Hi, my name is Mark and I have a Acer laptop with Windows 8.1 64 bit purchased which is used at my sister's home that needs some help. Seven years ago I covered to Macs, but did buy this laptop for her to help with simple internet, photos, and some word processing.
The computer was initially infected by a virus near the original purchase date (a year ago) when my brother in law attempted to download software for a Nokia phone and installed a *.exe file which wasn't what it was supposed to be . At that time, everything was resolved, but more issues arose since then. I'm not sure if the new issues are related to the original problem, to instances of downloading since, or due to the original software that Acer supplied.
Currently the biggest issues are overall slowness of the computer, and pop up issues with IE. When a link is clicked in IE, a new window pops up with the proper link and the old window is redirected to Adware type pages.
I've read through some of the data on here, and ran FSRT64. I did try run ASWMBR.exe also, but it locked up the computer while downloading the files. I am using my MacBook to discuss on this board as I don't want to deal with the pop ups on the windows computer.
The text files follow:
FSRT text file
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
Ran by Kelly (administrator) on THXMARK (26-12-2015 04:29:49)
Running from C:\Users\Kelly\Desktop
Loaded Profiles: Kelly (Available Profiles: Kelly)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\SupraSavingsService64.exe
() C:\Program Files\003\xmkysecqun64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2014-12-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2014-12-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\...\MountPoints2: {3cd400c5-c2e9-11e3-8259-201a06d47b2a} - "E:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
Startup: C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 64.59.176.16 64.59.176.228
Tcpip\..\Interfaces\{2369C8D1-2502-4C6B-8035-0E2C4E4D03A9}: [DhcpNameServer] 64.59.176.16 64.59.176.228
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {5849260C-311F-4374-A230-D509DCE0562A} URL =
SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {807189FD-86C7-4BCF-A29F-DCF552204EFD} URL = hxxps://ca.search.yahoo.com/search?fr=mcafee&type=B011CA662D20150112&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-25] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-27] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-02] [not signed]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-10-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-10-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2015-11-16] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
R2 SupraSavingsService64; C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-04-12] () [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-26 04:29 - 2015-12-26 04:30 - 00018866 _____ C:\Users\Kelly\Desktop\FRST.txt
2015-12-26 04:17 - 2015-12-26 04:17 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2015-12-26 04:17 - 2015-12-26 04:17 - 00002028 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-12-26 04:13 - 2015-12-26 04:13 - 00002001 _____ C:\Users\Public\Desktop\abMedia.lnk
2015-12-26 04:13 - 2015-12-26 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-26 04:10 - 2015-12-26 04:10 - 00002005 _____ C:\Users\Public\Desktop\abPhoto.lnk
2015-12-25 20:22 - 2015-12-25 20:22 - 00282368 _____ C:\Windows\Minidump\122515-56968-01.dmp
2015-12-25 20:11 - 2015-12-25 20:11 - 00287424 _____ C:\Windows\Minidump\122515-39093-01.dmp
2015-12-25 19:55 - 2015-12-26 04:29 - 00000000 ____D C:\FRST
2015-12-25 19:55 - 2015-12-25 19:55 - 02370560 _____ (Farbar) C:\Users\Kelly\Desktop\FRST64.exe
2015-12-25 19:51 - 2015-12-26 04:28 - 00000000 ____D C:\Users\Kelly\Desktop\Mark
2015-12-02 10:58 - 2015-11-16 12:32 - 00919040 _____ (Farbar) C:\Windows\mod_frst.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 07:36 - 2014-01-17 12:18 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 01:34 - 2014-01-17 12:18 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-12-26 04:24 - 2015-05-18 14:24 - 00000935 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {31067C44-998A-4825-A8E8-465995EFCB9A}.job
2015-12-26 04:24 - 2015-05-18 14:24 - 00000749 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {31067C44-998A-4825-A8E8-465995EFCB9A}.job
2015-12-26 04:22 - 2014-04-12 20:10 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2808045357-1269114698-59485828-1001
2015-12-26 04:19 - 2015-05-18 14:19 - 00000935 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {E335AE50-3E8F-45F8-8C79-148BF61A5C0B}.job
2015-12-26 04:19 - 2015-05-18 14:19 - 00000749 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {E335AE50-3E8F-45F8-8C79-148BF61A5C0B}.job
2015-12-26 04:17 - 2014-01-17 12:36 - 00000000 ____D C:\ProgramData\OEM
2015-12-26 04:16 - 2013-10-31 05:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-12-26 04:14 - 2014-04-12 20:06 - 00000000 ____D C:\Users\Kelly\AppData\Local\clear.fi
2015-12-26 04:10 - 2014-04-12 20:21 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D343BE86-5955-4EC9-8820-9DCD5203D04E}
2015-12-26 04:10 - 2013-10-31 05:23 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-26 04:10 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2015-12-25 20:22 - 2014-06-23 21:33 - 00000000 ____D C:\Windows\Minidump
2015-12-25 20:22 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-25 20:21 - 2014-06-23 21:33 - 600677672 _____ C:\Windows\MEMORY.DMP
2015-12-25 20:21 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2015-12-25 20:18 - 2013-10-31 05:35 - 00000000 ____D C:\Program Files (x86)\Acer
2015-12-25 20:17 - 2015-10-02 18:06 - 00003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2015-12-25 20:17 - 2013-10-31 06:07 - 00000000 ___HD C:\OEM
2015-12-25 20:15 - 2014-06-27 20:37 - 00000000 ____D C:\Program Files\SupraSavings
2015-12-25 20:08 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-12-25 20:06 - 2014-04-12 20:03 - 00000000 ____D C:\Users\Kelly
2015-12-25 19:58 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-25 19:57 - 2014-04-24 18:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-25 19:43 - 2014-04-12 21:11 - 00000000 ____D C:\Users\Kelly\AppData\Local\CrashDumps
2015-12-25 19:43 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
==================== Files in the root of some directories =======
2014-01-17 12:19 - 2014-01-17 12:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Kelly\AppData\Local\Temp\BackupSetup.exe
C:\Users\Kelly\AppData\Local\Temp\nsa1C70.exe
C:\Users\Kelly\AppData\Local\Temp\nsd8C57.exe
C:\Users\Kelly\AppData\Local\Temp\nszF609.exe
C:\Users\Kelly\AppData\Local\Temp\RegClean6.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-25 01:16
==================== End of FRST.txt ============================
And here is the Additions text file:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by Kelly (2015-12-26 04:31:13)
Running from C:\Users\Kelly\Desktop
Windows 8.1 (X64) (2014-04-13 02:03:43)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2808045357-1269114698-59485828-500 - Administrator - Disabled)
Guest (S-1-5-21-2808045357-1269114698-59485828-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2808045357-1269114698-59485828-1003 - Limited - Enabled)
Kelly (S-1-5-21-2808045357-1269114698-59485828-1001 - Administrator - Enabled) => C:\Users\Kelly
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2001 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{8FAAC5E4-3361-726A-9F42-F0414FD1D3BC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.13.2000.0 - Acer Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.167 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2808045357-1269114698-59485828-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{E3AE2D4D-5274-CE6B-5434-64DA3131A301}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) <==== ATTENTION
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.13 - Synaptics Incorporated)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1562DA83-1FDC-4F03-B10F-96A276BAAD91} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {16F4AEB5-B144-4EC4-B525-55069FD981DC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {2072BE56-4BF8-424C-AF2B-5D622BCDC406} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-25] (Microsoft Corporation)
Task: {356D76DF-304F-4DAE-9A36-2B24D5516D25} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {3978E11A-5DDA-4EB9-9EBA-3CDDD1BBC093} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {3A93336C-435A-4797-9EFC-F5148CDE2F4C} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {41963EE3-966F-40D8-A47F-FD7B247E7327} - System32\Tasks\EPSON XP-310 Series Update {31067C44-998A-4825-A8E8-465995EFCB9A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {4B4C11F2-7EF4-4006-BB05-80EB62A3CF09} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {7998CD26-A5E6-41AC-8708-3C419A1A61E2} - System32\Tasks\EPSON XP-310 Series Update {E335AE50-3E8F-45F8-8C79-148BF61A5C0B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {7EF2B324-3090-45C8-9998-F457E24298BC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {7F5B3F4C-5088-4A57-85FC-537DD62E82C9} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-11-17] (Acer Incorporated)
Task: {80AB6B45-E031-401C-8D10-0AA9FB1A3543} - System32\Tasks\EPSON XP-310 Series Invitation {E335AE50-3E8F-45F8-8C79-148BF61A5C0B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {8A2D3200-BE61-4953-9F58-168252E84FAA} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {8A6ACFD4-74DD-455A-8FE9-EB519D228864} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-11-19] (Acer)
Task: {92A13E58-98B8-465F-9F2C-631FD8CF6104} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {96FB154E-866D-4C08-A26B-8DF9A43FD015} - System32\Tasks\EPSON XP-310 Series Invitation {31067C44-998A-4825-A8E8-465995EFCB9A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {9A15112D-59B1-47B9-B534-6D9B3C642B1A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9CA42D7-F971-44DF-AC7C-4578C4ED2D0E} - System32\Tasks\{5B2E45CA-A54D-4A12-B8CF-33505D1885EF} => pcalua.exe -a c:\users\kelly\appdata\local\genesis\genesis.exe -c /x
Task: {DC0EAD64-C5DD-4715-BD60-58D44731EF07} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {EA9741BE-15AA-4EBB-97E4-FE58BF11A04A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {EF820362-7241-48FD-A780-29C217026067} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {FCFD51BA-BB40-45F5-8FC9-1CCDE910F27C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {31067C44-998A-4825-A8E8-465995EFCB9A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {E335AE50-3E8F-45F8-8C79-148BF61A5C0B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\Windows\Tasks\EPSON XP-310 Series Update {31067C44-998A-4825-A8E8-465995EFCB9A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{31067C44-998A-4825-A8E8-465995EFCB9A} /F:UpdateWORKGROUP\THXMARK$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-310 Series Update {E335AE50-3E8F-45F8-8C79-148BF61A5C0B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{E335AE50-3E8F-45F8-8C79-148BF61A5C0B} /F:UpdateWORKGROUP\THXMARK$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Public\Desktop\PRIVATE WiFi.lnk -> C:\Program Files\PRIVATE WiFi\StartURL.exe () -> hxxp://www.privatewifi.com/partner/clicks.php?pid=928649&bid=76&campaign=default
==================== Loaded Modules (Whitelisted) ==============
2015-05-18 00:14 - 2012-09-18 14:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2015-05-18 00:14 - 2012-09-18 14:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-05-01 21:51 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-25 11:58 - 2014-06-25 11:58 - 00172544 _____ () C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\SupraSavingsService64.exe
2014-06-12 13:05 - 2014-06-12 13:05 - 00110080 _____ () C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\nfapi.dll
2014-06-12 13:05 - 2014-06-12 13:05 - 00456192 _____ () C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\ProtocolFilters.dll
2014-04-12 20:52 - 2014-04-12 20:52 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
2015-12-25 19:56 - 2015-12-25 19:56 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-17 12:41 - 2013-07-30 20:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-09-07 03:48 - 2013-09-07 03:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 03:45 - 2013-09-07 03:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 03:52 - 2013-09-07 03:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-10-02 18:35 - 2015-10-02 18:35 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2015-10-02 18:35 - 2015-10-02 18:35 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2015-10-02 18:35 - 2015-10-02 18:35 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-12 18:22 - 2015-01-12 18:22 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-11-16 19:55 - 2015-11-16 19:55 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-12-25 20:17 - 2015-12-25 20:17 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-11-17 11:11 - 2015-11-17 11:11 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-11-17 11:10 - 2015-11-17 11:10 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-01-17 12:09 - 2013-09-03 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-11-19 14:39 - 2015-11-19 14:39 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-11-19 14:39 - 2015-11-19 14:39 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer05.jpg
DNS Servers: 64.59.176.16 - 64.59.176.228
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Zune Launcher"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5BFFA409-450E-4BE5-A469-466AC7827211}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{922E27F4-956E-409D-ACE1-46AB77318065}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A29E0482-C000-49F0-AA9D-B7B0097C3C68}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{084429D7-CA06-4343-9D74-D02F29F3E81F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{74BD9934-8BC1-4DEB-98CC-3B2A5C598013}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{D177C388-E03D-4388-A7CE-E3BA46FB9755}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{0DD5BB29-FA4D-4E4F-B88A-6E6FB4D8583D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{FCC79AAE-5D02-44E2-9532-0B2044A2F7C4}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1F6B25DC-9D7E-4D73-9113-12C3C20AEB91}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{45A393C7-5066-4BA3-96AE-F2A4267E1B8F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{5CD6E776-D31A-4167-8BEF-83F16C1DF927}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{52E4E878-0041-4325-B867-EABCCAFB1AA5}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{426F7CEB-E79B-47FD-9293-EBF45F03DD49}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B7905C7A-C8A8-4CBF-A89D-B7A9ED98E5D8}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7C74BD7A-EEC5-450C-B745-45236CB1CD0E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{4FEBA63C-CA31-4C71-8D7E-02BE1B94D179}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{22F5D7E8-A193-4C20-A83C-B30B6F6FED69}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{F6A8F1CA-358C-4F58-80AD-EA7F960C9A95}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{B5078F08-254C-4702-9A20-0431AEB47A20}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{A4DE871B-B398-48EE-AA2E-DF094EF45DA7}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{7DCF3CB8-AFB1-4817-AB4F-1CE7ED43FAB4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{18A6F6C0-92BB-4446-81F0-CDFADDD21F2A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{2E87B8B3-132D-4AE8-9595-69286C667A6C}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{725C8631-37E2-4036-BF2F-54E59BE9B6BF}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{598EC94A-ACEC-4CB1-ADFE-A6FC1602D3C2}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{931A30F0-687D-442B-8B7E-80FC475A4E8A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{EB9E68B2-E706-430F-A0DB-A75D0DDF31CD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{E1F8EDA7-4F70-4118-800F-ECED61FD60E5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{532D5572-DD52-495D-BFA5-7F0504D924FA}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{141A6085-6C88-4CDD-B274-7B1AFAD37718}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{658B1647-DB16-4BBE-85BC-683B94923689}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5968D1C0-C583-4CEE-A856-AC9A94DBFD81}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{B92A861F-ACE7-4492-A74F-03FE82779667}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{D09CB860-0BFA-4DB0-92C9-81DA9752DF94}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{D994D648-30B0-4356-8721-A6EA540DB5E5}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{6DE56927-6B63-4C5C-8008-01358BB206B0}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{0AD987BB-6942-4089-96FC-69A119A4B7E9}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{F6A3206C-F4FD-4671-905B-C43A8E296F47}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{73F83046-B8AB-4F5F-A9B3-66AEE3D1C7C8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{18BD759C-2032-4A8B-9C5E-9F8C2261C79F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{DB3D063E-75E9-47C5-973F-4B42FAFE1868}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{0D8C2693-EA5F-49DF-BCAC-5BF28F5755C2}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{7C4F0707-A7E6-4EBF-8F97-0CB4F04057E8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{6518225B-0C66-47F6-ABD1-0D745E7BE551}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{07004C8B-F324-402B-93B5-536D1E9E1CDC}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{D16B0265-98BE-4FBE-AB7D-246F6A2AC605}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{9DA8A3FF-7F0C-4477-8FCC-1838B9A8F2B8}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{EA7DF738-A312-45A6-B650-6BF6044C4B82}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{60222CF5-7E17-46FB-8A63-BEC9F8DE2FDA}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{5E91BE89-7291-4626-8E9D-0A696C776375}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{4530C427-6EDF-47AD-B569-AA0CBF5D49E0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{0545C121-2CDB-45FD-A323-B1DD6D6354AC}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{4B96CC36-3984-40F3-BF34-54B44B55A889}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{11FDDA0E-A14E-428B-A4BA-10F8A2F5DE06}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{57869523-AEAF-4EDA-8246-66A10CE48ECE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{E8D9444A-45BF-4500-ADE4-E31A3C0B8959}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{9A3D1922-352B-4CDA-A78B-C8E81EA178CF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{8B565AE8-0753-420A-A316-9F89B601CE5B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{186288F2-4B8C-4A7A-BB14-589CA67C6965}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{11885A87-59E7-4124-8E78-8A9C52677074}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{C72D1B8F-2B76-4927-BB0E-8AA62591221F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA7A8A96-5CA6-4F46-A390-95D0BF9ED8D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8BB39883-9ED3-4569-9346-78BD8E345519}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{737032A4-D326-4DF7-A276-3DFCB8E1650C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25CC5C4B-6004-4A38-B6DF-5827159F55C7}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{1ACDCD39-E622-490D-98AC-A1E6E4249E7D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{076E674C-45EB-4226-82C9-EAF661148022}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{74CB31A9-371A-433C-8202-C2528FD41CA7}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{857DBC98-1AE9-48ED-A8CD-D3040B2E9D76}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{CCEA25E0-7DDE-4F5C-A46F-E09086023CBF}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{01A28C42-F0C0-443B-9AE7-881818E0599D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DFC703E2-6A57-4834-A957-47DFAF0BBD7B}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C928B943-D360-4091-8529-AE9812EBD006}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{668B05FF-E7FA-4D79-86DD-F18173D3B5B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{89BBE7CD-BE6D-4037-8D4A-B083E3742328}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CDC8F5B6-5812-4712-876D-FCE6F5A87A9B}] => (Allow) C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{66698094-CF3F-4B2F-BAB9-B32F79A4FCC6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{CEA7933C-F72C-4ED4-84E9-9DA448B0AFB8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A262D41A-F9F3-4807-9F19-2DF6EE12957D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{61001514-4392-4F5D-89E0-EAE3FA268643}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{E65D87AD-2B2F-4B83-B0BF-B371D8D676F3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{81EC859D-1526-495D-BAAC-9953A8816B39}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C1C9D281-66D4-44EC-A449-103B4FA99926}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D4CAE85D-AB24-4471-8D2A-188CE26C1A92}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{32E2A1E7-7244-4977-BA17-90800F401D0C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{748C0CCB-7503-4CFB-832E-62996D18738C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E8274051-1957-4E79-8D06-D9B70A41B9EC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{4A41AA91-5234-4A63-AE2A-90465A06EA54}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{63B469E4-BFE5-4B95-A8FA-A8C52C580010}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{618049D1-745D-4DB6-94A6-F48BE3618D1D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{8A94A434-FC2A-4D12-8920-B5E0F066E8C4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{B5E97983-9508-464D-8F4E-F46F54BC44BC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{ED0D6E7E-31B7-4948-BCFF-C04DC7A8BF37}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{E88055FD-DACE-4AE4-959C-4AD794957299}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D8AB689B-7ED1-4BAF-B2FC-8A6F256FDEF0}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{E6A561F5-E11F-4E61-B4A0-1E0D5DCCADCA}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{819AFEDA-7ECE-415B-A19F-5F60B9B41604}] => (Allow) C:\Users\Kelly\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{65F295A2-F10D-4294-82E1-92E46402F354}] => (Allow) C:\Users\Kelly\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{AE94C384-6A56-4497-ADCC-657A23EFAA6C}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{351124CC-23CA-4F45-AA58-09B19AC6E36B}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
==================== Restore Points =========================
02-10-2015 17:38:11 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/26/2015 04:27:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ARA.exe version 4.5.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 14fc
Start Time: 01d13fc5a0b27026
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\ARA.exe
Report Id: 4b73b9f7-abbb-11e5-8270-201a06d47b2a
Faulting package full name:
Faulting package-relative application ID:
Error: (12/26/2015 04:09:12 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: abPhoto -- Error 1704. An installation for abDocs is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
Error: (12/25/2015 08:24:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (12/25/2015 08:22:04 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (12/25/2015 08:06:48 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (12/25/2015 07:43:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0x738
Faulting application start time: 0xupdater.exe0
Faulting application path: updater.exe1
Faulting module path: updater.exe2
Report Id: updater.exe3
Faulting package full name: updater.exe4
Faulting package-relative application ID: updater.exe5
Error: (12/25/2015 07:43:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
Stack:
at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at updater.Report.AddFPToResult(updater.Result)
at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
at updater.DownloadMgr.ProcessFile(System.String)
at updater.DownloadMgr.checkJobState(SharpBits.Base.BitsJob)
at updater.DownloadMgr.DownloadFile(System.String, System.String)
at updater.DownloadMgr.Worker(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
Error: (12/25/2015 07:42:43 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (12/25/2015 07:41:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1398656076 ticks; setting correction factor to -1611396308
Error: (10/03/2015 11:01:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00000000
Faulting process id: 0xcdc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
System errors:
=============
Error: (12/25/2015 08:22:23 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP122515-56968-01
Error: (12/25/2015 08:22:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:11:46 PM on 2015-12-25 was unexpected.
Error: (12/25/2015 08:11:52 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP122515-39093-01
Error: (12/25/2015 08:11:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:06:48 PM on 2015-12-25 was unexpected.
Error: (12/25/2015 08:06:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:41:14 PM on 2015-12-25 was unexpected.
Error: (10/02/2015 06:18:47 PM) (Source: DCOM) (EventID: 10010) (User: ThxMark)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (10/02/2015 06:18:17 PM) (Source: DCOM) (EventID: 10010) (User: ThxMark)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (10/02/2015 06:05:36 PM) (Source: DCOM) (EventID: 10010) (User: ThxMark)
Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
Error: (10/02/2015 06:03:24 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x80080005
Error: (10/02/2015 06:03:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
==================== Memory info ===========================
Processor: Intel® Core i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 35%
Total physical RAM: 8072.27 MB
Available physical RAM: 5177.66 MB
Total Virtual: 16264.27 MB
Available Virtual: 14110.01 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:914.19 GB) (Free:803.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 28D045ED)
Partition: GPT.
==================== End of Addition.txt ============================