Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Extremely slow laptop

This is a discussion on Extremely slow laptop within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I have a laptop (mother-in-laws) which is an Aspire 5336 running Windows 7 Home Premium with SP1. This machine


 
 
Thread Tools Search this Thread
Old 07-26-2016, 03:50 AM   #1
Registered Member
 
Join Date: Sep 2006
Posts: 58
OS: Vista



Hi,
I have a laptop (mother-in-laws) which is an Aspire 5336 running Windows 7 Home Premium with SP1. This machine is running extremely slow, not from initial boot up, but more when any application is being opened, i.e. MS Word, Briefcase, My Computer, etc; anything really, and is as equally slow to close anything. It is as if the computer is constantly hanging due to the execution of some background task.

The machine has McAfee Internet Security Suite on it and is fully legit, as is the OS, etc. What I have also noticed is once an application is finally opened and closed (e.g. Word) it may then respond more normally on subsequent opens, etc.

I have noticed in the taskbar that there is an icon with an exclamation mark, hovering over it brings up the message 'Intel RST service is not running'. I do not know what this is and I am reluctant to do anything with it in case I make the situation worse.

Also in the taskbar there is the usual Action Centre flag. Within this there are 2 items, one being 'Set up backup', the other being 'Solve a problem with McAfee Virus Scan'. When following the McAfee issue through a box comes up headed All Control Panel>Action Centre>Message Details within which it has Most Likely Causes: Your computer was unable to download the solution at this time. Check to make sure your computer is connected to the internet, and then try to download the solution again later.

The computer is connected to the internet so I am not sure what is going on here, but I am very suspicious of McAfee. McAfee itself is reporting no infections, albeit agian very slow to load the control centre. I am wondering if something has infected the machine to interfere with McAfee and inhibit it somehow. My mother-in-law informs me that this has been going on since late June, therefore approx 6 weeks now. She also says she has done nothing untoward, nor can remember installing anything before this happened that would act as a good pointer.

Any help in trying to resolve this would be greatly appreciated. Thanks in advance.

attach.txt is attached and dds.txt is below.

Headly

dds.txt >

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18283
Run by Lavender at 10:59:29 on 2016-07-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3002.999 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\EscSvc64.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\splwow64.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\McCSPServiceHost.exe
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe
C:\Windows\splwow64.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5336&r=27360711m445l04e4z105v47921672
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B77B0215-A4B0-4626-9AC9-20E53A5DD50A} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B77B0215-A4B0-4626-9AC9-20E53A5DD50A}\244524573796E6563737845726D2438373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B77B0215-A4B0-4626-9AC9-20E53A5DD50A}\244584572633D2B4D44383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B77B0215-A4B0-4626-9AC9-20E53A5DD50A}\35B4958323139343 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B77B0215-A4B0-4626-9AC9-20E53A5DD50A}\5416478656271477B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DAE4C1B1-3C7C-4D48-9451-2813ECF5C00A} : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-11-4 842536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-11-4 243496]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-16 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-9-3 868896]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-10-26 151648]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-10-18 144560]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-7 599864]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2016-5-28 163592]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2013-12-7 989192]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-7 599864]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\mcafee\CSP\1.9.741.0\McCSPServiceHost.exe [2016-4-18 1903320]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-7 599864]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-7 599864]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-7 599864]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-7 599864]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe [2015-7-5 382456]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-12-20 277744]
R2 ModuleCoreService;McAfee Module Core Service;C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe [2016-6-11 1424352]
R2 MyEpson Portal Service;MyEpson Portal Service;C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe [2014-9-22 703984]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2016-3-4 1029856]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-16 243232]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-11-4 78632]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-16 135560]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-7-16 139264]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-7-16 384040]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2015-4-8 419624]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-11-4 349480]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2013-12-20 232688]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-11-4 493352]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2016-2-10 543488]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2016-5-28 45728]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-16 13336]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-8-1 207968]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-7-25 114688]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2016-2-10 109480]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-16 246304]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-14 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-11 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
.
=============== Created Last 30 ================
.
2016-07-25 22:00:51 760320 ----a-w- C:\Windows\System32\samsrv.dll
.
==================== Find3M ====================
.
2016-07-25 17:55:05 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-07-25 17:55:05 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 11:01:41.38 ===============
Attached Files
File Type: txt attach.txt (8.3 KB, 24 views)
headly is offline  
Sponsored Links
Advertisement
 
Old 07-27-2016, 10:47 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-27-2016, 04:10 PM   #3
Registered Member
 
Join Date: Sep 2006
Posts: 58
OS: Vista



Hi Chemist,

Thank you for your reply and your time; it's much appreciated.

Both Adwcleaner and FRST64 where downloaded on a seperate machine, transferred to the laptop in question via usb stick, saved on desktop, run, logs saved to usb stick, and posted via separate machine - all due to the very slow response of the lappy. The previous logs and attachment that I posted with my original post where done the same way (sorry, I forgot to mention that).

One other thing. My mother-in-law stated that she thought that Win 10 had started to install, even though she is adamant that she did not request this. I have had the lappy for approx 5 days before logging a request via your forum. In that time I never saw any evidence of this, however when turning the machine on this evening to run these two programs I now have a window with "Your upgrade is ready to install", with two command buttons being (Schedule it for later) (Start the upgrade now). I could not get rid of this and had to run AdwCleaner with this window up. When the machine rebooted after the run of AdwCleaner the window was gone. So, it may be that she has inadvertently actioned an upgrade to Win10. If so, can it be stopped/reversed?

Whilst running FRST64, a window popped up stating that "Your device isn't fully protected" - check McAfee. I am told by the mother-in-law that the subscription is due for renewal in the next 2-3 weeks so it might just be a warning of this. I didn't want to start drilling into this whilst FRST64 was running in case it interfered with it.

Finally, I have 2 FRST64 logs. My apologies, but due to the severe lag in response to any mouse click, I may have executed the program twice (not sure, it is really difficult to ascertain whether anything is happening 5-10 mins after the initial click or double click with nothing but the windows blue infinity cursor spinning).

Additional, whilst typing this McAfee has reported all ok.

AdwCleaner Log :-

# AdwCleaner v5.201 - Logfile created 27/07/2016 at 2339
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-27.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Lavender - LAVENDER-PC
# Running from : C:\Users\Lavender\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Partner
[#] Folder Deleted : C:\ProgramData\Application Data\Partner

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKLM\SOFTWARE\ImInstaller
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\arcsoft-photoimpression.en.softonic.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dulkizjkkg-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.co.uk
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iZito access denied

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2211 bytes] - [27/07/2016 2339]
C:\AdwCleaner\AdwCleaner[S1].txt - [2321 bytes] - [27/07/2016 22:51:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2357 bytes] ##########


FRST64 Log (1st) :-

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Lavender (administrator) on LAVENDER-PC (27-07-2016 23:38:43)
Running from C:\Users\Lavender\Desktop
Loaded Profiles: Lavender (Available Profiles: Lavender)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\McClientAnalytics.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1119472 2016-05-24] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3553090992-2084473814-1244584765-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B77B0215-A4B0-4626-9AC9-20E53A5DD50A}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DAE4C1B1-3C7C-4D48-9451-2813ECF5C00A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3553090992-2084473814-1244584765-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-3553090992-2084473814-1244584765-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5336&r=27360711m445l04e4z105v47921672
URLSearchHook: HKU\S-1-5-21-3553090992-2084473814-1244584765-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3553090992-2084473814-1244584765-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3553090992-2084473814-1244584765-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB439
SearchScopes: HKU\S-1-5-21-3553090992-2084473814-1244584765-1000 -> {6C6078DB-C05F-4FA2-BF16-9F2791419848} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB662D20110710&p={searchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-10] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll [2011-07-10] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\mcafee\msk\mskapbho.dll [2011-03-11] ()
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-10] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2011-07-10] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-10] (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-3553090992-2084473814-1244584765-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-10] (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-04-20] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-05-24] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-07-01] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
S3 mfeavfk01; \Device\mfeavfk01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 23:38 - 2016-07-27 23:52 - 00019345 _____ C:\Users\Lavender\Desktop\FRST.txt
2016-07-27 23:38 - 2016-07-27 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-07-27 23:36 - 2016-07-27 23:38 - 00000000 ____D C:\FRST
2016-07-27 22:47 - 2016-07-27 23:06 - 00000000 ____D C:\AdwCleaner
2016-07-27 20:33 - 2016-07-27 20:32 - 02394112 _____ (Farbar) C:\Users\Lavender\Desktop\FRST64.exe
2016-07-27 20:33 - 2016-07-27 20:30 - 03712064 _____ C:\Users\Lavender\Desktop\AdwCleaner.exe
2016-07-26 11:11 - 2016-07-26 11:11 - 00008548 _____ C:\Users\Lavender\Desktop\Attach1.txt
2016-07-26 11:05 - 2016-07-26 11:05 - 00016453 _____ C:\Users\Lavender\Desktop\DDS1.txt
2016-07-26 11:01 - 2016-07-26 11:01 - 00016453 _____ C:\Users\Lavender\Desktop\dds.txt
2016-07-26 11:01 - 2016-07-26 11:01 - 00008548 _____ C:\Users\Lavender\Desktop\attach.txt
2016-07-26 10:58 - 2016-07-26 09:57 - 00688992 ____R (Swearware) C:\Users\Lavender\Desktop\dds.scr
2016-07-25 23:01 - 2016-03-18 00:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-25 23:01 - 2016-03-18 00:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-25 23:01 - 2016-03-18 00:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-25 23:01 - 2016-03-18 00:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-25 23:01 - 2016-03-18 00:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-25 23:01 - 2016-03-18 00:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-25 23:01 - 2016-03-17 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-07-25 23:01 - 2016-03-17 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-07-25 23:01 - 2016-03-17 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-07-25 23:01 - 2016-03-17 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-07-25 23:01 - 2016-03-17 23:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-25 23:01 - 2016-03-17 23:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-25 23:01 - 2016-03-17 23:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-25 23:01 - 2016-03-17 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-07-25 23:01 - 2016-03-17 23:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-25 23:01 - 2016-03-17 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-07-25 23:01 - 2016-03-17 23:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-25 23:01 - 2016-03-17 23:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-25 23:01 - 2016-03-17 23:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-25 23:01 - 2016-03-17 23:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-07-25 23:01 - 2016-03-17 23:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-25 23:01 - 2016-03-17 23:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-25 23:01 - 2016-03-17 23:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-07-25 23:01 - 2016-03-17 23:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-25 23:01 - 2016-03-17 23:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-25 23:01 - 2016-03-17 23:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-25 23:01 - 2016-03-17 23:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-25 23:01 - 2016-03-17 23:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-25 23:01 - 2016-03-17 23:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-25 23:01 - 2016-03-17 23:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-25 23:01 - 2016-03-17 23:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-07-25 23:01 - 2016-03-17 23:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-07-25 23:01 - 2016-03-17 23:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-07-25 23:01 - 2016-03-17 23:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-07-25 23:01 - 2016-03-17 23:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-25 23:01 - 2016-03-17 23:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-25 23:01 - 2016-03-17 23:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-25 23:01 - 2016-03-17 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-07-25 23:01 - 2016-03-17 23:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-25 23:01 - 2016-03-17 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-25 23:01 - 2016-03-17 23:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-07-25 23:01 - 2016-03-17 23:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-25 23:01 - 2016-03-17 23:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-07-25 23:01 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-25 23:01 - 2016-03-17 23:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-07-25 23:01 - 2016-03-17 23:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-25 23:01 - 2016-03-17 23:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-25 23:01 - 2016-03-17 23:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-25 23:01 - 2016-03-17 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-25 23:01 - 2016-03-17 23:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-25 23:01 - 2016-03-17 23:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 22:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-07-25 23:01 - 2016-03-17 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-25 23:01 - 2016-03-17 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-07-25 23:01 - 2016-03-17 22:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-25 23:01 - 2016-03-17 22:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-07-25 23:01 - 2016-03-17 22:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-07-25 23:01 - 2016-03-17 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-25 23:01 - 2016-03-17 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-25 23:01 - 2016-03-17 22:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-25 23:01 - 2016-03-17 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-25 23:01 - 2016-03-17 22:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-25 23:01 - 2016-03-17 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-25 23:01 - 2016-03-17 22:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-07-25 23:01 - 2016-03-17 22:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-07-25 23:01 - 2016-03-17 22:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-07-25 23:01 - 2016-03-17 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-07-25 23:01 - 2016-03-17 22:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-25 23:01 - 2016-03-17 22:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 22:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 22:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-25 23:01 - 2016-03-17 22:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-25 23:01 - 2016-03-16 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-07-25 23:01 - 2016-03-16 19:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-07-25 23:01 - 2016-03-16 19:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-07-25 23:01 - 2016-03-06 19:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-25 23:01 - 2016-03-06 19:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-07-25 23:01 - 2016-03-06 19:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-07-25 23:01 - 2016-03-06 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-07-25 23:01 - 2016-02-05 19:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-07-25 23:01 - 2016-02-05 19:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-07-25 23:01 - 2016-02-05 18:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-07-25 23:01 - 2016-02-02 19:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-07-25 23:01 - 2016-01-21 01:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-07-25 23:01 - 2015-06-03 21:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-07-25 23:00 - 2016-03-31 20:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-25 23:00 - 2016-03-31 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-25 23:00 - 2016-03-31 01:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-25 23:00 - 2016-03-31 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-25 23:00 - 2016-03-31 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-25 23:00 - 2016-03-31 01:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-25 23:00 - 2016-03-31 01:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-25 23:00 - 2016-03-31 01:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-25 23:00 - 2016-03-31 01:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-25 23:00 - 2016-03-31 01:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-25 23:00 - 2016-03-31 01:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-25 23:00 - 2016-03-31 01:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-25 23:00 - 2016-03-31 01:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-25 23:00 - 2016-03-31 01:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-25 23:00 - 2016-03-31 01:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-25 23:00 - 2016-03-31 01:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-25 23:00 - 2016-03-31 01:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-25 23:00 - 2016-03-31 01:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-25 23:00 - 2016-03-31 01:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-25 23:00 - 2016-03-31 01:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-25 23:00 - 2016-03-31 01:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-25 23:00 - 2016-03-31 01:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-25 23:00 - 2016-03-31 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-25 23:00 - 2016-03-31 01:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-25 23:00 - 2016-03-31 00:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-25 23:00 - 2016-03-31 00:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-25 23:00 - 2016-03-31 00:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-25 23:00 - 2016-03-31 00:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-25 23:00 - 2016-03-31 00:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-25 23:00 - 2016-03-31 00:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-25 23:00 - 2016-03-31 00:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-25 23:00 - 2016-03-31 00:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-25 23:00 - 2016-03-31 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-25 23:00 - 2016-03-31 00:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-25 23:00 - 2016-03-31 00:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-25 23:00 - 2016-03-31 00:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-25 23:00 - 2016-03-31 00:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-25 23:00 - 2016-03-31 00:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-25 23:00 - 2016-03-31 00:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-25 23:00 - 2016-03-31 00:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-25 23:00 - 2016-03-31 00:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-25 23:00 - 2016-03-31 00:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-25 23:00 - 2016-03-31 00:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-25 23:00 - 2016-03-31 00:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-25 23:00 - 2016-03-31 00:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-25 23:00 - 2016-03-31 00:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-25 23:00 - 2016-03-31 00:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-25 23:00 - 2016-03-31 00:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-25 23:00 - 2016-03-31 00:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-25 23:00 - 2016-03-31 00:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-25 23:00 - 2016-03-31 00:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-25 23:00 - 2016-03-31 00:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-25 23:00 - 2016-03-31 00:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-25 23:00 - 2016-03-31 00:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-25 23:00 - 2016-03-31 00:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-25 23:00 - 2016-03-31 00:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-25 23:00 - 2016-03-31 00:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-25 23:00 - 2016-03-31 00:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-25 23:00 - 2016-03-31 00:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-25 23:00 - 2016-03-31 00:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-25 23:00 - 2016-03-31 00:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-25 23:00 - 2016-03-31 00:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-25 23:00 - 2016-03-31 00:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-25 23:00 - 2016-03-31 00:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-25 23:00 - 2016-03-31 00:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-25 23:00 - 2016-03-31 00:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-25 23:00 - 2016-03-29 18:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-25 23:00 - 2016-03-16 01:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-07-25 23:00 - 2016-03-16 01:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-07-25 23:00 - 2016-03-16 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-07-25 23:00 - 2016-03-11 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-07-25 23:00 - 2016-03-11 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-07-01 14:02 - 2016-07-01 16:26 - 00262862 _____ C:\Windows\ntbtlog.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 23:50 - 2012-06-02 16:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-27 23:42 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-27 23:42 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-27 23:19 - 2014-11-16 12:17 - 00000725 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {51C4DD66-121A-474C-B719-2C38E79E94AE}.job
2016-07-27 23:18 - 2014-11-16 12:17 - 00000911 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {51C4DD66-121A-474C-B719-2C38E79E94AE}.job
2016-07-27 23:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-27 22:30 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-27 22:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-07-26 19:38 - 2010-07-16 10:24 - 00000000 ____D C:\ProgramData\McAfee
2016-07-26 19:14 - 2015-08-01 13:55 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-07-26 09:47 - 2009-07-14 05:45 - 00356608 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-26 00:33 - 2013-07-26 22:02 - 00000000 ____D C:\Windows\system32\MRT
2016-07-26 00:28 - 2012-11-16 20:17 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-25 18:57 - 2012-06-02 16:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-25 18:55 - 2012-06-02 16:29 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-25 18:55 - 2012-01-25 19:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-25 18:53 - 2012-06-02 16:29 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-25 18:53 - 2010-07-16 10:34 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-20 07:03 - 2013-11-03 12:25 - 00000000 ____D C:\Users\Lavender\Documents\INSERTS
2016-07-02 00:39 - 2009-07-14 05:45 - 00021504 _____ C:\Windows\system32\umstartup.etl
2016-07-02 00:23 - 2012-06-02 15:37 - 00000000 ____D C:\Users\Lavender\AppData\Local\ElevatedDiagnostics
2016-07-01 15:00 - 2014-02-28 17:14 - 00766100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-01 14:30 - 2015-07-05 18:50 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon

==================== Files in the root of some directories =======

2010-07-16 10:19 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\Lavender\AppData\Local\Temp\libeay32.dll
C:\Users\Lavender\AppData\Local\Temp\msvcr120.dll
C:\Users\Lavender\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-27 11:57

==================== End of FRST.txt ============================

FRST64 Log (2nd) :-

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Lavender (2016-07-27 23:52:59)
Running from C:\Users\Lavender\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-07-10 09:58:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3553090992-2084473814-1244584765-500 - Administrator - Disabled)
Guest (S-1-5-21-3553090992-2084473814-1244584765-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3553090992-2084473814-1244584765-1003 - Limited - Enabled)
Lavender (S-1-5-21-3553090992-2084473814-1244584765-1000 - Administrator - Enabled) => C:\Users\Lavender

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Reader 9.5.3 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
ArcSoft PhotoImpression (HKLM-x32\...\{6C5D7191-140A-11D6-B5A0-0050DA208A93}) (Version: - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Basic Operation Guide EPSON SX430 Series (HKLM-x32\...\EPSON SX430 Series Bog) (Version: - )
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Crime Solitaire (HKLM-x32\...\Crime Solitaire) (Version: - )
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.40.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation)
EPSON XP-412 413 415 Series Printer Uninstall (HKLM\...\EPSON XP-412 413 415 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
G.H.O.S.T Chronicles - Phantom of the Renaissance Faire 1.00 (HKLM-x32\...\G.H.O.S.T Chronicles - Phantom of the Renaissance Faire 1.00) (Version: - )
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 14.0.9042 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.189 - McAfee, Inc.)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Network Guide EPSON SX430 Series (HKLM-x32\...\EPSON SX430 Series Netg) (Version: - )
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Solitaire Mystery Stolen Power 1.00 (HKLM-x32\...\Solitaire Mystery Stolen Power 1.00) (Version: - )
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
User's Guide EPSON SX430 Series (HKLM-x32\...\EPSON SX430 Series Useg) (Version: - )
Vacation Quest The Hawaiian Islands 1.00 (HKLM-x32\...\Vacation Quest The Hawaiian Islands 1.00) (Version: - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
World Adventure 1.00 (HKLM-x32\...\World Adventure 1.00) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E7785D6-B6E0-4773-9F08-2DEC25363D10} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {389B4331-5CEB-404D-8543-B27FAF3DA4A9} - System32\Tasks\EPSON XP-412 413 415 Series Invitation {51C4DD66-121A-474C-B719-2C38E79E94AE} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {3F1495C3-D74A-4FD1-9D75-39CAB392FAA3} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {45D80609-C6DE-4A42-A054-B443BB5C6806} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-25] (Adobe Systems Incorporated)
Task: {4BF9FD86-D190-4543-A7BE-A4A8E9551DCB} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {72B8C9AF-7E82-4E57-A77E-4CADDB6A780A} - System32\Tasks\EPSON XP-412 413 415 Series Update {51C4DD66-121A-474C-B719-2C38E79E94AE} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {51C4DD66-121A-474C-B719-2C38E79E94AE}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {51C4DD66-121A-474C-B719-2C38E79E94AE}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE:/EXE:{51C4DD66-121A-474C-B719-2C38E79E94AE} /F:Update SYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-09-03 02:56 - 2010-06-09 18:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-07-16 10:41 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2016-02-22 17:59 - 2016-02-22 17:59 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ad1d5f0cd29a1edfa6483a6b07628457\IsdiInterop.ni.dll
2010-07-16 10:09 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0441DB7A [112]
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [127]
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 [134]
AlternateDataStreams: C:\ProgramData\Temp:28CDD861 [111]
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 [140]
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F [150]
AlternateDataStreams: C:\ProgramData\Temp:798A3728 [124]
AlternateDataStreams: C:\ProgramData\Temp:93EB7685 [300]
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE [288]
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D [129]
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [141]
AlternateDataStreams: C:\ProgramData\Temp:E3C56885 [119]
AlternateDataStreams: C:\ProgramData\Temp:FA206A00 [117]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3553090992-2084473814-1244584765-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lavender\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99B02DE2-9639-4AA0-BF4E-E1915191924C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{917A0587-CF80-403B-A953-8B332FB3C63A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{FCED37A8-C35C-4CEE-AEE5-F1BF170B080B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{991E91BC-1623-4EFD-B836-6E16AD8DE68A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{0F9F8EA9-4433-46AA-847F-8DC9D6745BE0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CFE25907-9698-4B05-896A-9795A4C7C2E6}] => (Allow) svchost.exe
FirewallRules: [{F75814F3-8A34-44C3-A463-C3C5A417C2A2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B4E35544-4F70-4229-B4D0-9E014FD96D05}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{1ECDC222-A6D0-4D00-B548-E0D47E0B2436}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{3DAFCE7C-0DF3-42F2-8681-30808E52B0D0}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3F7E24AB-2756-4D23-92A9-89F040235249}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [TCP Query User{CE997184-29BE-4B66-BBAB-F1F3A2B99936}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{74CE2A3D-6CCD-449D-91F9-5E9419C1B41A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{3AA39BA8-CB3F-40A7-AEBC-154AEFD08E7C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{666CF33F-53DF-43AE-BB79-E7BBF4EB9A76}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7BAAE030-BDAF-43F5-9E73-7DC6433515CD}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{FAED0C59-4B14-47E4-BF8B-7E091A774D2D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{438DB265-266E-4671-93E9-E611B057ADBA}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{C243B028-B89A-44F1-8218-74D812ECCE4C}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{17E27C3D-F649-4AB1-BD45-0380C7E93A67}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{B4C46F09-8878-42CF-9EE8-9C4A75DA4CC0}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{5B769844-D189-4E91-A57B-06EAB7E9D2F0}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{E2C481B0-F6E4-4B10-BD2D-1A530D05BCD1}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

==================== Restore Points =========================

26-07-2016 00:24:00 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2016 11:51:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (2096) WebCacheLocal: Database recovery/restore failed with unexpected error -1022.

Error: (07/27/2016 11:51:01 PM) (Source: ESENT) (EventID: 419) (User: )
Description: taskhost (2096) WebCacheLocal: Unable to read page 488 of database C:\Users\Lavender\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat. Error -1022.

Error: (07/27/2016 11:50:35 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (2096) WebCacheLocal: Database recovery/restore failed with unexpected error -1022.

Error: (07/27/2016 11:50:35 PM) (Source: ESENT) (EventID: 419) (User: )
Description: taskhost (2096) WebCacheLocal: Unable to read page 488 of database C:\Users\Lavender\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat. Error -1022.

Error: (07/27/2016 11:50:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (2096) WebCacheLocal: Database recovery/restore failed with unexpected error -1022.

Error: (07/27/2016 11:50:01 PM) (Source: ESENT) (EventID: 419) (User: )
Description: taskhost (2096) WebCacheLocal: Unable to read page 488 of database C:\Users\Lavender\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat. Error -1022.

Error: (07/27/2016 11:49:35 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (2096) WebCacheLocal: Database recovery/restore failed with unexpected error -1022.

Error: (07/27/2016 11:49:35 PM) (Source: ESENT) (EventID: 419) (User: )
Description: taskhost (2096) WebCacheLocal: Unable to read page 488 of database C:\Users\Lavender\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat. Error -1022.

Error: (07/27/2016 11:49:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (2096) WebCacheLocal: Database recovery/restore failed with unexpected error -1022.

Error: (07/27/2016 11:49:00 PM) (Source: ESENT) (EventID: 419) (User: )
Description: taskhost (2096) WebCacheLocal: Unable to read page 488 of database C:\Users\Lavender\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat. Error -1022.


System errors:
=============
Error: (07/27/2016 11:34:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {20966775-18A4-4299-B8E3-772C336B52A7}

Error: (07/27/2016 11:07:08 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056 = An instance of the service is already running.


Error: (07/27/2016 1138 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Interactive Services Detection service terminated unexpectedly. It has done this 1 time(s).

Error: (07/27/2016 1137 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/27/2016 1137 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/27/2016 1137 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (07/27/2016 1136 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/27/2016 1135 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Updater Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/27/2016 1135 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NTI IScheduleSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (07/27/2016 1135 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MyEpson Portal Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz
Percentage of memory in use: 57%
Total physical RAM: 3001.97 MB
Available physical RAM: 1270.2 MB
Total Virtual: 6002.13 MB
Available Virtual: 4162.28 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:213.14 GB) NTFS
Drive e: (STORE N GO) (Removable) (Total:29.12 GB) (Free:18.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D5B171F2)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


Thanks again

headly
headly is offline  
Sponsored Links
Advertisement
 
Old 07-28-2016, 11:43 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Headly. You're very welcome. FRST makes 2 logs the first time it is run. No worries.

Does your mother-in-law plan on upgrading to Win10?

You can always choose 'Schedule it for later' and set a later time, then just keep doing it until we finish.

Is McAfee a must for this machine? Other antiviruses are just as good, and don't use as many resources as McAfee does.

If you upgrade to Win10 later, it will automatically have Windows Defender running as your antivirus. So you could uninstall McAfee then.

You could also uninstall McAfee now, and download and install Security Essentials as your antivirus:

https://support.microsoft.com/en-us/...tials-download

------------------------------------------------------

I'm not seeing anything malicious on your machine. Not all slowness issues are due to malware.

You may have to seek help in one of our other forums when we are done here.

------------------------------------------------------

As far as the 'Intel RST service is not running' message, try this first:

Service Not Running in Version 9.6 After Boot on Windows 7*

If you still have trouble, you could, if you feel comfortable doing so, try downloading and installing a new driver from here:

https://downloadcenter.intel.com/dow...AID-Driver?v=t

You can also download the Intel® Driver Update Utility to help you. The link is on the same page.

------------------------------------------------------

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AlternateDataStreams: C:\ProgramData\Temp:0441DB7A [112]
    AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [127]
    AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 [134]
    AlternateDataStreams: C:\ProgramData\Temp:28CDD861 [111]
    AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 [140]
    AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F [150]
    AlternateDataStreams: C:\ProgramData\Temp:798A3728 [124]
    AlternateDataStreams: C:\ProgramData\Temp:93EB7685 [300]
    AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE [288]
    AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D [129]
    AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [141]
    AlternateDataStreams: C:\ProgramData\Temp:E3C56885 [119]
    AlternateDataStreams: C:\ProgramData\Temp:FA206A00 [117]
    BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-29-2016, 03:51 AM   #5
Registered Member
 
Join Date: Sep 2006
Posts: 58
OS: Vista



Hi Chemist,

Thanks again. Yes, as soon as I posted my last reply I re-read your detail. I then realised that, as you say, two logs are created and also that I copied both into the reply instead of copying one and attaching the other. I left it as I didn't want to multiple post.

No, she didn't plan on upgrading to Win10. Also, when I chose 'Schedule it for later', the system stated that I could select a date in the future, but once selected it could not be changed. Therefore I left it and when it rebooted it didn't come back. I also have not seen it since, so far.

Could this be the route of the trouble?, that she may have inadvertently selected the upgrade option and it's now getting in a loop somewhere.

Intel RST service is not running :-

I uninstalled this, with the idea of re-installing at next boot-up. When un-installed the system required a reboot anyway, after which it automatically re-installed. It appears to now be working without the error icon in the tray.

System repair disk - done, however it was done on a differnent machine running Win7 64bit (for which I needed to do that anyway). Does the one disk serve all machines with that OS, or is it machine specific? If the later, I will do it on the laptop in question once it gets back to normal.

Fixlist - done; Fixlog.txt below. All these were done in the order explained.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Lavender (2016-07-29 11:11:39) Run:1
Running from C:\Users\Lavender\Desktop
Loaded Profiles: Lavender (Available Profiles: Lavender)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
AlternateDataStreams: C:\ProgramData\Temp:0441DB7A [112]
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [127]
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 [134]
AlternateDataStreams: C:\ProgramData\Temp:28CDD861 [111]
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 [140]
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F [150]
AlternateDataStreams: C:\ProgramData\Temp:798A3728 [124]
AlternateDataStreams: C:\ProgramData\Temp:93EB7685 [300]
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE [288]
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D [129]
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [141]
AlternateDataStreams: C:\ProgramData\Temp:E3C56885 [119]
AlternateDataStreams: C:\ProgramData\Temp:FA206A00 [117]
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\ProgramData\Temp => ":0441DB7A" ADS removed successfully.
C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully.
C:\ProgramData\Temp => ":1A60DE96" ADS removed successfully.
C:\ProgramData\Temp => ":28CDD861" ADS removed successfully.
C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.
C:\ProgramData\Temp => ":5D7E5A8F" ADS removed successfully.
C:\ProgramData\Temp => ":798A3728" ADS removed successfully.
C:\ProgramData\Temp => ":93EB7685" ADS removed successfully.
C:\ProgramData\Temp => ":CDFF58FE" ADS removed successfully.
C:\ProgramData\Temp => ":E1F04E8D" ADS removed successfully.
C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully.
C:\ProgramData\Temp => ":E3C56885" ADS removed successfully.
C:\ProgramData\Temp => ":FA206A00" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 81670853 B
Java, Flash, Steam htmlcache => 85063 B
Windows/system/drivers => 1675279231 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 36190114 B
systemprofile32 => 66356 B
LocalService => 132244 B
NetworkService => 66228 B
Lavender => 2945114686 B

RecycleBin => 0 B
EmptyTemp: => 4.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:19:18 ====



Much thanks

Headly
headly is offline  
Old 07-29-2016, 10:50 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Headly. You're very welcome. The system repair disc you made works on all Win7 machines.

And, I didn't mean we needed to use it here.

It's just to have in case you need it in the future.

Did you make a decision on the antivirus situation?

------------------------------------------------------

Also, today is the last day for upgrading to Win10.

It’s now or never: Free Windows 10 upgrade ends in just a few hours | Ars Technica

Is the machine still prompting to upgrade to Win10?

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-30-2016, 04:32 AM   #7
Registered Member
 
Join Date: Sep 2006
Posts: 58
OS: Vista



Hi Chemist,

No worries with the Repair Disk, I wasn't expecting to be using it straight away unless you directed that. I just wasn't sure whether a disk had to be created per machine or whether one suited all OS's of the the same type. Thanks for the clarity.

McAfee Antivirus. It isn't my call, plus I think the in-laws buy a package so that their desktop is also covered by the same product. That also runs Win7, is quite old and not capable of running Win10. I tried to upgrade that a while ago, but the upgrade process came back stating the machine was not compatible with Win10. In short, and not to sound disrespectful to them, they are in their 70's, and manage modern technology well within their limits. They are good with what they know but I didn't want to confuse things for them by changing lots of things unless I have to. If, at the end of this process, the issue still remains, then I will tackle these points with them. As an aside, and I realise you may not be able to answer this in your capacity as an 'independent', what may be a better antivirus package? I fully understand that you may not be able to answer, but I thought I'd ask.

ComboFix run under the following conditions :-

McAfee Internet Security>
Virus and Spyware Protection
Real Time Scanning Off

Web and Email Protection
Firewall On

ComboFix.txt :-

ComboFix 16-07-25.01 - Lavender 30/07/2016 11:38:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3002.1117 [GMT 1:00]
Running from: c:\users\Lavender\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lavender\Documents\~WRD0005.tmp
c:\users\Lavender\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-06-28 to 2016-07-30 )))))))))))))))))))))))))))))))
.
.
2016-07-30 10:54 . 2016-07-30 10:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-07-27 22:36 . 2016-07-29 10:21 -------- d-----w- C:\FRST
2016-07-27 21:47 . 2016-07-27 22:06 -------- d-----w- C:\AdwCleaner
2016-07-25 22:00 . 2016-03-16 00:16 760320 ----a-w- c:\windows\system32\samsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-25 23:28 . 2012-11-16 19:17 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-07-25 17:55 . 2012-06-02 15:29 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-25 17:55 . 2012-01-25 18:21 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2014-05-02 1065024]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2016-05-24 1119472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 0229391469870279mcinstcleanup;McAfee Application Installer Cleanup (0229391469870279);c:\windows\TEMP\022939~1.EXE;c:\windows\TEMP\022939~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfeavfk01;McAfee Inc.;Device\mfeavfk01.sys;Device\mfeavfk01.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McBootDelayStartSvc;McAfee Boot Delay Start Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 ModuleCoreService;McAfee Module Core Service;c:\program files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe;c:\program files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [x]
S2 MyEpson Portal Service;MyEpson Portal Service;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PEFService;Intel Security PEF Service;c:\program files\Common Files\Intel Security\PEF\CORE\PEFService.exe;c:\program files\Common Files\Intel Security\PEF\CORE\PEFService.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys;c:\windows\SYSNATIVE\drivers\mfeaack.sys [x]
S3 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 mfesapsn;McAfee Process Start Notification Service;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 17:56]
.
2016-07-30 c:\windows\Tasks\EPSON XP-412 413 415 Series Invitation {51C4DD66-121A-474C-B719-2C38E79E94AE}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE [2014-11-16 01:20]
.
2016-07-30 c:\windows\Tasks\EPSON XP-412 413 415 Series Update {51C4DD66-121A-474C-B719-2C38E79E94AE}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE [2014-11-16 01:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-07-30 12:00:55
ComboFix-quarantined-files.txt 2016-07-30 11:00
.
Pre-Run: 232,413,159,424 bytes free
Post-Run: 231,733,768,192 bytes free
.
- - End Of File - - E4A48233F3EBB2E9A86FF03454099E28


Thanks again Chemist

Headly
headly is offline  
Old 07-30-2016, 12:35 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Headly. You're very welcome. How is the machine behaving? Any improvement in behavior?

------------------------------------------------------

As far as a purchased AV, you can't go wrong with ESET's NOD32 or Smart Security:

Free Antivirus Download | ESET Free Trial | ESET

I use it, and love it.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-01-2016, 02:09 AM   #9
Registered Member
 
Join Date: Sep 2006
Posts: 58
OS: Vista



Hi Chemist,

Thanks for your continued support, and thanks for the AV pointer; I shall pass that on to her.

mbamlog.txt :-

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 31/07/2016
Scan Time: 13:14
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.31.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lavender

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304821
Time Elapsed: 26 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


ESET :-

I followed all you steps, with the only thing that I didn't get an option for the checkbox to check for a later version. The version I downloaded from your link and used was 2.0.22.2. It spent 2hrs 54mins doing a scan, after which it came back and reported that it had found nothing (0 threat). There was not an option to save a file (I guess because nothing was found), nothing cleaned or changed, just Finish.

Regretfully, I have to say the machine is exactly the same. It was on all day yesterday and I have noticed that the 'Intel RST Service is not running' has come back again. I did notce that after some 2-3 hours though that this corrected itself. It's as if the machine needs this much time just to get to a state where it is setup ready to go from initial bootup.

I tried actually downloading the esetonlinescanner_enu.exe from the machine, this was partly why it was on all day. I cannot even get the installed browser to operate, which is IE, but don't know which version. This seems completely screwed. The machine shows it's connected to wifi ok, but browsing is a non starter. I even trid downloading the stub file for Firefox on another machine and transferring this across and installing that, but that didn't seem to want to play ball either, although it did install. I subsequently removed it. The esetonlinescanner_enu.exe was run in the same way in the end, downloaded from another machine and transferred. I kept the usb stick in the rogue laptop whilst it was scanning just in case, but nothing found. So in all, not godd, still the same.

Maybe the whole OS install has become corrupted in some way, requiring a completely fresh install.

Thanks again

Headly
headly is offline  
Old 08-01-2016, 11:19 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Headly. You're very welcome.

Install Firefox and Chrome and see if you can browse using those:

https://www.mozilla.org/en-US/firefox/new/

https://www.google.com/chrome/

Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-01-2016, 04:33 PM   #11
Registered Member
 
Join Date: Sep 2006
Posts: 58
OS: Vista



Hi Chemist,

Yes, I installed them both. Firefox first via downloading Firefox Setup Stub 47.0.1.exe on different machine and transferring via usb stick. Once that was on, I then used it to install Chrome via the rogue laptop direct (albeit very slowly). Both work, but are just as slow as the machine in general, i.e. enter a search string and approx 10 mins later a page of results come up. In the meantime the 'this page has become unresponsive' box comes up which can either be left and it eventually disappears when the machine finally brings back the results, or you can click wait and it will come back several times (approx 4-5 over the same 10 min'ish period) before displaying results.

One thing I didn't mention in the previous post. If, for example, I open Word, the machine will 'go off with the fairies' whilst you wait for Word to open. Whilst it's unresponsive, some or all the icons on the desktop (varies at different times ) will change to a blank (what looks like) page of paper icon, and then over the course of the unresponsiveness will slowly change back the icons to the proper icon. It's like it repainting the icons on the desktop (very slooooowly). Hope this makes sense.

Thanks again for your time.

Headly
headly is offline  
Old 08-02-2016, 03:22 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



See if this has any effect:

Please download Temp File Cleaner and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click TFC.exe then choose 'Run as administrator' and click 'Start'.
  • Your desktop will disappear, this is normal, it will return.
  • If prompted, click "Yes" to reboot.
  • Your machine may startup slow the first time after running TFC.exe
  • You may want to reboot again, even if TFC already rebooted your machine.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-03-2016, 09:35 AM   #13
Registered Member
 
Join Date: Sep 2006
Posts: 58
OS: Vista



Hi Chemist,

I ran TCF, and have included the output below. I know you didn't ask for it but it's there if it helps any.

Well, I can say that certain things seem to have got more responsive. After a cold boot, the laptop still takes anywhere between 5-10 mins to become useful in terms of response. After this, opening apps such as Word, Excel, Publisher, etc, all seem to open and act with a fairly normal response. I have also tried Chrome, which seems to respond fairly normally, as does Firefox, however this seemed to have a couple of pages stuck, which a Firefox refresh has seemed to sort out. I also tried IE, however this is as bad as before.

As I write, the current tab has 'waiting for google.co.uk', which has been the case for the last 15mins, which I now going to close. Personally, if it was my lappy, the IE bit wouldn't be that much of an issue. If I could remove it I would, as I think Chrome or Firefox are better. In trying to close IE, the mouse would not hover over the browser window resulting in me being unable to click the 'x' to close the window (mouse disappeared under the IE window, as if it wasn't there). I had to stop it via Task Manager>Applications, selecting IE and ending task. Eventually IE closed, after a window appearing stating IE is not responding. If the information is worthwhile, when shutting down Windows had to wait a fair while (30 secs'ish for mup.exe to stop, whatever that is.

Also, if a process is running, i.e. Chrome browser, and you then startup Word, Word will start slower than normal, but quicker than it did when this issue first started.

So, in summary, an improvement, although it still takes anything up to 10mins for the machine to get in a state where it will start responding. It's as if the initial boot is taking a very protracted amount of time, which when it's finally finished, will then allow normal'ish use, however nothing is visibly obvious that is causing this, although things like the wireless connection take an age compared to normal, along with populating other icons on the clock side of the taskbar such as the 'My Epsom Portal', 'Epsom Event Manager' and 'MyWinLocker'.

Thanks Chemist, it is looking like an improvement.

Headly

TFC Log :-

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lavender
->Temp folder emptied: 1629971 bytes
->Temporary Internet Files folder emptied: 76436 bytes
->FireFox cache emptied: 21911258 bytes
->Google Chrome cache emptied: 18890770 bytes
->Flash cache emptied: 58142 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 297360 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 276 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 242096 bytes
Process complete!

Total Files Cleaned = 41.00 mb
headly is offline  
Old 08-03-2016, 11:35 AM   #14
Registered Member
 
Join Date: Sep 2006
Posts: 58
OS: Vista



Hi Chemist,

There is a mistake in my previous post. The line that reads 'If the information is worthwhile, when shutting down Windows had to wait a fair while (30 secs'ish for mup.exe to stop, whatever that is.'

should read

'If the information is worthwhile, when shutting down Windows had to wait a fair while (30 secs'ish for mep.exe to stop, whatever that is.'

MEP.EXE not MUP.EXE

Thanks Headly
headly is offline  
Old 08-03-2016, 07:12 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Headly. You're very welcome.

mep.exe is from MyEpson Portal:

C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe

MyEpson Portal - Should I Remove It?

I don't think it is needed. Uninstall MyEpson Portal from Programs and Features. Reboot. Any improvement?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-04-2016, 08:53 AM   #16
Registered Member
 
Join Date: Sep 2006
Posts: 58
OS: Vista



Hi Chemist,

I removed MyEpson Portal; in fact I removed everything Epsom related; thinking being that it is only for their printer/scanner unit, which the drivers can be re-installed without much issue.

The machine is definitely improved, although still not right. From cold boot things like Word, etc can opened up when requested pretty much normally. However simple things like just emptying the Recycle Bin just took about 3-4mins just to get the right click options up!!

I also uninstalled IE11, via the update list in the hope that it might free up IE, but no go; it's still frozen.

Is this looking more like a registry corruption issue?

Thanks, Headly
headly is offline  
Old 08-04-2016, 03:39 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Headly. Not sure what the problem is but some problems can just never be solved. If this were my machine, I would think about starting over with a factory restore.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-04-2016, 04:07 PM   #18
Registered Member
 
Join Date: Sep 2006
Posts: 58
OS: Vista



Hi Chemist,

Yeah, I think you are right, I will have to let her know the bad news tomorrow.

Thanks for all your efforts, having expert advice like yours in this forum is an excellent service. Long may it continue.

Headly
headly is offline  
Old 08-05-2016, 10:34 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Headly. You're welcome. Some factory restores come with both a destructive, and a non-destructive option(which should keep your files, programs, etc.).
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-20-2016, 06:38 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Toshiba laptop screen randomly broke...
I was using my Toshiba doing my coursework and everything was fine put it down and closed it while I went to do something, came back and the screen was gone... I took it to Staples where I got it from and they said Toshiba wont do anything cuz they will say it's my fault cuz it looks like it's been...
ajrimmer169 Laptop Support 38 03-03-2014 03:29 PM
Laptop is Extremely Slow; tried countless things
First of all let me inform you that my laptop is so slow that I am making this post on my smart phone. Yes, it's so frustratingly slow that I'm being forced to this tiny screen on my phone. I had to sign up for techsupportforum on this phone and everything so I am really, really irritated now by my...
redden Windows 7 , Windows Vista Support 4 12-31-2012 12:30 PM
Vista has become extremely slow recently
Hello, I have a Sony Viao laptop - dual processor with 4GB RAM with Vista 64 on it. I installed Webroot Anywhere on it a few days ago and it seemed to be running fine for some days, but 2-3 days ago all of a sudden it became extremely slow (right clicking on startup to launch windows...
Canadian007 Windows 7 , Windows Vista Support 7 12-10-2011 09:18 AM
Laptop is extremely slow
Hey guys, I have using my laptop for around a year and for some reason, it is now very very slow. The problem started a week ago when I was turning it on and it seemed a bit slower than normal but I ignored this and continued with my work. Throughout the week, problems appeared more frequently...
speedo1998 Windows 7 , Windows Vista Support 2 06-03-2011 07:10 PM
[SOLVED] Alienware M15x laptop suddenly extremely slow
Hi, Last summer, I bought myself an Alienware laptop, mainly for gaming, but also for 3D animation in my school works. It worked fine, until very recently: Since it has a 15-inch screen, I purchased an external 24-inch LCD display, connected by a VGA cable to my laptop. I started playing games...
Nazsha PC Gaming Support 4 03-31-2011 06:12 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:19 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts