\Users\Shawn&Stacy\Desktop\Administrative Tools - Shortcut.lnk
2015-11-01 18:28 - 2015-11-01 18:28 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\Google
2015-10-31 07:46 - 2013-08-22 06:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-10-31 07:39 - 2015-10-31 07:39 - 00000000 ____D C:\Users\Shawn\AppData\Local\KodakGallery
2015-10-28 16:43 - 2015-11-15 15:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-28 16:43 - 2015-10-28 17:11 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-28 16:40 - 2015-10-28 16:40 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-10-26 03:29 - 2015-10-26 03:29 - 00002005 _____ C:\Users\Public\Desktop\abPhoto.lnk
2015-10-22 18:24 - 2015-10-22 18:24 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2015-10-22 18:24 - 2015-10-22 18:24 - 00002028 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-10-22 18:19 - 2015-10-22 18:19 - 00001969 _____ C:\Users\Public\Desktop\abDocs.lnk
2015-10-16 03:24 - 2015-09-18 20:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-16 03:24 - 2015-09-18 06:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-16 03:24 - 2015-09-18 06:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-16 03:24 - 2015-09-18 06:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-16 03:24 - 2015-09-18 06:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-16 03:24 - 2015-09-18 06:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-16 03:24 - 2015-09-18 06:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-15 15:30 - 2014-02-21 04:32 - 01863691 _____ C:\Windows\WindowsUpdate.log
2015-11-15 15:29 - 2014-07-03 17:40 - 00000000 ___DO C:\Users\Shawn&Stacy\SkyDrive
2015-11-15 15:29 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-15 15:26 - 2013-08-22 07:46 - 00030007 _____ C:\Windows\setupact.log
2015-11-15 15:26 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 15:25 - 2013-09-17 22:48 - 00064952 _____ C:\Windows\PFRO.log
2015-11-15 15:25 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\FileManager
2015-11-15 15:24 - 2014-07-03 16:56 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A89C9A3A-19B4-4FA1-937E-D2CB8095155A}
2015-11-15 15:13 - 2014-02-21 04:48 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-11-15 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-15 14:33 - 2014-07-03 16:55 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1384006192-1193351791-2402037821-1001
2015-11-15 14:27 - 2014-07-03 16:52 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\clear.fi
2015-11-15 13:38 - 2013-09-17 22:55 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-15 13:25 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-11 14:43 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-11-10 03:38 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-03 14:29 - 2014-07-05 14:02 - 00000000 ____D C:\Users\Shawn
2015-11-01 20:20 - 2014-07-03 16:49 - 00000000 ____D C:\Users\Shawn&Stacy
2015-11-01 19:36 - 2013-09-17 23:47 - 00000000 ____D C:\Windows\Panther
2015-11-01 18:28 - 2013-08-22 07:44 - 00363320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-01 18:19 - 2014-07-05 15:03 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{644AD842-6A1E-41E8-A61F-A97471BA9E31}
2015-11-01 18:14 - 2014-07-05 14:29 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1384006192-1193351791-2402037821-1004
2015-11-01 18:04 - 2014-07-05 14:25 - 00000000 ____D C:\Users\Shawn\Documents\Bluetooth Folder
2015-11-01 18:03 - 2014-08-09 18:32 - 00000000 ___DO C:\Users\Shawn\OneDrive
2015-11-01 14:48 - 2014-11-24 18:18 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\Skype
2015-11-01 13:54 - 2014-07-03 16:51 - 00000000 ____D C:\Users\Shawn&Stacy\Documents\Bluetooth Folder
2015-10-31 07:33 - 2014-07-03 16:50 - 00000000 ____D C:\ProgramData\OEM
2015-10-31 07:26 - 2014-07-05 14:25 - 00000000 ____D C:\Users\Shawn\AppData\Local\clear.fi
2015-10-26 03:29 - 2013-09-17 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-10-26 03:28 - 2015-07-22 04:20 - 00003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2015-10-26 03:28 - 2013-09-17 23:42 - 00000000 ___HD C:\OEM
2015-10-22 19:51 - 2014-12-11 18:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-22 19:51 - 2014-07-13 13:07 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-22 18:24 - 2013-09-17 23:02 - 00000000 ____D C:\Program Files (x86)\Acer

==================== Files in the root of some directories =======

2014-09-22 19:15 - 2014-09-22 19:15 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-11-11 15:52 - 2015-11-11 15:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-03 17:03 - 2014-07-03 17:03 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Shawn&Stacy\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-15 13:09

==================== End of FRST.txt ============================

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Shawn&Stacy (2015-11-15 15:33:58)
Running from C:\Users\Shawn&Stacy\Desktop
Windows 8.1 (X64) (2014-07-03 23:49:52)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1384006192-1193351791-2402037821-500 - Administrator - Disabled)
Guest (S-1-5-21-1384006192-1193351791-2402037821-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1384006192-1193351791-2402037821-1003 - Limited - Enabled)
Shawn (S-1-5-21-1384006192-1193351791-2402037821-1004 - Limited - Enabled) => C:\Users\Shawn
Shawn&Stacy (S-1-5-21-1384006192-1193351791-2402037821-1001 - Administrator - Enabled) => C:\Users\Shawn&Stacy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.05.2001.1 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer PanelOnOff (HKLM-x32\...\{55F2D48B-6022-4722-9B55-47CC4FA7DBD6}) (Version: 1.0.3.822 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.08.2006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.01.3004 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.00.3013 - Acer Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{D32B2CEB-7220-9558-DF92-787B0E715684}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AOL (HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\...\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5) (Version: v1.0.4 - Pokki)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.11.2000.2 - Acer Incorporated)
CCScore (x32 Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3323.57 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ESSBrwr (x32 Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 7.00.0000.0008 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
fflink (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FlextimePlayer1.0.3 (HKLM-x32\...\{AEAC4397-9CE9-4DCE-850C-8E0AF7728DDF}) (Version: 1.0.3 - south-star)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 9.2.0.11 - WildTangent, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Host App Service (HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\...\SweetLabs_AP) (Version: 0.269.7.800 - Pokki)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcbase (x32 Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.200 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
netbrdg (x32 Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{E142AB79-FD0D-34F7-8D4D-56E78C536467}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OfotoXMI (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\...\SweetLabs_Start_Menu) (Version: 0.269.7.800 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{BFD96B89-B769-4CD6-B11E-E79FFD46F067}) (Version: 7.4.1.14 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
SFR (x32 Version: 7.00.0000.0004 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
staticcr (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
tooltips (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VPRINTOL (x32 Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WIRELESS (x32 Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

31-10-2015 01:27:43 Scheduled Checkpoint
01-11-2015 14:57:47 Removed OnePCOptimizer.
01-11-2015 18:42:35 Restore Operation
11-11-2015 15:39:50 Restore Point Created by FRST
15-11-2015 12:49:50 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-11-11 15:41 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17511F17-937C-43E8-8E5D-B2AF1C8179C8} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-07-01] (Acer Incorporated)
Task: {2B0CBDC2-0F0A-423B-891E-BED0825EF3CE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {3A374187-C67C-4EF7-BAC2-1AA82CEDAA48} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {4B9D7097-EB42-4502-AE86-9798B9475DDE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {4FC81656-989E-49A3-B41E-E553D23F29DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {51443AFA-5D49-4C0F-A2CB-75042A7EDE56} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.20.2.sxt [email protected]
Task: {6C05B76E-812C-47A3-9DBB-546574A95880} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-08-12] (Acer Incorporated)
Task: {6CE13A9A-CF04-49E2-AE19-67D7039423E2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {74F4637D-B0CD-4FD7-87B2-E8C3268EC013} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: {78710094-4D08-4701-93AD-98CFE5EE564D} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {7D1E590C-B816-4C65-BBEA-580C1CBB9E29} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-07-01] (Acer Incorporated)
Task: {82CA3464-8725-4207-8B6D-1D9B3FBF3C46} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-08-26] (Acer Incorporated)
Task: {9307E414-2143-40D7-A6C5-861529E57DC6} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-09-10] (Acer Incorporated)
Task: {AD2E9353-B0FB-46BA-9D70-457BC78B7956} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {BCD4D772-64BF-4C04-AC41-D5F033F40B89} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)
Task: {BF11D8DA-B994-4F42-91F4-08DF5A707577} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {D5F43C43-FC2F-4990-9EDD-A654824AD4B2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-10-15] (Acer)
Task: {D8A618D9-A8F4-4B69-A788-A2A6DAB40297} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {F0ED6775-7AE8-454E-A6CF-9D92D7A054D5} - \Inst_Rep -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EasyShare Registration Task.job => C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.20.2.sxt

==================== Loaded Modules (Whitelisted) ==============

2014-02-21 04:46 - 2013-05-08 10:21 - 00220672 _____ () C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe
2013-01-29 13:28 - 2013-01-29 13:28 - 00109024 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-01-29 13:28 - 2013-01-29 13:28 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 00207872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2013-01-29 13:28 - 2013-01-29 13:28 - 00109024 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2015-07-11 14:19 - 2015-07-11 14:19 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-25 04:04 - 2013-09-25 04:04 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 04:01 - 2013-09-25 04:01 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 04:08 - 2013-09-25 04:08 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-08-08 17:53 - 2013-08-08 17:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2015-09-16 13:58 - 2015-09-16 13:58 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-09-16 13:58 - 2015-09-16 13:58 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-10-15 10:56 - 2015-10-15 10:56 - 00201568 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-10-15 10:56 - 2015-10-15 10:56 - 00118112 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2008-05-10 06:33 - 2015-07-25 13:18 - 00403968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
2008-05-10 06:31 - 2015-07-25 13:18 - 00258560 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
2008-05-10 06:28 - 2015-07-25 13:18 - 00354816 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
2008-05-10 06:27 - 2015-07-25 13:19 - 00233472 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2008-05-10 06:46 - 2015-07-25 13:18 - 00232448 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2008-05-10 06:22 - 2015-07-25 13:18 - 00086016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2008-05-10 06:47 - 2015-07-25 13:18 - 00077312 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2008-05-10 06:16 - 2015-07-25 13:18 - 00062464 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 09:05 - 2015-07-25 13:18 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2008-05-10 06:45 - 2015-07-25 13:18 - 00757760 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2008-05-10 07:02 - 2015-07-25 13:18 - 00675840 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2008-05-10 06:35 - 2015-07-25 13:18 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
2008-05-10 06:20 - 2015-07-25 13:18 - 00128512 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
2008-05-10 06:53 - 2015-07-25 13:18 - 01229312 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2008-04-14 14:30 - 2015-07-25 13:19 - 00786432 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
2008-04-21 14:19 - 2015-07-25 13:19 - 00462848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
2008-04-21 14:20 - 2015-07-25 13:19 - 00528384 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
2008-04-11 14:59 - 2015-07-25 13:19 - 00872448 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
2008-04-21 14:19 - 2015-07-25 13:19 - 02236416 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
2008-04-21 14:19 - 2015-07-25 13:19 - 00798720 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
2008-04-21 14:20 - 2015-07-25 13:19 - 01396736 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
2008-04-11 14:59 - 2015-07-25 13:19 - 00159744 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
2008-05-10 06:24 - 2015-07-25 13:18 - 00117760 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2008-05-10 07:02 - 2015-07-25 13:18 - 00171008 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
2008-05-10 06:45 - 2015-07-25 13:18 - 00052224 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2008-05-10 06:43 - 2015-07-25 13:19 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2008-05-10 06:20 - 2015-07-25 13:18 - 00083968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2008-05-10 03:06 - 2015-07-25 13:18 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2008-05-10 07:11 - 2015-07-25 13:18 - 00339968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2008-05-10 07:00 - 2015-07-25 13:18 - 00096256 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2008-05-10 07:02 - 2015-07-25 13:18 - 00311296 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2008-05-10 06:57 - 2015-07-25 13:19 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2008-05-10 07:09 - 2015-07-25 13:18 - 00466944 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
2008-05-10 06:23 - 2015-07-25 13:18 - 00044544 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2015-09-16 13:58 - 2015-09-16 13:58 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-10-26 03:28 - 2015-10-26 03:28 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-09-10 13:51 - 2015-09-10 13:51 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-09-10 13:43 - 2015-09-10 13:43 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 10.6.1.101 - 10.6.1.102
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\StartupApproved\Run: => "Web Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2015 12:49:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1fb92a74-a1f5-4c6c-a940-bd51cac4d47b}

Error: (11/11/2015 03:39:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5bd8ae48-09e7-4dea-978b-278631c99c07}

Error: (11/11/2015 03:12:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DV.exe, version: 1.0.0.0, time stamp: 0x55e96721
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0xe0434352
Fault offset: 0x00015b68
Faulting process id: 0x188c
Faulting application start time: 0xDV.exe0
Faulting application path: DV.exe1
Faulting module path: DV.exe2
Report Id: DV.exe3
Faulting package full name: DV.exe4
Faulting package-relative application ID: DV.exe5

Error: (11/11/2015 03:12:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DV.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
Stack:

Server stack trace:
   at System.Runtime.Remoting.Messaging.MethodCall.ResolveMethod(Boolean bThrowIfNotResolved)
   at System.Runtime.Remoting.Messaging.MethodCall..ctor(Object handlerObject, BinaryMethodCallMessage smuggledMsg)
   at System.Runtime.Serialization.Formatters.Binary.BinaryMethodCall.ReadArray(Object[] callA, Object handlerObject)
   at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
   at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
   at System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage(String objectUri, Stream inputStream, Boolean bStrictBinding, TypeFilterLevel securityLevel)
   at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at Microsoft.Shell.SingleInstance`1+IPCRemoteService[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeFirstInstance(System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SignalFirstInstance(System.String, System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InitializeAsFirstInstance(System.String)
   at demoforupdaterwindow.App.Main()

Error: (11/11/2015 03:10:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0xfc0
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5

Error: (11/11/2015 03:01:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DV.exe, version: 1.0.0.0, time stamp: 0x55e96721
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0xe0434352
Fault offset: 0x00015b68
Faulting process id: 0x4cc
Faulting application start time: 0xDV.exe0
Faulting application path: DV.exe1
Faulting module path: DV.exe2
Report Id: DV.exe3
Faulting package full name: DV.exe4
Faulting package-relative application ID: DV.exe5

Error: (11/11/2015 03:00:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DV.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
Stack:

Server stack trace:
   at System.Runtime.Remoting.Messaging.MethodCall.ResolveMethod(Boolean bThrowIfNotResolved)
   at System.Runtime.Remoting.Messaging.MethodCall..ctor(Object handlerObject, BinaryMethodCallMessage smuggledMsg)
   at System.Runtime.Serialization.Formatters.Binary.BinaryMethodCall.ReadArray(Object[] callA, Object handlerObject)
   at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
   at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
   at System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage(String objectUri, Stream inputStream, Boolean bStrictBinding, TypeFilterLevel securityLevel)
   at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at Microsoft.Shell.SingleInstance`1+IPCRemoteService[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeFirstInstance(System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SignalFirstInstance(System.String, System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InitializeAsFirstInstance(System.String)
   at demoforupdaterwindow.App.Main()

Error: (11/11/2015 03:00:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0xc5c
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5

Error: (11/11/2015 02:44:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0xafc
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5

Error: (11/11/2015 02:43:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DV.exe, version: 1.0.0.0, time stamp: 0x55e96721
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0xe0434352
Fault offset: 0x00015b68
Faulting process id: 0x1950
Faulting application start time: 0xDV.exe0
Faulting application path: DV.exe1
Faulting module path: DV.exe2
Report Id: DV.exe3
Faulting package full name: DV.exe4
Faulting package-relative application ID: DV.exe5

System errors:
=============
Error: (11/15/2015 03:32:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (11/15/2015 03:24:35 PM) (Source: DCOM) (EventID: 10010) (User: HOMECOMPUTER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/15/2015 03:24:35 PM) (Source: DCOM) (EventID: 10010) (User: HOMECOMPUTER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/15/2015 03:24:35 PM) (Source: DCOM) (EventID: 10010) (User: HOMECOMPUTER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/15/2015 03:24:35 PM) (Source: DCOM) (EventID: 10010) (User: HOMECOMPUTER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/15/2015 02:24:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/15/2015 02:24:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/15/2015 02:24:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/15/2015 02:24:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/15/2015 01:31:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

CodeIntegrity:
===================================
  Date: 2015-11-01 13:18:28.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:18:28.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:14:06.073
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:14:05.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:09:43.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:09:42.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:07:16.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:07:15.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:05:33.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:05:32.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 3516.92 MB
Available physical RAM: 2064.19 MB
Total Virtual: 4668.92 MB
Available Virtual: 2803.12 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.63 GB) (Free:407.94 GB) NTFS
Drive e: (Voyager) (Removable) (Total:15.12 GB) (Free:15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A96AE5F6)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15.1 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

The PC seems to be running fine, but I'm still getting the .NET Framework message upon login. I'm also concerned that at various points I still see the Microsoft Defenders icon on the taskbar.

 


  • 0

#18
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Robkbriggs

Logs are looking not bad now. :) Just a few more bits to clean and check.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [popup] => C:\windows\SysWOW64\MyTrayApp.exe [14336 2015-09-09] (Microsoft)
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\...\Run: [Wixkv] => C:\ProgramData\DataFile\DV.exe
C:\ProgramData\DataFile
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\...\RunOnce: [Application Restart #2] => C:\Users\Shawn\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (the data entry has 571 more characters).
C:\Users\Shawn\AppData\Local\Pokki
Task: {F0ED6775-7AE8-454E-A6CF-9D92D7A054D5} - \Inst_Rep -> No File <==== ATTENTION
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\SpaceSoundPro" /f
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - ESET scan


    Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the following instructions work with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on Start.
    • When prompted allow Add-On/Active X to install.
    • Make sure Enable detection of potentially unwanted applications is selected.
    • Click the Advanced Settings link.
    • Make sure Remove found threats is NOT checked.
    • Make sure Scan archives IS checked.
    • Make sure Scan for potentially unsafe applications IS checked.
    • Make sure Enable Anti-Stealth technology IS checked
      2.JPG
    • Now click on Start.
    • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
    • Copy and paste that log as a reply to this topic.
    • When completed select Uninstall application on close.
    • Now click on Finish.

      Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


      I'm also concerned that at various points I still see the Microsoft Defenders icon on the taskbar.


      This is Microsoft security center flagging that you have no Anti Virus currently enabled. This is from your latest FRST logs

      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}


      Please enable your mcAfee AV and firewall and this notification should disappear.

      Then

      Step3 - Security Check
    • Download Security Check from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


      Things for your next post:
    • fixlog.txt
    • ESET log.txt
    • checkup.txt
    • What issues, if any, are you still having with the computer?

  • 0

#19
robkbriggs

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Hello,

 

 

Here are the results of the fixlog.txt;

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Shawn&Stacy (2015-11-17 06:29:33) Run:3
Running from C:\Users\Shawn&Stacy\Desktop
Loaded Profiles: Shawn&Stacy (Available Profiles: Shawn&Stacy & Shawn & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [popup] => C:\windows\SysWOW64\MyTrayApp.exe [14336 2015-09-09] (Microsoft)
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\...\Run: [Wixkv] => C:\ProgramData\DataFile\DV.exe
C:\ProgramData\DataFile
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\...\RunOnce: [Application Restart #2] => C:\Users\Shawn\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (the data entry has 571 more characters).
C:\Users\Shawn\AppData\Local\Pokki
Task: {F0ED6775-7AE8-454E-A6CF-9D92D7A054D5} - \Inst_Rep -> No File <==== ATTENTION
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\SpaceSoundPro" /f
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:

*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\popup => value removed successfully
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Wixkv => value not found.
"C:\ProgramData\DataFile" => not found.
HKU\S-1-5-21-1384006192-1193351791-2402037821-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2 => value not found.
"C:\Users\Shawn\AppData\Local\Pokki" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0ED6775-7AE8-454E-A6CF-9D92D7A054D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0ED6775-7AE8-454E-A6CF-9D92D7A054D5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found.

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\SpaceSoundPro" /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 78.5 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 06:30:32 ====

 

 

Here are the results of the ESET log.txt;

 

C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbia.exe a variant of Win64/SBWatchman.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll a variant of Win32/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll a variant of Win64/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe a variant of Win32/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii64.exe a variant of MSIL/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe a variant of Win64/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbiw.sys a variant of Win64/SBWatchman.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\shopperz311020151629\Pakpen.dll a variant of Win32/Toolbar.Perion.Z potentially unwanted application
C:\FRST\Quarantine\C\Program Files\shopperz311020151629\Pakpen64.dll a variant of Win64/Toolbar.Perion.I potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\CinePlus-1.44V01.11\utils.exe a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\CinePlus-1.44V31.10\Uninstall.exe a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\CinePlus-1.44V31.10\utils.exe a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\DailyPcClean Support\DailyPCClean.exe multiple threats
C:\FRST\Quarantine\C\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\hnsl1934.tmp a variant of Win32/Adware.ConvertAd.ABZ application
C:\FRST\Quarantine\C\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\jnsr174.tmp a variant of Win32/Adware.ConvertAd.ABN application
C:\FRST\Quarantine\C\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\knsqBC8F.tmp a variant of Win32/Adware.ConvertAd.YU application
C:\FRST\Quarantine\C\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\rnsvFCAE.exe a variant of Win32/Adware.ConvertAd.ABW application
C:\FRST\Quarantine\C\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\Uninstall.exe Win32/Adware.ConvertAd.YY application
C:\FRST\Quarantine\C\Program Files (x86)\DCE8D5F2-1446302749-11E3-BA14-F80F41B551A7\vnsh8FA2.tmp multiple threats
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json JS/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.dll a variant of Win32/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro64.dll a variant of Win64/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\SPRemove.exe a variant of Win32/SpeedBit.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\Updater.exe a variant of Win32/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\FireFox\content\overlay.js JS/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe a variant of Win32/ShopperPro.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.sys a variant of Win64/ShopperPro.C potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\Browser\prompt.exe a variant of MSIL/Adware.PullUpdate.L.gen application
C:\FRST\Quarantine\C\ProgramData\FlashBeat\FlashBeat32.dll Win32/Adware.CouponMarvel.S application
C:\FRST\Quarantine\C\ProgramData\FlashBeat\FlashBeat64.dll a variant of Win64/Adware.CouponMarvel.K application
C:\FRST\Quarantine\C\ProgramData\FlashBeat\NSISHelper.dll a variant of Win32/Adware.CouponMarvel.Q application
C:\FRST\Quarantine\C\ProgramData\FlashBeat\uninstall.exe a variant of Win32/Adware.CouponMarvel.Q.gen application
C:\FRST\Quarantine\C\ProgramData\Ruwsiawi\1.0.6.1\ufaeuvba.exe a variant of MSIL/Adware.PullUpdate.P application
C:\FRST\Quarantine\C\ProgramData\Service1291\Service1291.exe a variant of Win32/Adware.CouponMarvel.R.gen application
C:\FRST\Quarantine\C\Users\Public\Documents\windows.exe.xBAD Python/FakeAlert.A trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\A282C480-6087-4AB1-A04A-7C7516C6330\A282C480-6087-4AB1-A04A-7C7516C6330.exe a variant of Win32/Toolbar.CrossRider.CW potentially unwanted application
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\DCE8D5F2-1446281210-11E3-BA14-F80F41B551A7\7CC9.tmp a variant of Win32/Adware.ConvertAd.ACA.gen application
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\DCE8D5F2-1446281210-11E3-BA14-F80F41B551A7\onss80FA.tmp a variant of Win32/Adware.ConvertAd.PZ application
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\DCE8D5F2-1446281210-11E3-BA14-F80F41B551A7\rnsc80E9.exe a variant of Win32/Adware.ConvertAd.ABW application
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\DCE8D5F2-1446281210-11E3-BA14-F80F41B551A7\snsm80D8.tmp a variant of Win32/Adware.ConvertAd.ABT application
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\F6E70F42-AA4B-47A7-9CC8-E592976436A7\F6E70F42-AA4B-47A7-9CC8-E592976436A7.exe a variant of Win32/Toolbar.CrossRider.CW potentially unwanted application
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Installsmknnodesk_27399\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_11789\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_12121\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_1237\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_12908\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_13051\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_14426\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_15072\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_16695\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_17385\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_17617\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_18051\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_18582\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_20797\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_21365\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_23488\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_25606\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_25894\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_2642\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_2775\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_27888\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_2975\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_29860\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_30133\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_3084\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_32612\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_32635\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_3328\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_4060\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_4624\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_4799\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_503\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_5146\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_6621\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_7009\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_751\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_795\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_8430\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Users\Shawn&Stacy\AppData\Local\Installer\Install_9924\brakietut_tutbl_setup.exe a variant of Generik.LQACGSK trojan
C:\FRST\Quarantine\C\Windows\System32\Localadsiw64.dll.xBAD a variant of Win64/Riskware.Komodia.D application
C:\FRST\Quarantine\C\Windows\System32\Drivers\cherimoya.sys.xBAD a variant of Win64/NetFilter.A potentially unsafe application
C:\FRST\Quarantine\C\Windows\SysWOW64\Localadsiw.dll.xBAD a variant of Win32/RiskWare.Komodia.I application

 

 

Security Check seemed to have an issue running. I ran it according to the instructions, but it did not produce a check.txt. It only sits there with an open text window.

 

Capture3.PNG

 

 

Other than that, it seems to be okay.

 

 

 

 

 

 


  • 0

#20
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi RobkBriggs

Everything is looking good :thumbsup:

Has the .net popup gone?

Just a last few bits to check.


Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SpaceSoundPro" /f
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Security Check

    Please try to run Security Check again. Right click on the file and select Run as administrator to run it.
    Please post the checkup.txt results.


    Step3 - Fresh FRST logs
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.


    Things for your next post:
  • fixlog.txt
  • checkup.txt
  • FRST and addition logs
  • What problems remain?

  • 0

#21
robkbriggs

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Hello,

 

 

Here is the fixlog.txt;

Fix result of Farbar Recovery Scan Tool (x64) Version:20-11-2015
Ran by Shawn&Stacy (2015-11-21 10:13:26) Run:4
Running from C:\Users\Shawn&Stacy\Desktop
Loaded Profiles: Shawn&Stacy (Available Profiles: Shawn&Stacy & Shawn & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SpaceSoundPro" /f
EmptyTemp:

*****************

Restore point was successfully created.

========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SpaceSoundPro" /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

EmptyTemp: => 37 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 10:14:31 ====

 

I ran Security Check again and it behaved exactly the same. I am making sure to run it as administrator. I even downloaded it again.

 

 

 

 

Here is the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by Shawn&Stacy (administrator) on HOMECOMPUTER (22-11-2015 12:57:22)
Running from C:\Users\Shawn&Stacy\Desktop
Loaded Profiles: Shawn&Stacy (Available Profiles: Shawn&Stacy & Shawn & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McA60BC.tmp
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Acer) C:\Windows\SysWOW64\OSDSrv\OSDApp.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
() C:\Users\Shawn&Stacy\Desktop\SecurityCheck.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1180.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [OSDAPP] => C:\Windows\SysWOW64\OSDSrv\OSDApp.exe [2054656 2013-05-16] (Acer)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-09-16] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [385024 2008-01-31] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732448 2015-10-15] (Acer)
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-09-16] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2014-09-22]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2015-11-15]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.6.1.101 10.6.1.102
Tcpip\..\Interfaces\{2CD635BC-E781-4274-B67C-F70D05666F27}: [DhcpNameServer] 10.6.1.101 10.6.1.102

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> DefaultScope {AA6B1CEC-2D28-46D3-88F5-DA9E49ADFF11} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US662D20140703&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {0513DA1D-1B2F-4BDE-BEAF-591B708BBCB4} URL =
SearchScopes: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001 -> {AA6B1CEC-2D28-46D3-88F5-DA9E49ADFF11} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US662D20140703&p={searchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-09-22] (McAfee)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-09-22] (McAfee)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-09-22] (McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-09-22] (McAfee)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-11-09] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-11-09] (McAfee, Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-21] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-11-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-21] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-11-09] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-01-03] ()
FF Plugin HKU\S-1-5-21-1384006192-1193351791-2402037821-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Shawn&Stacy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-03] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-08-14] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-21]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0296881448127886mcinstcleanup; C:\Windows\TEMP\029688~1.EXE [882000 2015-06-18] (McAfee, Inc.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-09-09] (Acer Incorporated)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-11-09] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 OSDSrv; C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe [220672 2013-05-08] () [File not signed]
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 PQAWRwa; C:\Windows\SysWOW64\OSDSrv\PQAWDrv.sys [10464 2011-09-08] () [File not signed]
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-18] (Realtek semiconductor corp)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-22 12:57 - 2015-11-22 12:58 - 00017265 _____ C:\Users\Shawn&Stacy\Desktop\FRST.txt
2015-11-21 10:36 - 2015-11-21 10:36 - 00000030 _____ C:\Users\Shawn\defragcheck2.txt
2015-11-21 10:36 - 2015-11-21 10:36 - 00000000 _____ C:\Users\Shawn\prelimcheckup3.txt
2015-11-21 10:36 - 2015-11-21 10:36 - 00000000 _____ C:\Users\Shawn\checkup.txt
2015-11-21 10:33 - 2015-11-21 10:36 - 00000823 _____ C:\Users\Shawn\prelimcheckup2.txt
2015-11-21 10:33 - 2015-11-21 10:36 - 00000506 _____ C:\Users\Shawn\defragcheck.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001618 _____ C:\Users\Shawn\notcheckup32.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001587 _____ C:\Users\Shawn\notcheckup31.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001556 _____ C:\Users\Shawn\notcheckup30.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001525 _____ C:\Users\Shawn\notcheckup29.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001494 _____ C:\Users\Shawn\notcheckup28.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001463 _____ C:\Users\Shawn\notcheckup27.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001432 _____ C:\Users\Shawn\notcheckup26.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001401 _____ C:\Users\Shawn\notcheckup25.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001370 _____ C:\Users\Shawn\notcheckup24.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001339 _____ C:\Users\Shawn\notcheckup23.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001308 _____ C:\Users\Shawn\notcheckup22.txt
2015-11-21 10:33 - 2015-11-21 10:33 - 00001277 _____ C:\Users\Shawn\notcheckup21.txt
2015-11-21 10:29 - 2015-11-21 10:29 - 00852720 _____ C:\Users\Shawn&Stacy\Desktop\SecurityCheck.exe
2015-11-21 10:28 - 2015-11-21 10:28 - 00852720 _____ C:\Users\Shawn&Stacy\Desktop\SecurityCheck.exe.56owbgi.partial
2015-11-21 10:20 - 2015-11-21 10:33 - 00001246 _____ C:\Users\Shawn\notcheckup20.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00001215 _____ C:\Users\Shawn\notcheckup19.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00001184 _____ C:\Users\Shawn\notcheckup18.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00001153 _____ C:\Users\Shawn\notcheckup17.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00001122 _____ C:\Users\Shawn\notcheckup16.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00001091 _____ C:\Users\Shawn\notcheckup15.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00001060 _____ C:\Users\Shawn\notcheckup14.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00001029 _____ C:\Users\Shawn\notcheckup13.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000998 _____ C:\Users\Shawn\notcheckup12.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000967 _____ C:\Users\Shawn\notcheckup11.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000936 _____ C:\Users\Shawn\notcheckup10.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000906 _____ C:\Users\Shawn\notcheckup9.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000876 _____ C:\Users\Shawn\notcheckup8.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000846 _____ C:\Users\Shawn\notcheckup7.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000816 _____ C:\Users\Shawn\notcheckup6.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000786 _____ C:\Users\Shawn\notcheckup5.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000756 _____ C:\Users\Shawn\notcheckup4.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000726 _____ C:\Users\Shawn\notcheckup3.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000696 _____ C:\Users\Shawn\notcheckup2.txt
2015-11-21 10:20 - 2015-11-21 10:33 - 00000667 _____ C:\Users\Shawn\notcheckup.txt
2015-11-17 09:35 - 2015-11-21 10:33 - 00001029 _____ C:\Users\Shawn\process40.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00001001 _____ C:\Users\Shawn\process39.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000973 _____ C:\Users\Shawn\process38.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000945 _____ C:\Users\Shawn\process37.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000917 _____ C:\Users\Shawn\process36.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000889 _____ C:\Users\Shawn\process35.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000861 _____ C:\Users\Shawn\process34.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000833 _____ C:\Users\Shawn\process33.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000805 _____ C:\Users\Shawn\process32.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000777 _____ C:\Users\Shawn\process31.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000749 _____ C:\Users\Shawn\process30.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000721 _____ C:\Users\Shawn\process29.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000693 _____ C:\Users\Shawn\process28.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000665 _____ C:\Users\Shawn\process27.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000637 _____ C:\Users\Shawn\process26.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000609 _____ C:\Users\Shawn\process25.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000581 _____ C:\Users\Shawn\process24.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000553 _____ C:\Users\Shawn\process23.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000525 _____ C:\Users\Shawn\process22.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000497 _____ C:\Users\Shawn\process21.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000469 _____ C:\Users\Shawn\process20.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000441 _____ C:\Users\Shawn\process19.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000413 _____ C:\Users\Shawn\process18.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000385 _____ C:\Users\Shawn\process17.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000357 _____ C:\Users\Shawn\process16.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000329 _____ C:\Users\Shawn\process15.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000301 _____ C:\Users\Shawn\process14.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000273 _____ C:\Users\Shawn\process13.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000245 _____ C:\Users\Shawn\process12.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000217 _____ C:\Users\Shawn\process11.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000189 _____ C:\Users\Shawn\process10.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000162 _____ C:\Users\Shawn\process9.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000135 _____ C:\Users\Shawn\process8.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000108 _____ C:\Users\Shawn\process7.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000081 _____ C:\Users\Shawn\process6.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000054 _____ C:\Users\Shawn\process5.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000027 _____ C:\Users\Shawn\process4.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000000 _____ C:\Users\Shawn\tb2.txt
2015-11-17 09:31 - 2015-11-21 10:33 - 00000000 _____ C:\Users\Shawn\process2.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00002147 _____ C:\Users\Shawn\Vista7FirewallCheck1.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000635 _____ C:\Users\Shawn\prelimcheckup.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000392 _____ C:\Users\Shawn\prelimproccheck.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000346 _____ C:\Users\Shawn\wscsvc1.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000230 _____ C:\Users\Shawn\AVDisplayName.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000165 _____ C:\Users\Shawn\Vista7FirewallCheck2.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000098 _____ C:\Users\Shawn\AVstate.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000067 _____ C:\Users\Shawn\prelimspycheck2.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000024 _____ C:\Users\Shawn\x64SPcheck.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000024 _____ C:\Users\Shawn\OS1check.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000022 _____ C:\Users\Shawn\UAC2.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000000 _____ C:\Users\Shawn\UAC.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000000 _____ C:\Users\Shawn\prelimspycheck.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000000 _____ C:\Users\Shawn\IEversion.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000000 _____ C:\Users\Shawn\flashcheck.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000000 _____ C:\Users\Shawn\ff2.txt
2015-11-17 09:30 - 2015-11-21 10:33 - 00000000 _____ C:\Users\Shawn\check.txt
2015-11-17 09:30 - 2015-11-17 06:30 - 00000035 _____ C:\Users\Shawn\hostcopy.txt
2015-11-17 06:48 - 2015-10-14 16:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-17 06:48 - 2015-10-14 16:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-17 06:48 - 2015-10-14 16:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-17 06:48 - 2015-10-14 16:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-17 06:48 - 2015-10-14 16:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-15 15:58 - 2015-11-15 15:58 - 00000000 ____D C:\Users\Shawn&Stacy\Documents\My Print Creations
2015-11-15 15:58 - 2015-11-15 15:58 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\Arcsoft
2015-11-15 15:58 - 2015-11-15 15:58 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\ArcSoft
2015-11-15 15:58 - 2015-11-15 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations
2015-11-15 15:58 - 2015-11-15 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2015-11-15 15:58 - 2015-11-15 15:58 - 00000000 ____D C:\ProgramData\ArcSoft
2015-11-15 15:57 - 2015-11-15 15:57 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2015-11-15 15:55 - 2015-10-17 07:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-15 15:55 - 2015-10-13 08:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-15 15:55 - 2015-10-13 08:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-15 15:55 - 2015-10-13 08:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-15 15:55 - 2015-10-13 08:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-15 15:55 - 2015-10-13 08:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-15 15:55 - 2015-10-13 08:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-15 15:55 - 2015-10-10 23:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-15 15:55 - 2015-10-10 23:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-15 15:55 - 2015-10-10 11:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-15 15:55 - 2015-10-10 11:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-15 15:55 - 2015-10-10 11:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-15 15:55 - 2015-10-10 10:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-15 15:55 - 2015-10-10 10:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-15 15:55 - 2015-10-10 10:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-15 15:55 - 2015-10-10 09:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-15 15:53 - 2015-10-15 09:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-15 15:53 - 2015-10-15 08:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-15 15:53 - 2015-10-13 10:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-15 15:53 - 2015-10-13 10:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-15 15:53 - 2015-09-12 06:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-15 15:53 - 2015-08-28 15:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-15 15:51 - 2015-10-08 09:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-15 15:51 - 2015-08-10 11:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-15 15:51 - 2015-08-10 11:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-15 15:51 - 2015-08-10 10:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-15 15:51 - 2015-08-10 09:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-15 15:51 - 2015-08-10 09:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-15 15:51 - 2014-11-10 11:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-11-15 15:47 - 2015-10-20 14:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-15 15:47 - 2015-10-20 07:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-15 15:47 - 2015-10-20 07:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-15 15:47 - 2015-10-20 07:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-15 15:47 - 2015-10-20 07:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-15 15:47 - 2015-10-20 07:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-15 15:47 - 2015-10-20 07:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-15 15:47 - 2015-10-20 07:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-15 15:47 - 2015-10-20 07:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-15 15:47 - 2015-10-20 07:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-15 15:47 - 2015-10-20 07:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-15 15:47 - 2015-10-20 07:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-15 15:46 - 2015-10-30 16:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-15 15:46 - 2015-10-30 16:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-15 15:46 - 2015-10-30 16:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-15 15:46 - 2015-10-30 16:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-15 15:46 - 2015-10-30 16:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-15 15:46 - 2015-10-30 15:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-15 15:46 - 2015-10-30 15:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-15 15:46 - 2015-10-30 15:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-15 15:46 - 2015-10-30 15:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-15 15:46 - 2015-10-30 15:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-15 15:46 - 2015-10-30 15:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-15 15:46 - 2015-10-30 15:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-15 15:46 - 2015-10-30 15:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-15 15:46 - 2015-10-30 15:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-15 15:46 - 2015-10-30 15:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-15 15:46 - 2015-10-30 15:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-15 15:46 - 2015-10-30 15:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-15 15:46 - 2015-10-30 15:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-15 15:46 - 2015-10-30 15:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-15 15:46 - 2015-10-30 14:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-15 15:46 - 2015-10-30 14:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-15 15:46 - 2015-10-30 14:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-15 15:46 - 2015-10-30 14:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-15 15:46 - 2015-09-29 05:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-15 15:46 - 2015-09-07 09:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-15 15:46 - 2015-09-07 08:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-15 15:46 - 2015-09-07 08:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-15 15:46 - 2015-09-04 12:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-15 15:46 - 2015-08-20 13:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-15 15:46 - 2015-08-20 10:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-15 15:46 - 2014-11-04 18:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-15 15:46 - 2014-11-04 18:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-11-15 15:31 - 2015-11-21 10:13 - 00000000 ____D C:\Users\Shawn&Stacy\Desktop\FRST-OlderVersion
2015-11-15 14:27 - 2015-11-15 15:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-15 14:27 - 2015-11-15 14:27 - 00001122 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-15 14:27 - 2015-11-15 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-15 14:27 - 2015-11-15 14:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-15 14:27 - 2015-11-15 14:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-15 14:27 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-15 14:27 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-15 14:27 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-15 14:20 - 2015-11-15 14:24 - 00000000 ____D C:\AdwCleaner
2015-11-15 13:36 - 2015-11-15 13:36 - 00011776 ___SH C:\Users\Shawn&Stacy\Desktop\Thumbs.db
2015-11-15 12:48 - 2015-11-15 11:11 - 01801288 _____ (Malwarebytes) C:\Users\Shawn&Stacy\Desktop\JRT.exe
2015-11-15 12:48 - 2015-11-15 11:11 - 01732096 _____ C:\Users\Shawn&Stacy\Desktop\AdwCleaner.exe
2015-11-11 15:52 - 2015-11-11 15:52 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-11-11 14:17 - 2015-11-21 10:13 - 02345984 _____ (Farbar) C:\Users\Shawn&Stacy\Desktop\FRST64.exe
2015-11-04 17:00 - 2015-11-22 12:57 - 00000000 ____D C:\FRST
2015-11-03 14:29 - 2015-11-03 14:29 - 00006958 _____ C:\Users\SHAWNmgn_service-remove_00.log
2015-11-03 14:29 - 2015-11-03 14:29 - 00001627 _____ C:\Users\Shawn\g2ax_uninstaller_customer.log
2015-11-03 14:29 - 2015-11-03 14:29 - 00001185 _____ C:\Users\SHAWNmgn_service-force_shutdown_00.log
2015-11-03 14:16 - 2015-11-03 14:29 - 00304606 _____ C:\Users\SHAWNGoToAssist Remote Support Customer_00.LOG
2015-11-03 14:16 - 2015-11-03 14:29 - 00004604 _____ C:\Users\SHAWNmgn_service-service_00.log
2015-11-03 14:16 - 2015-11-03 14:16 - 00007348 _____ C:\Users\SHAWNmgn_service-install_manual_00.log
2015-11-03 14:16 - 2015-11-03 14:16 - 00001438 _____ C:\Users\SHAWNmgn_service-start_session_00.log
2015-11-03 14:15 - 2015-11-03 14:29 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-11-03 14:15 - 2015-11-03 14:15 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\Citrix
2015-11-01 19:35 - 2015-11-03 14:00 - 00000010 _____ C:\Users\Public\Documents\test.txt
2015-11-01 19:30 - 2015-11-01 19:31 - 00000000 ___HD C:\$Windows.~BT
2015-11-01 18:55 - 2015-11-01 18:55 - 00000485 _____ C:\Users\Shawn&Stacy\Desktop\Administrative Tools - Shortcut.lnk
2015-11-01 18:28 - 2015-11-01 18:28 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\Google
2015-10-31 07:46 - 2013-08-22 06:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-10-31 07:39 - 2015-10-31 07:39 - 00000000 ____D C:\Users\Shawn\AppData\Local\KodakGallery
2015-10-28 16:43 - 2015-11-22 03:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-28 16:43 - 2015-11-21 10:11 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-28 16:40 - 2015-10-28 16:40 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-10-26 03:29 - 2015-10-26 03:29 - 00002005 _____ C:\Users\Public\Desktop\abPhoto.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-22 12:56 - 2014-02-21 04:32 - 01848754 _____ C:\Windows\WindowsUpdate.log
2015-11-22 12:56 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-22 03:53 - 2014-02-21 04:48 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-11-22 03:18 - 2014-07-03 16:55 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1384006192-1193351791-2402037821-1001
2015-11-22 03:09 - 2014-07-03 16:56 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A89C9A3A-19B4-4FA1-937E-D2CB8095155A}
2015-11-21 11:44 - 2015-07-22 18:29 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-11-21 11:44 - 2013-09-17 23:03 - 00000000 ____D C:\ProgramData\McAfee
2015-11-21 11:43 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-11-21 10:57 - 2015-06-26 07:28 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-11-21 10:36 - 2014-07-05 14:02 - 00000000 ____D C:\Users\Shawn
2015-11-21 10:33 - 2014-07-03 16:49 - 00000000 ____D C:\Users\Shawn&Stacy
2015-11-21 10:32 - 2014-07-03 17:40 - 00000000 ___DO C:\Users\Shawn&Stacy\SkyDrive
2015-11-21 10:31 - 2013-08-22 07:46 - 00030819 _____ C:\Windows\setupact.log
2015-11-21 10:31 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-21 10:30 - 2013-09-17 22:48 - 00066678 _____ C:\Windows\PFRO.log
2015-11-21 10:30 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-21 10:17 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-11-21 10:13 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-21 10:11 - 2014-07-03 16:52 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Local\clear.fi
2015-11-17 09:46 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-16 13:07 - 2015-07-25 13:12 - 00000438 _____ C:\Windows\Tasks\EasyShare Registration Task.job
2015-11-16 13:07 - 2013-08-22 07:44 - 00363320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-16 12:39 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-15 16:09 - 2014-07-05 13:59 - 00000000 ____D C:\Windows\system32\MRT
2015-11-15 16:05 - 2014-07-05 13:59 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-15 15:59 - 2015-07-25 13:27 - 04747264 ____R C:\Users\Public\Documents\ESBK.mbb
2015-11-15 15:59 - 2015-07-25 13:27 - 02023424 ____R C:\Users\Public\Documents\ESBK.mb
2015-11-15 15:58 - 2014-02-21 04:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-15 15:57 - 2015-07-25 13:16 - 00017108 _____ C:\Windows\DPINST.LOG
2015-11-15 15:55 - 2015-07-25 13:14 - 00002126 _____ C:\Users\Public\Desktop\Kodak EasyShare.lnk
2015-11-15 15:54 - 2015-07-25 13:12 - 00003020 _____ C:\Windows\System32\Tasks\EasyShare Registration Task
2015-11-15 15:25 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\FileManager
2015-11-15 13:38 - 2013-09-17 22:55 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-02 17:23 - 2015-10-14 07:22 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-02 17:23 - 2015-10-14 07:22 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 19:36 - 2013-09-17 23:47 - 00000000 ____D C:\Windows\Panther
2015-11-01 18:19 - 2014-07-05 15:03 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{644AD842-6A1E-41E8-A61F-A97471BA9E31}
2015-11-01 18:14 - 2014-07-05 14:29 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1384006192-1193351791-2402037821-1004
2015-11-01 18:04 - 2014-07-05 14:25 - 00000000 ____D C:\Users\Shawn\Documents\Bluetooth Folder
2015-11-01 18:03 - 2014-08-09 18:32 - 00000000 ___DO C:\Users\Shawn\OneDrive
2015-11-01 14:48 - 2014-11-24 18:18 - 00000000 ____D C:\Users\Shawn&Stacy\AppData\Roaming\Skype
2015-11-01 13:54 - 2014-07-03 16:51 - 00000000 ____D C:\Users\Shawn&Stacy\Documents\Bluetooth Folder
2015-10-31 07:33 - 2014-07-03 16:50 - 00000000 ____D C:\ProgramData\OEM
2015-10-31 07:26 - 2014-07-05 14:25 - 00000000 ____D C:\Users\Shawn\AppData\Local\clear.fi
2015-10-26 03:29 - 2013-09-17 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-10-26 03:28 - 2015-07-22 04:20 - 00003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2015-10-26 03:28 - 2013-09-17 23:42 - 00000000 ___HD C:\OEM

==================== Files in the root of some directories =======

2014-09-22 19:15 - 2014-09-22 19:15 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-11-11 15:52 - 2015-11-11 15:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-03 17:03 - 2014-07-03 17:03 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-22 03:06

==================== End of FRST.txt ============================

 

 

Here is the Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-11-2015
Ran by Shawn&Stacy (2015-11-22 12:59:23)
Running from C:\Users\Shawn&Stacy\Desktop
Windows 8.1 (X64) (2014-07-03 23:49:52)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1384006192-1193351791-2402037821-500 - Administrator - Disabled)
Guest (S-1-5-21-1384006192-1193351791-2402037821-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1384006192-1193351791-2402037821-1003 - Limited - Enabled)
Shawn (S-1-5-21-1384006192-1193351791-2402037821-1004 - Limited - Enabled) => C:\Users\Shawn
Shawn&Stacy (S-1-5-21-1384006192-1193351791-2402037821-1001 - Administrator - Enabled) => C:\Users\Shawn&Stacy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.05.2001.1 - Acer Incorporated)
Acer PanelOnOff (HKLM-x32\...\{55F2D48B-6022-4722-9B55-47CC4FA7DBD6}) (Version: 1.0.3.822 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.08.2006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.01.3004 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.00.3013 - Acer Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{D32B2CEB-7220-9558-DF92-787B0E715684}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.11.2000.2 - Acer Incorporated)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3323.57 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
fflink (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FlextimePlayer1.0.3 (HKLM-x32\...\{AEAC4397-9CE9-4DCE-850C-8E0AF7728DDF}) (Version: 1.0.3 - south-star)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 9.2.0.11 - WildTangent, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4132 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.203 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{E142AB79-FD0D-34F7-8D4D-56E78C536467}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{BFD96B89-B769-4CD6-B11E-E79FFD46F067}) (Version: 7.4.1.14 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

17-11-2015 06:29:40 Restore Point Created by FRST
21-11-2015 10:13:35 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-11-17 06:30 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17511F17-937C-43E8-8E5D-B2AF1C8179C8} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-07-01] (Acer Incorporated)
Task: {1EA9290B-1691-4E16-97FF-FEE3A785C614} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-15] (Microsoft Corporation)
Task: {3A374187-C67C-4EF7-BAC2-1AA82CEDAA48} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {4B9D7097-EB42-4502-AE86-9798B9475DDE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {4FC81656-989E-49A3-B41E-E553D23F29DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-21] (Adobe Systems Incorporated)
Task: {6C05B76E-812C-47A3-9DBB-546574A95880} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-08-12] (Acer Incorporated)
Task: {6CE13A9A-CF04-49E2-AE19-67D7039423E2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {74F4637D-B0CD-4FD7-87B2-E8C3268EC013} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: {78710094-4D08-4701-93AD-98CFE5EE564D} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {7D1E590C-B816-4C65-BBEA-580C1CBB9E29} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-07-01] (Acer Incorporated)
Task: {82CA3464-8725-4207-8B6D-1D9B3FBF3C46} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-08-26] (Acer Incorporated)
Task: {9307E414-2143-40D7-A6C5-861529E57DC6} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-09-10] (Acer Incorporated)
Task: {AD2E9353-B0FB-46BA-9D70-457BC78B7956} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {BCD4D772-64BF-4C04-AC41-D5F033F40B89} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)
Task: {BF11D8DA-B994-4F42-91F4-08DF5A707577} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {D5F43C43-FC2F-4990-9EDD-A654824AD4B2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-10-15] (Acer)
Task: {ED2BBB2F-62F5-4A24-9D7A-9B0ADA401684} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt [email protected]
Task: {F1324A3F-8C98-4B6A-B12C-1B2411F02AD2} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EasyShare Registration Task.job => C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt

==================== Loaded Modules (Whitelisted) ==============

2014-02-21 04:46 - 2013-05-08 10:21 - 00220672 _____ () C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe
2013-01-29 13:28 - 2013-01-29 13:28 - 00109024 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-01-29 13:28 - 2013-01-29 13:28 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 00207872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2014-10-28 17:12 - 2014-10-28 17:12 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2013-01-29 13:28 - 2013-01-29 13:28 - 00109024 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2013-08-08 17:53 - 2013-08-08 17:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2013-09-25 04:04 - 2013-09-25 04:04 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 04:01 - 2013-09-25 04:01 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 04:08 - 2013-09-25 04:08 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-09-16 13:58 - 2015-09-16 13:58 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-09-16 13:58 - 2015-09-16 13:58 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-11-21 10:29 - 2015-11-21 10:29 - 00852720 _____ () C:\Users\Shawn&Stacy\Desktop\SecurityCheck.exe
2015-07-11 14:19 - 2015-07-11 14:19 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-10-15 10:56 - 2015-10-15 10:56 - 00201568 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-10-15 10:56 - 2015-10-15 10:56 - 00118112 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2011-02-23 17:24 - 2015-11-15 15:58 - 00406016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
2011-02-23 17:23 - 2015-11-15 15:58 - 00264192 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
2011-02-23 17:21 - 2015-11-15 15:58 - 00356352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
2011-02-23 17:19 - 2015-11-15 15:58 - 00237568 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2011-02-23 17:38 - 2015-11-15 15:58 - 00234496 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2011-02-23 17:15 - 2015-11-15 15:58 - 00090112 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2011-02-23 17:39 - 2015-11-15 15:58 - 00078848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2011-02-23 17:11 - 2015-11-15 15:58 - 00062464 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 10:05 - 2015-11-15 15:58 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2011-02-23 17:37 - 2015-11-15 15:58 - 00761856 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2011-02-23 17:17 - 2015-11-15 15:58 - 00152576 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2011-02-23 18:00 - 2015-11-15 15:58 - 00684032 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2011-02-23 17:24 - 2015-11-15 15:58 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
2011-02-23 17:15 - 2015-11-15 15:58 - 00129536 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
2011-02-23 18:55 - 2015-11-15 15:58 - 11503616 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2009-09-28 21:19 - 2015-11-15 15:58 - 00782336 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
2009-09-28 21:20 - 2015-11-15 15:58 - 00462848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
2009-09-28 21:21 - 2015-11-15 15:58 - 00528384 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
2009-09-28 21:19 - 2015-11-15 15:58 - 00868352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
2009-09-28 21:20 - 2015-11-15 15:58 - 02236416 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
2009-09-28 21:21 - 2015-11-15 15:58 - 00847872 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
2009-09-28 21:21 - 2015-11-15 15:58 - 01396736 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
2009-09-28 21:19 - 2015-11-15 15:58 - 00155648 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
2011-02-23 18:04 - 2015-11-15 15:58 - 00171520 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
2011-02-23 17:38 - 2015-11-15 15:58 - 00052224 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2011-02-23 17:36 - 2015-11-15 15:58 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2011-02-23 17:15 - 2015-11-15 15:58 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2011-02-23 15:25 - 2015-11-15 15:58 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2011-02-23 19:02 - 2015-11-15 15:58 - 00339968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2011-02-23 18:01 - 2015-11-15 15:58 - 00098304 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2011-02-23 18:05 - 2015-11-15 15:58 - 00315392 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2011-02-23 17:55 - 2015-11-15 15:58 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2011-02-23 19:00 - 2015-11-15 15:58 - 00471040 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
2011-02-23 17:16 - 2015-11-15 15:58 - 00044544 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2015-09-16 13:58 - 2015-09-16 13:58 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2014-02-21 05:16 - 2013-07-30 19:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-09-14 16:46 - 2015-09-14 16:46 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-10-26 03:28 - 2015-10-26 03:28 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-09-10 13:51 - 2015-09-10 13:51 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-09-10 13:43 - 2015-09-10 13:43 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1384006192-1193351791-2402037821-1001\...\StartupApproved\Run: => "Web Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2015 10:53:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.4062.0, time stamp: 0x55aee26a
Faulting module name: msksrvr.dll_unloaded, version: 15.0.4006.0, time stamp: 0x558790e7
Exception code: 0xc0000005
Fault offset: 0x000000000000569b
Faulting process id: 0xab4
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3
Faulting package full name: McSvHost.exe4
Faulting package-relative application ID: McSvHost.exe5

Error: (11/21/2015 10:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUICnt.exe, version: 7.0.4063.0, time stamp: 0x55aee23f
Faulting module name: combase.dll, version: 6.3.9600.17415, time stamp: 0x545044f9
Exception code: 0xc0000005
Fault offset: 0x000000000004334a
Faulting process id: 0x17cc
Faulting application start time: 0xMcUICnt.exe0
Faulting application path: McUICnt.exe1
Faulting module path: McUICnt.exe2
Report Id: McUICnt.exe3
Faulting package full name: McUICnt.exe4
Faulting package-relative application ID: McUICnt.exe5

Error: (11/21/2015 10:13:32 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {84db0582-0535-471c-8279-1cebd9f33389}

Error: (11/17/2015 06:55:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (11/17/2015 06:29:38 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5af8d162-fb35-452c-9427-3b196f3ea2a7}

Error: (11/15/2015 00:49:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1fb92a74-a1f5-4c6c-a940-bd51cac4d47b}

Error: (11/11/2015 03:39:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5bd8ae48-09e7-4dea-978b-278631c99c07}

Error: (11/11/2015 03:12:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DV.exe, version: 1.0.0.0, time stamp: 0x55e96721
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0xe0434352
Fault offset: 0x00015b68
Faulting process id: 0x188c
Faulting application start time: 0xDV.exe0
Faulting application path: DV.exe1
Faulting module path: DV.exe2
Report Id: DV.exe3
Faulting package full name: DV.exe4
Faulting package-relative application ID: DV.exe5

Error: (11/11/2015 03:12:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DV.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
Stack:

Server stack trace:
   at System.Runtime.Remoting.Messaging.MethodCall.ResolveMethod(Boolean bThrowIfNotResolved)
   at System.Runtime.Remoting.Messaging.MethodCall..ctor(Object handlerObject, BinaryMethodCallMessage smuggledMsg)
   at System.Runtime.Serialization.Formatters.Binary.BinaryMethodCall.ReadArray(Object[] callA, Object handlerObject)
   at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
   at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
   at System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage(String objectUri, Stream inputStream, Boolean bStrictBinding, TypeFilterLevel securityLevel)
   at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at Microsoft.Shell.SingleInstance`1+IPCRemoteService[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeFirstInstance(System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SignalFirstInstance(System.String, System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InitializeAsFirstInstance(System.String)
   at demoforupdaterwindow.App.Main()

Error: (11/11/2015 03:10:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x562fc085
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0xfc0
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5

System errors:
=============
Error: (11/21/2015 10:57:51 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053HomeNetSvcUnavailable{89105939-0E55-4F63-82F2-7EF170402AD1}

Error: (11/21/2015 10:57:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Home Network service failed to start due to the following error:
%%1053

Error: (11/21/2015 10:57:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Home Network service to connect.

Error: (11/21/2015 10:57:50 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053HomeNetSvcUnavailable{89105939-0E55-4F63-82F2-7EF170402AD1}

Error: (11/21/2015 10:57:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Home Network service failed to start due to the following error:
%%1053

Error: (11/21/2015 10:57:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Home Network service to connect.

Error: (11/21/2015 10:55:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Proxy Service service failed to start due to the following error:
%%1053

Error: (11/21/2015 10:55:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.

Error: (11/21/2015 10:55:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Error: (11/21/2015 10:55:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

CodeIntegrity:
===================================
  Date: 2015-11-01 13:18:28.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:18:28.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:14:06.073
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:14:05.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:09:43.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:09:42.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:07:16.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:07:15.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:05:33.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 13:05:32.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 33%
Total physical RAM: 3516.92 MB
Available physical RAM: 2343.23 MB
Total Virtual: 4668.92 MB
Available Virtual: 2373.27 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.63 GB) (Free:408.04 GB) NTFS
Drive e: (Voyager) (Removable) (Total:15.12 GB) (Free:14.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A96AE5F6)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15.1 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

The PC seems to be running okay.


  • 0

#22
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi RobkBriggs
 

The PC seems to be running okay.


Excellent Stuff!

I believe SecurityCheck is not supported on win 8.1. There are a number of txt files it has created in the folder C:\Users\Shawn. It will be safe enough to delete these.

Subject to no further problems...


Good News! - Your system now appears to be clean. :)
Now for some clean up and "housekeeping" procedures.

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
  • Download Delfix from here
  • Locate the file and right click on it. Click on Run as Administrator.
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Create registry backup
  • Purge system restore
  • Reset system settings

    delfix.jpg
  • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply


    Staying Protected

    Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
  • Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.
  • Tap or click Choose how updates get installed.
  • Under Important updates, choose the option "Install updates automatically (recommended)."
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates check box.


    Malwarebytes - Update and run weekly to keep your system clean.


    Additional software

    Crypto Warning!!!! - Complete Data Loss can occur!

    There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here
  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
    That's it. The protection is in place.

    Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
    UpdatesV7.4.11.JPG


    Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
  • Download Unchecky to your desktop
  • Right click on the Unchecky_setup and choose to Run as Administrator
  • Once open click the Install button.
  • Then click on Finish
  • Unchecky is now installed and will help you keep unwanted check boxes unchecked


    Some useful Tips and Reading
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem.
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.


    To learn more about how to protect yourself while on the internet read this little guide Best security practices.

    Go here for some good advice about how to prevent infection.

    Happy safe surfing!! :)

    Its been a pleasure working with you. Thanks for sticking with it. :)

    Don't forget to post your Delfix log!

    Regards
    Bruce

  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP