Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91867 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow computer [Closed]


  • This topic is locked This topic is locked
26 replies to this topic

#1 Guyl

Guyl

    Authentic Member

  • Authentic Member
  • PipPip
  • 231 posts

Posted 10 July 2014 - 01:56 PM

I've been working with appleoddity in the Windows forum.  He suggested I visit you guys for further help.  I tried to copy and/or cut & paste the topic but I couldn't get a paste option in this thread.  Could you check out my thread over there entitled (I think) "can't load software".  i did write down the thread number - 128384.  It should contain all the details.
 
Let me know what else you need.
 
Thanks.
 
Edit by paws: here's a link to the topic referred to.
http://forums.whatth...c=128384&page=2


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 July 2014 - 10:37 PM

Hi Guyl,

I read through your topic from the Windows Forum, let's see if we can run a few scans and find out what's going on here.

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:


  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 Guyl

Guyl

    Authentic Member

  • Authentic Member
  • PipPip
  • 231 posts

Posted 11 July 2014 - 06:55 PM

Hello OCD,

 

Looking forward to working with you.  Attached are the files you're looking for - I hope. 

Attached Files



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 11 July 2014 - 08:36 PM

Hi Guyl,

Please copy and paste logs directly into the reply window. When you attach the logs it requires me to down load the file in order to view it. I appreciate your cooperation. :D

 

===========================================

 

Results of screen317's Security Check version 0.99.85
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
Spybot - Search & Destroy
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
McAfee VirusScan mcods.exe
Malwarebytes Anti-Malware mbamscheduler.exe
McAfee Online Backup MOBKbackup.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

=============================================================

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-11 14:17:55
-----------------------------
14:17:55.897 OS Version: Windows 6.0.6002 Service Pack 2
14:17:55.898 Number of processors: 2 586 0xF02
14:17:55.904 ComputerName: MARY-PC UserName: Mary
14:18:04.635 Initialize success
14:18:04.967 VM: initialized successfully
14:18:05.120 VM: Intel CPU virtualization not supported
14:31:39.157 AVAST engine defs: 14071100
14:42:24.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
14:42:24.724 Disk 0 Vendor: Hitachi_HDT725032VLA380 V54OA73A Size: 305245MB BusType: 3
14:42:24.961 Disk 0 MBR read successfully
14:42:24.968 Disk 0 MBR scan
14:42:25.356 Disk 0 Windows VISTA default MBR code
14:42:25.398 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 10268 MB offset 63
14:42:25.503 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294974 MB offset 21029085
14:42:25.656 Disk 0 scanning sectors +625137345
14:42:26.602 Disk 0 scanning C:\Windows\system32\drivers
14:43:47.117 Service scanning
14:45:47.620 Modules scanning
14:46:28.769 Disk 0 trace - called modules:
14:46:28.873 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
14:46:28.881 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b325ac8]
14:46:28.893 3 CLASSPNP.SYS[8e1a58b3] -> nt!IofCallDriver -> [0x8b264918]
14:46:28.903 5 acpi.sys[886a16bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8b1fb030]
14:46:32.692 AVAST engine scan C:\Windows
14:46:59.091 AVAST engine scan C:\Windows\system32
15:10:10.124 AVAST engine scan C:\Windows\system32\drivers
15:11:50.720 AVAST engine scan C:\Users\Mary
16:24:50.274 AVAST engine scan C:\ProgramData
16:36:56.734 Scan finished successfully
19:20:56.294 Disk 0 MBR has been saved successfully to "C:\Users\Mary\Desktop\MBR.dat"
19:20:56.440 The log file has been saved successfully to "C:\Users\Mary\Desktop\aswMBR.txt"


==================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-07-2014
Ran by Mary (administrator) on MARY-PC on 11-07-2014 19:30:24
Running from C:\Users\Mary\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
(Avanquest Software) C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
(Avanquest Software) C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe
(Avanquest Software) C:\Program Files\Avanquest\Fix-It\MXTask.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avanquest Software North America) C:\Program Files\Avanquest\Fix-It\VcomCloudAgent.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(Avanquest Software) C:\Program Files\Avanquest\Fix-It\MXTask2.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Eastman Kodak Company) C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(AVAST Software) C:\Users\Mary\Desktop\aswMBR.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Display] => C:\Program Files\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [363752 2012-12-09] (BillP Studios)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [495744 2014-05-13] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\PROGRAM FILES\Adobe\Reader 8.0\Reader\READER_SL.EXE
HKLM\...\Run: [Nuance PDF Reader-reminder] => C:\PROGRAM FILES\Nuance\PDF READER\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM\...\Run: [WD Quick View] => C:\PROGRAM FILES\WESTERN DIGITAL\WD QUICK VIEW\WDDMSTATUS.EXE [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [40072 2007-07-03] (soft thinks)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-432871327-865552287-571097529-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-432871327-865552287-571097529-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-432871327-865552287-571097529-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
AppInit_DLLs: İ蘟眬偰眭 => İ蘟眬偰眭 File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> (No File)
ShellIconOverlayIdentifiers: MOBK -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK2 -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK3 -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=DTP&M=GT5620
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {D08C28B5-6FC0-4E86-9D69-24A5A633057A} URL = http://search.yahoo....p={SearchTerms}
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (Gateway Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\7tn0xz02.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: www.msn.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A111US0&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: tdameritrade.com/thinkorswim - C:\Program Files\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files\thinkorswim\nptossc.dll (TD Ameritrade)
FF user.js: detected! => C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\7tn0xz02.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\7tn0xz02.default\searchplugins\RecipeHub_2j.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\7tn0xz02.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-09-20]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\7tn0xz02.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-09-17]
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-05-22]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-05-22]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-18]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-18]

========================== Services (Whitelisted) =================

R2 .AVQWindowsMonitorService; C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe [249192 2013-12-13] (Avanquest Software)
S4 0066951389319491mcinstcleanup; C:\Windows\TEMP\006695~1.EXE [851136 2014-05-22] (McAfee, Inc.)
R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [607576 2008-04-14] (Lavasoft)
R2 APC Data Service; C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
R2 APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
R2 AQFileRestoreSrv; C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe [82816 2013-12-13] (Avanquest Software)
R2 Fix-It Task Manager; C:\Program Files\Avanquest\Fix-It\MXTask.exe [534472 2013-12-13] (Avanquest Software)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [48368 2009-09-03] (NOS Microsystems Ltd.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [527168 2014-05-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-05-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-05-02] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-05-02] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 VCOMCloudAgent; C:\Program Files\Avanquest\Fix-It\VcomCloudAgent.exe [133504 2013-12-13] (Avanquest Software North America)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-06-14] (Western Digital)
U0 0173631208222615mcinstcleanup; C:\Users\Mary\AppData\Local\Temp\017363~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [18488 2013-12-13] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-05-02] (McAfee, Inc.)
S0 drvmcdb; C:\Windows\System32\DRIVERS\drvmcdb.sys [76000 2001-10-11] (VERITAS Software, Inc.) [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [67800 2014-05-26] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-05-02] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-05-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-05-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-05-02] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12904 2013-10-24] (UVNC BVBA)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
U3 aswMBR; \??\C:\Users\Mary\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Mary\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-11 19:30 - 2014-07-11 19:32 - 00021100 _____ () C:\Users\Mary\Desktop\FRST.txt
2014-07-11 19:29 - 2014-07-11 19:31 - 00000000 ____D () C:\FRST
2014-07-11 19:28 - 2014-07-11 19:28 - 01075200 _____ (Farbar) C:\Users\Mary\Desktop\FRST.exe
2014-07-11 19:20 - 2014-07-11 19:20 - 00002047 _____ () C:\Users\Mary\Desktop\aswMBR.txt
2014-07-11 19:20 - 2014-07-11 19:20 - 00000512 _____ () C:\Users\Mary\Desktop\MBR.dat
2014-07-11 14:16 - 2014-07-11 14:17 - 05185536 _____ (AVAST Software) C:\Users\Mary\Desktop\aswMBR.exe
2014-07-11 14:14 - 2014-07-11 14:14 - 00001268 _____ () C:\Users\Mary\Desktop\checkup.txt
2014-07-11 13:59 - 2014-07-11 13:59 - 00854390 _____ () C:\Users\Mary\Desktop\SecurityCheck(1).exe
2014-07-09 22:49 - 2014-07-09 22:50 - 00000000 ____D () C:\Program Files\Defraggler
2014-07-09 22:45 - 2014-07-09 22:45 - 04362512 _____ (Piriform Ltd) C:\Users\Mary\Desktop\dfsetup218.exe
2014-07-09 08:20 - 2014-05-26 14:13 - 00067800 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2014-07-09 08:19 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-07-09 03:10 - 2014-07-09 03:10 - 00142720 _____ () C:\Windows\Minidump\Mini070914-01.dmp
2014-07-08 22:39 - 2014-07-08 22:39 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01353 - Shortcut.lnk
2014-07-08 22:39 - 2014-07-08 22:39 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01352 - Shortcut.lnk
2014-07-08 22:39 - 2014-07-08 22:39 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01351 - Shortcut.lnk
2014-07-08 22:38 - 2014-07-08 22:38 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01323 - Shortcut.lnk
2014-07-08 22:20 - 2014-07-08 22:20 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01272 - Shortcut.lnk
2014-07-08 22:20 - 2014-07-08 22:20 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01271 - Shortcut.lnk
2014-07-08 22:20 - 2014-07-08 22:20 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01269 - Shortcut.lnk
2014-07-08 16:44 - 2014-06-06 20:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 16:43 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 16:43 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 16:42 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 16:42 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 16:42 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 16:42 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 16:42 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 16:42 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 16:42 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 16:42 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 16:42 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 16:42 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 16:42 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 16:42 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 16:42 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 16:42 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 16:42 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 16:42 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 16:42 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 16:42 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 16:42 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 16:42 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 16:42 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 10:15 - 2014-07-08 10:15 - 00142720 _____ () C:\Windows\Minidump\Mini070814-01.dmp
2014-07-07 21:44 - 2014-07-11 18:17 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 21:43 - 2014-07-07 21:43 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 21:43 - 2014-07-07 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 21:42 - 2014-07-07 21:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 21:42 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-07 21:42 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-07 17:11 - 2014-07-07 17:11 - 00000000 _RSHD () C:\_Backup.RC
2014-07-07 15:02 - 2014-07-07 20:15 - 00000273 _____ () C:\Users\Mary\AppData\Roaming\Safer-Networking.log
2014-07-07 14:59 - 2014-07-07 15:10 - 00000000 ____D () C:\Users\Mary\AppData\Local\LogMeIn Rescue Applet
2014-07-07 14:58 - 2014-07-07 15:09 - 00017830 _____ () C:\Users\Mary\Desktop\Support-LogMeInRescue.exe
2014-07-07 14:49 - 2014-07-07 14:49 - 00001800 _____ () C:\Users\Mary\Desktop\Fix-It Utilities Professional.lnk
2014-07-07 14:42 - 2014-07-07 14:42 - 00001505 _____ () C:\Users\Public\Desktop\Setup Fix-It 15.0.32.28.lnk
2014-07-07 14:40 - 2013-12-13 11:31 - 00018488 ____N () C:\Windows\system32\Drivers\AQFileRestore.sys
2014-07-07 14:40 - 2012-02-09 12:58 - 00035000 _____ () C:\Windows\system32\mxntdfg.exe
2014-07-07 14:39 - 2014-07-07 14:39 - 00001800 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fix-It Utilities Professional.lnk
2014-07-07 14:39 - 2014-07-07 14:39 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2014-07-07 14:39 - 2013-10-24 14:03 - 00024680 _____ (UVNC BVBA) C:\Windows\system32\mv2.dll
2014-07-07 14:39 - 2013-10-24 14:03 - 00012904 _____ (UVNC BVBA) C:\Windows\system32\Drivers\mv2.sys
2014-07-07 14:22 - 2014-07-07 14:26 - 73332576 _____ (Avanquest) C:\Users\Mary\Desktop\Fix-It_Professional_ENU_15.0.32.28.exe
2014-07-07 14:01 - 2014-07-07 14:01 - 00194936 _____ (VCOM, a division of Avanquest) C:\Users\Mary\Desktop\VcomCleanUp.exe
2014-07-05 16:36 - 2014-07-05 16:36 - 00142720 _____ () C:\Windows\Minidump\Mini070514-01.dmp
2014-07-04 12:21 - 2014-07-04 12:21 - 00000347 _____ () C:\Users\Mary\Desktop\SecurityCheck.exe
2014-07-04 10:07 - 2014-07-04 10:07 - 00000000 ____D () C:\Users\Mary\AppData\Local\Skype
2014-07-04 10:06 - 2014-07-04 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-04 10:06 - 2014-07-04 10:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-02 02:11 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-02 02:11 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-02 02:10 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-02 02:10 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-02 01:20 - 2014-07-02 01:20 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-02 00:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-02 00:42 - 2014-07-02 00:43 - 01346519 _____ () C:\Users\Mary\Desktop\adwcleaner_3.214.exe
2014-07-01 23:07 - 2014-07-02 01:00 - 00000000 ____D () C:\AdwCleaner
2014-07-01 18:53 - 2014-07-01 18:53 - 00000000 ____D () C:\Program Files\ESET
2014-07-01 18:49 - 2014-07-04 12:37 - 00000000 ____D () C:\Users\Mary\Desktop\New Folder

==================== One Month Modified Files and Folders =======

2014-07-11 19:32 - 2014-07-11 19:30 - 00021100 _____ () C:\Users\Mary\Desktop\FRST.txt
2014-07-11 19:31 - 2014-07-11 19:29 - 00000000 ____D () C:\FRST
2014-07-11 19:29 - 2012-07-21 15:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-11 19:28 - 2014-07-11 19:28 - 01075200 _____ (Farbar) C:\Users\Mary\Desktop\FRST.exe
2014-07-11 19:20 - 2014-07-11 19:20 - 00002047 _____ () C:\Users\Mary\Desktop\aswMBR.txt
2014-07-11 19:20 - 2014-07-11 19:20 - 00000512 _____ () C:\Users\Mary\Desktop\MBR.dat
2014-07-11 18:30 - 2007-08-31 03:48 - 01225025 _____ () C:\Windows\WindowsUpdate.log
2014-07-11 18:17 - 2014-07-07 21:44 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 17:40 - 2006-11-02 08:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-11 17:40 - 2006-11-02 08:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 14:17 - 2014-07-11 14:16 - 05185536 _____ (AVAST Software) C:\Users\Mary\Desktop\aswMBR.exe
2014-07-11 14:14 - 2014-07-11 14:14 - 00001268 _____ () C:\Users\Mary\Desktop\checkup.txt
2014-07-11 13:59 - 2014-07-11 13:59 - 00854390 _____ () C:\Users\Mary\Desktop\SecurityCheck(1).exe
2014-07-11 03:55 - 2008-08-14 11:57 - 00000000 ____D () C:\_Backup
2014-07-10 12:48 - 2012-12-22 22:04 - 00000000 __RSD () C:\Users\Mary\Documents\McAfee Vaults
2014-07-10 12:43 - 2012-12-23 16:01 - 00000620 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-10 11:38 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 09:31 - 2006-11-02 09:01 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-09 22:51 - 2007-10-15 23:52 - 00000000 ____D () C:\Users\Mary\Desktop\Anti Virus
2014-07-09 22:50 - 2014-07-09 22:49 - 00000000 ____D () C:\Program Files\Defraggler
2014-07-09 22:45 - 2014-07-09 22:45 - 04362512 _____ (Piriform Ltd) C:\Users\Mary\Desktop\dfsetup218.exe
2014-07-09 21:59 - 2007-10-16 00:10 - 04976640 ____R () C:\Users\Public\Documents\ESBK.mbb
2014-07-09 21:59 - 2007-10-16 00:10 - 02693120 ____R () C:\Users\Public\Documents\ESBK.mb
2014-07-09 03:52 - 2006-11-02 08:47 - 00378896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:36 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:31 - 2013-08-16 03:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:25 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 03:10 - 2014-07-09 03:10 - 00142720 _____ () C:\Windows\Minidump\Mini070914-01.dmp
2014-07-09 03:10 - 2010-10-19 23:14 - 220027381 _____ () C:\Windows\MEMORY.DMP
2014-07-09 03:10 - 2010-10-19 23:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-08 22:39 - 2014-07-08 22:39 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01353 - Shortcut.lnk
2014-07-08 22:39 - 2014-07-08 22:39 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01352 - Shortcut.lnk
2014-07-08 22:39 - 2014-07-08 22:39 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01351 - Shortcut.lnk
2014-07-08 22:38 - 2014-07-08 22:38 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01323 - Shortcut.lnk
2014-07-08 22:20 - 2014-07-08 22:20 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01272 - Shortcut.lnk
2014-07-08 22:20 - 2014-07-08 22:20 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01271 - Shortcut.lnk
2014-07-08 22:20 - 2014-07-08 22:20 - 00000485 _____ () C:\Users\Mary\Desktop\DSC01269 - Shortcut.lnk
2014-07-08 22:17 - 2007-10-14 20:27 - 00048640 _____ () C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-08 20:29 - 2012-07-21 15:15 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 20:29 - 2011-06-11 00:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 11:20 - 2009-09-26 15:35 - 00000398 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2014-07-08 10:15 - 2014-07-08 10:15 - 00142720 _____ () C:\Windows\Minidump\Mini070814-01.dmp
2014-07-08 10:15 - 2007-10-14 17:10 - 00434428 _____ () C:\Windows\PFRO.log
2014-07-07 21:43 - 2014-07-07 21:43 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 21:43 - 2014-07-07 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 21:43 - 2014-07-07 21:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 21:43 - 2010-03-21 17:30 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\Malwarebytes
2014-07-07 21:42 - 2013-12-28 11:22 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-07 21:42 - 2010-03-21 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-07 20:15 - 2014-07-07 15:02 - 00000273 _____ () C:\Users\Mary\AppData\Roaming\Safer-Networking.log
2014-07-07 17:11 - 2014-07-07 17:11 - 00000000 _RSHD () C:\_Backup.RC
2014-07-07 15:10 - 2014-07-07 14:59 - 00000000 ____D () C:\Users\Mary\AppData\Local\LogMeIn Rescue Applet
2014-07-07 15:10 - 2012-12-24 17:50 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\WinPatrol
2014-07-07 15:09 - 2014-07-07 14:58 - 00017830 _____ () C:\Users\Mary\Desktop\Support-LogMeInRescue.exe
2014-07-07 14:49 - 2014-07-07 14:49 - 00001800 _____ () C:\Users\Mary\Desktop\Fix-It Utilities Professional.lnk
2014-07-07 14:42 - 2014-07-07 14:42 - 00001505 _____ () C:\Users\Public\Desktop\Setup Fix-It 15.0.32.28.lnk
2014-07-07 14:42 - 2007-10-14 20:24 - 00000000 ____D () C:\Users\Mary
2014-07-07 14:39 - 2014-07-07 14:39 - 00001800 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fix-It Utilities Professional.lnk
2014-07-07 14:39 - 2014-07-07 14:39 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2014-07-07 14:39 - 2008-08-14 11:39 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\Avanquest
2014-07-07 14:38 - 2008-08-14 11:39 - 00000000 ____D () C:\ProgramData\Avanquest
2014-07-07 14:38 - 2008-08-14 11:37 - 00000000 ____D () C:\Program Files\Avanquest
2014-07-07 14:38 - 2007-08-31 03:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-07 14:32 - 2007-10-15 13:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-07 14:26 - 2014-07-07 14:22 - 73332576 _____ (Avanquest) C:\Users\Mary\Desktop\Fix-It_Professional_ENU_15.0.32.28.exe
2014-07-07 14:01 - 2014-07-07 14:01 - 00194936 _____ (VCOM, a division of Avanquest) C:\Users\Mary\Desktop\VcomCleanUp.exe
2014-07-05 16:36 - 2014-07-05 16:36 - 00142720 _____ () C:\Windows\Minidump\Mini070514-01.dmp
2014-07-04 12:37 - 2014-07-01 18:49 - 00000000 ____D () C:\Users\Mary\Desktop\New Folder
2014-07-04 12:31 - 2011-06-21 18:19 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\Skype
2014-07-04 12:21 - 2014-07-04 12:21 - 00000347 _____ () C:\Users\Mary\Desktop\SecurityCheck.exe
2014-07-04 10:07 - 2014-07-04 10:07 - 00000000 ____D () C:\Users\Mary\AppData\Local\Skype
2014-07-04 10:06 - 2014-07-04 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-04 10:06 - 2014-07-04 10:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-04 10:06 - 2011-06-21 18:17 - 00000000 ___RD () C:\Program Files\Skype
2014-07-04 10:06 - 2011-06-21 18:17 - 00000000 ____D () C:\ProgramData\Skype
2014-07-04 10:03 - 2012-09-17 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-03 00:10 - 2012-12-23 13:41 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-03 00:06 - 2013-12-17 22:41 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-02 14:02 - 2014-05-22 22:13 - 00001751 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-07-02 14:02 - 2013-12-18 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-02 03:54 - 2007-08-31 03:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-02 03:27 - 2010-06-05 06:59 - 00000000 ____D () C:\Users\Guest
2014-07-02 03:27 - 2006-11-02 06:22 - 54263808 _____ () C:\Windows\system32\config\software_previous
2014-07-02 03:27 - 2006-11-02 06:22 - 121634816 _____ () C:\Windows\system32\config\system_previous
2014-07-02 03:26 - 2007-08-31 04:38 - 00000000 ____D () C:\Windows\SMINST
2014-07-02 03:26 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-07-02 03:26 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-07-02 03:26 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-07-02 03:20 - 2006-11-02 06:22 - 47710208 _____ () C:\Windows\system32\config\components_previous
2014-07-02 03:20 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-07-02 01:42 - 2012-05-17 22:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-02 01:20 - 2014-07-02 01:20 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-02 01:19 - 2008-03-18 21:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-02 01:18 - 2007-08-31 03:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-02 01:17 - 2009-07-01 11:30 - 00000000 ____D () C:\Program Files\Adobe
2014-07-02 01:00 - 2014-07-01 23:07 - 00000000 ____D () C:\AdwCleaner
2014-07-02 00:43 - 2014-07-02 00:42 - 01346519 _____ () C:\Users\Mary\Desktop\adwcleaner_3.214.exe
2014-07-02 00:38 - 2012-12-23 16:02 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-07-02 00:23 - 2014-05-22 21:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-01 23:36 - 2012-09-07 17:51 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-01 23:18 - 2006-11-02 06:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-07-01 23:18 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-07-01 18:53 - 2014-07-01 18:53 - 00000000 ____D () C:\Program Files\ESET

Files to move or delete:
====================
C:\Users\Mary\GoToAssist_phone__268_en.exe


Some content of TEMP:
====================
C:\Users\Mary\AppData\Local\Temp\1upowbti.dll
C:\Users\Mary\AppData\Local\Temp\5ISBEW64.exe
C:\Users\Mary\AppData\Local\Temp\6ISBEW64.exe
C:\Users\Mary\AppData\Local\Temp\autorun.dll
C:\Users\Mary\AppData\Local\Temp\ISBEW64.exe
C:\Users\Mary\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Mary\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Mary\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Mary\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mary\AppData\Local\Temp\msvcp110.dll
C:\Users\Mary\AppData\Local\Temp\msvcr110.dll
C:\Users\Mary\AppData\Local\Temp\msvcr90.dll
C:\Users\Mary\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Mary\AppData\Local\Temp\Quarantine.exe
C:\Users\Mary\AppData\Local\Temp\sqlite3.dll
C:\Users\Mary\AppData\Local\Temp\_is92EE.exe
C:\Users\Mary\AppData\Local\Temp\_isA7D5.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-11 15:03

==================== End Of Log ============================

====================================================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-07-2014
Ran by Mary at 2014-07-11 19:33:53
Running from C:\Users\Mary\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
5400 (Version: 82.0.252.000 - Hewlett-Packard) Hidden
5400_Help (Version: 82.0.252.000 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.44 - NOS Microsystems Ltd.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
APC PowerChute Personal Edition 3.0 (HKLM\...\{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}) (Version: 3.0 - American Power Conversion)
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CCScore (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
CR2 (Version: 3.01.0001.0003 - Eastman Kodak Company) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Media Reader (HKLM\...\InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}) (Version: 2.01.03.01 - AlcorMicro)
Digital Media Reader (Version: 2.01.03.01 - AlcorMicro) Hidden
ESSBrwr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FATE (HKLM\...\WT023314) (Version: WT023314 - WildTangent)
Fix-It (HKLM\...\{12FA6720-D4CF-4FFE-968D-133653AC1B1B}) (Version: 15.0.32.28 - Avanquest)
Gateway Connect (HKLM\...\{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}) (Version: 1.1.0 - Acceller)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.031 - Gateway)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
Hoffman Professional (HKLM\...\Hoffman Professional for Sierra Charts_is1) (Version: - becomeabettertrader.com)
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Deskjet Printer Driver Software 8.0.C (HKLM\...\{FB79A6DF-44D2-40a6-9FFC-34BDEEBD980B}) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.006 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
InfinityAT (HKLM\...\BB29F88B-A742-4E2C-B0F3-FFEC11E1BA06) (Version: 5.5.4 - TransAct Futures LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 7 Update 10 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
McAfee Online Backup (Version: - McAfee, Inc.) Hidden
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Total Protection (HKLM\...\MSC) (Version: 13.6.1012 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Money Essentials (HKLM\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Money Shared Libraries (Version: 16.0.0.705 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Small Business (HKLM\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Nuance PDF Reader (HKLM\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
OfotoXMI (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Penguins! (HKLM\...\WT023902) (Version: WT023902 - WildTangent)
PIXELA ImageMixer (HKLM\...\{13413C6C-C640-40B8-917E-CA3062826B18}) (Version: - )
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM\...\QuickTime) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5404 - Realtek Semiconductor Corp.)
Scrabble Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111433970}) (Version: - Oberon Media)
Secure Viewer 2.6.0.0 (HKLM\...\Secure Viewer_is1) (Version: - omNovia Technologies, Inc.)
SF_CDC_ProductContext (Version: 82.0.252.000 - Hewlett-Packard) Hidden
SF_CDC_Software (Version: 82.0.252.000 - Hewlett-Packard) Hidden
SFR (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SFR2 (Version: 3.00.0004.0000 - Eastman Kodak Company) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.0.00.10020 - Sony Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
staticcr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Stomp Backup MyPC 4.71 (HKLM\...\BEWIN32.EXE) (Version: - )
thinkorswim (HKLM\...\thinkorswim) (Version: - thinkorswim, Inc)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Trade Navigator (HKLM\...\{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}) (Version: - )
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrojanHunter 5.0 (HKLM\...\TrojanHunter_is1) (Version: 5.0 - Mischel Internet Security)
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
VetPacsLite 2006 (HKLM\...\{6BDE68AC-E1A3-4591-8E37-C95BF278EDF5}) (Version: 3.5.34.1 - Sound Technologies, Inc.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VPRINTOL (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WD SmartWare (HKLM\...\{E48995AF-B140-44F5-9A20-A3E4E627F2C2}) (Version: 1.6.2.6 - Western Digital)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WinPatrol (HKLM\...\{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}) (Version: 26.0.2013.0 - BillP Studios)
WIRELESS (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

==================== Restore Points =========================

09-07-2014 07:20:08 Windows Update

==================== Hosts content: ==========================

2006-11-02 06:23 - 2011-09-04 21:18 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {062BDD2F-6948-49AA-BD8A-56599F77BFD2} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {46CF12EB-49BC-455E-9831-57E7C2A6946E} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Mary => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {65E148CC-5A6B-48B9-8A90-2DFB1D3FCE96} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {7D386E8B-B8FB-4632-A600-F6B5061A95C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {91D114F6-B9E1-45F2-9547-A2116D094A58} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {992B5927-EB60-4214-BE02-9D1A1E0D818B} - System32\Tasks\{018B385F-492C-4880-91EE-FEC31B415BB9} => C:\Program Files\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {A3D9D72E-1049-4D20-8B92-7452C131F528} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E42FECD3-8A2A-4098-A0E0-675DB7332C9D} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F295B58E-6DC2-4B6A-B63A-89090F8ED166} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\EasyShare Registration Task.job => ÚÒÐü•BÕ@“Rï]õIöF\<
sÝ€À €!Þg!C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16Mary0Ü
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2014-07-07 14:39 - 2013-08-27 16:06 - 00450048 ____N () C:\Program Files\Avanquest\Fix-It\sqlite3.dll
2014-07-07 14:39 - 2012-10-30 17:18 - 00098304 ____N () C:\Program Files\Avanquest\Fix-It\axis2\lib\axutil.dll
2014-07-07 14:39 - 2012-10-30 17:18 - 00303616 ____N () C:\Program Files\Avanquest\Fix-It\axis2\lib\axis2_engine.dll
2014-07-07 14:39 - 2012-10-30 17:18 - 00114688 ____N () C:\Program Files\Avanquest\Fix-It\axis2\lib\axiom.dll
2014-07-07 14:39 - 2012-10-30 17:18 - 00016384 ____N () C:\Program Files\Avanquest\Fix-It\axis2\lib\axis2_parser.dll
2014-07-07 14:39 - 2012-10-30 17:18 - 00033792 ____N () C:\Program Files\Avanquest\Fix-It\axis2\lib\guththila.dll
2014-07-07 14:39 - 2012-10-30 17:18 - 00080384 ____N () C:\Program Files\Avanquest\Fix-It\axis2\lib\neethi.dll
2014-07-07 14:39 - 2012-10-30 17:18 - 00046592 ____N () C:\Program Files\Avanquest\Fix-It\axis2\lib\axis2_http_sender.dll
2014-07-07 14:39 - 2012-10-30 17:18 - 00012288 ____N () C:\Program Files\Avanquest\Fix-It\axis2\lib\axis2_http_receiver.dll
2014-07-07 14:39 - 2012-10-30 17:18 - 00021504 ____N () C:\Program Files\Avanquest\Fix-It\axis2\modules\addressing\axis2_mod_addr.dll
2014-07-07 14:39 - 2012-10-30 17:18 - 00007680 ____N () C:\Program Files\Avanquest\Fix-It\axis2\modules\logging\axis2_mod_log.dll
2012-12-23 16:00 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2012-12-23 16:00 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2012-12-23 16:00 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2012-12-23 16:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2012-12-23 16:00 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2014-07-07 14:39 - 2013-12-13 11:28 - 00014336 ____N () C:\Program Files\Avanquest\Fix-It\RDClient.dll
2014-07-07 14:39 - 2013-12-13 11:28 - 00037888 ____N () C:\Program Files\Avanquest\Fix-It\CommonUtils.dll
2014-07-07 14:39 - 2013-12-13 11:28 - 00825856 ____N () C:\Program Files\Avanquest\Fix-It\SslUtils.dll
2014-07-07 14:38 - 2010-04-16 14:52 - 00038400 ____N () C:\Program Files\Avanquest\Fix-It\DiskDefragCpp.dll
2014-07-07 14:38 - 2010-04-16 14:52 - 00344576 ____N () C:\Program Files\Avanquest\Fix-It\madExcept_.bpl
2014-07-07 14:38 - 2010-04-16 14:52 - 00178688 ____N () C:\Program Files\Avanquest\Fix-It\madBasic_.bpl
2014-07-07 14:38 - 2010-04-16 14:52 - 00045056 ____N () C:\Program Files\Avanquest\Fix-It\madDisAsm_.bpl
2010-04-13 21:11 - 2010-04-13 21:11 - 00077624 _____ () C:\Program Files\McAfee Online Backup\librs2.dll
2012-12-23 16:00 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2008-03-24 17:53 - 2007-09-03 15:50 - 00619520 _____ () C:\Program Files\TrojanHunter 5.0\ContextMenu.dll
2012-12-24 17:49 - 2012-12-09 21:46 - 00600868 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2011-02-23 18:24 - 2012-02-21 12:31 - 00406016 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Kfx.dll
2011-02-23 18:23 - 2012-02-21 12:31 - 00264192 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
2011-02-23 18:21 - 2012-02-21 12:31 - 00356352 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
2011-02-23 18:19 - 2012-02-21 12:31 - 00237568 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2011-02-23 18:38 - 2012-02-21 12:31 - 00234496 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2011-02-23 18:15 - 2012-02-21 12:31 - 00090112 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2008-10-30 14:43 - 2009-09-26 16:41 - 00077312 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2008-10-30 14:17 - 2012-02-21 12:31 - 00062464 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 10:05 - 2012-02-21 12:31 - 01564672 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2011-02-23 18:37 - 2012-02-21 12:31 - 00761856 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2011-02-23 18:17 - 2012-02-21 12:31 - 00152576 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2011-02-23 19:00 - 2012-02-21 12:31 - 00684032 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2011-02-23 18:24 - 2012-02-21 12:31 - 00084480 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
2011-02-23 18:15 - 2012-02-21 12:31 - 00129536 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
2011-02-23 19:55 - 2012-02-21 12:31 - 11503616 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2009-09-28 22:19 - 2012-02-21 12:31 - 00782336 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
2009-09-28 22:19 - 2012-02-21 12:31 - 00868352 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
2009-09-28 22:20 - 2012-02-21 12:31 - 00462848 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
2009-09-28 22:19 - 2012-02-21 12:31 - 00155648 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
2009-09-28 22:21 - 2012-02-21 12:31 - 00528384 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
2009-09-28 22:20 - 2012-02-21 12:31 - 02236416 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
2009-09-28 22:21 - 2012-02-21 12:31 - 00847872 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
2009-09-28 22:21 - 2012-02-21 12:31 - 01396736 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
2011-02-23 19:04 - 2012-02-21 12:31 - 00171520 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
2011-02-23 18:38 - 2012-02-21 12:31 - 00052224 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2011-02-23 18:36 - 2012-02-21 12:31 - 00143360 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2011-02-23 18:15 - 2012-02-21 12:31 - 00084480 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2011-02-23 16:25 - 2012-02-21 12:31 - 00010240 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2011-02-23 20:02 - 2012-02-21 12:31 - 00339968 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2011-02-23 19:01 - 2012-02-21 12:31 - 00098304 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2011-02-23 19:05 - 2012-02-21 12:31 - 00315392 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2011-02-23 18:55 - 2012-02-21 12:31 - 00688128 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2011-02-23 20:00 - 2012-02-21 12:31 - 00471040 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll
2011-02-23 18:16 - 2012-02-21 12:31 - 00044544 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2014-05-22 21:33 - 2014-07-02 00:21 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-18 00:06 - 2014-05-14 14:13 - 00169240 _____ () c:\Program Files\McAfee\MSK\mskoeplg.dll
2014-07-08 20:29 - 2014-07-08 20:29 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D56DDC33
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Mary\Desktop\oliviaandleo122211.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Mary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
MSCONFIG\startupreg: BigFix => "c:\program files\Bigfix\bigfix.exe" /atstartup
MSCONFIG\startupreg: HotKeysCmds =>
MSCONFIG\startupreg: HP Software Update => "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: ISTray => "C:\Program Files\Spyware Doctor\pctsGui.exe" /hideGUI
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: RegistryMechanic => "C:\Program Files\Registry Mechanic\RMTray.exe" /H
MSCONFIG\startupreg: RtHDVCpl => "C:\Windows\RtHDVCpl.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Skytel => "C:\Windows\Skytel.exe"
MSCONFIG\startupreg: Spare Backup => "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
MSCONFIG\startupreg: SpybotSD TeaTimer => "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
MSCONFIG\startupreg: SpySweeper => C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
MSCONFIG\startupreg: SSDMonitor => "C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: THGuard => "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
MSCONFIG\startupreg: WMPNSCFG => "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2014 04:58:48 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/10/2014 04:50:52 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/10/2014 02:42:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Fix-It.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
at AQ.Controls.CustomWindow..ctor()
at MainUI.MainWindow..ctor()
at MainUI.ApplicationEx.OnAppStartup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at XamlGeneratedNamespace.GeneratedApplicationEx.Main()

Error: (07/10/2014 11:43:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0020407d-610e-4e19-9d9d-29d1777b5408}

Error: (07/10/2014 09:10:43 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9bc532c7-1ab8-45c6-ad2e-4073a09b0f67}

Error: (07/10/2014 09:07:31 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/10/2014 09:07:24 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (07/09/2014 10:58:17 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/09/2014 04:44:50 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/09/2014 03:59:55 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d5b28382-2a1e-49c1-9cd6-826afc9b6e0b}


System errors:
=============
Error: (07/11/2014 03:19:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (07/10/2014 00:47:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/10/2014 00:36:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMScheduler

Error: (07/10/2014 00:36:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (07/10/2014 11:41:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: drvmcdb

Error: (07/10/2014 11:41:24 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/10/2014 11:35:36 AM) (Source: Application Popup) (EventID: 876) (User: )
Description: Driver drvmcdb.sys has been blocked from loading.

Error: (07/10/2014 09:31:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Fix-It Utilities Process Monitor1

Error: (07/10/2014 09:15:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/10/2014 09:07:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: drvmcdb


Microsoft Office Sessions:
=========================
Error: (08/17/2010 09:48:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 921 seconds with 60 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-07-11 19:33:12.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 19:33:10.761
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 19:33:09.405
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 19:33:07.962
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 19:33:06.184
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 19:33:04.634
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 19:33:03.323
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 19:33:01.969
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 19:31:47.533
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-11 19:31:45.766
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 82%
Total physical RAM: 2038.83 MB
Available physical RAM: 356.26 MB
Total Pagefile: 4316.74 MB
Available Pagefile: 1247.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.06 GB) (Free:142.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.03 GB) (Free:3.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: EDECDE05)
Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End Of Log ============================


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 Guyl

Guyl

    Authentic Member

  • Authentic Member
  • PipPip
  • 231 posts

Posted 11 July 2014 - 08:54 PM

Ok, no problem.  I'm confused though, it looks like you've already done that.  Do you mean going forward?  If you've already done that I don't see any comments on them.  Did I miss 'em?



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 11 July 2014 - 09:04 PM

Hi Guyl,

 


Ok, no problem.  I'm confused though, it looks like you've already done that.  Do you mean going forward?

Yes, going forward. :thumbup:

The good news is at this point there doesn't appear to be any malware on your computer. But, we'll dig a bit deeper.
 
You stated the program you were having issues getting to run was Fix-it Utilities. Have you tried to uninstall it, reboot, then re-install it? Maybe some files got corrupted during the install. Don't do it at this moment, just let me know what you have done with regards to that program.
  • Can you recall when you first started having these issues?
  • Are you having problems with any other programs?

Let's run these next steps and we'll go from there.

=========================

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • Java 7 Update 10

=========================

bullseye_zpse9eaf36e.gif Update Java

  • Get the current version of Java (Version 7 Update 60) by going to http://java.com/en/d...d/installed.jsp
  • Select the Verify Java Version button and follow the onscreen instructions to update if necessary.

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt




AppInit_DLLs: İ蘟眬偰眭 => İ蘟眬偰眭 File Not Found
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> (No File)
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

  • Fixlog.txt
  • Answers to the questions asked.

Edited by OCD, 11 July 2014 - 09:07 PM.
added comment

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 Guyl

Guyl

    Authentic Member

  • Authentic Member
  • PipPip
  • 231 posts

Posted 12 July 2014 - 04:42 AM

I'll take care of the Java issue but I just want to confirm something first.  In the first line of the box to copy to notepad there are some symbols that look like Chines characters.  Is that correct?  Just want to make sure in case that's not right.

 

The answers to the questions are:

 

1.  No, I don't remember exactly when it first started.  It's been going on for a long time - probably several years.  I told her to contact you quite a while back.  She said she would but obviously never did.  It's been gradually getting worse & worse.  Navigating around, starting up, & shutting down all take a long time.  For example, you try to open Live Mail and it may take 3 - 4 minutes to open and load.  You click on the Firefox icon and it may take 2 or 3 minutes to load.  Once you're on a site and want to move to another page it may take a minute or so.  Meanwhile, the cursor is just spinning and spinning while it's thinking.  To start up and load everything or to shut down takes, maybe, 5 minutes each, maybe longer.  I'm just guessing at each - I haven't actually timed any of these.  I just wanted to give you an idea of what we're facing.

 

I just re-read the question again.  I don't think what I just stated was what you're asking.  Use the above to know what the overall problem is.  I think you're asking when did the problem with Fix-It start.  If so, that was about 2 weeks ago when I tried to install it.  I only tried to install it because I couldn't get the Windows defrag program to complete.  I don't necessarily want to put it on.  I was just trying that because I had it and it had a defrag program in it.  They gave me another defrag program in the other forum which I've already run.

 

2.  I have not tried to install anything else since.  I'm not having any other issues with programs as far as I know other than the slowness I stated above.



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 July 2014 - 08:19 AM

Hi Guyl ,

Thanks for the detailed response. It answered all the questions I had. :thumbup:

Yes, the line in the code fix does have what appear to be Chinese characters in it.



 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 Guyl

Guyl

    Authentic Member

  • Authentic Member
  • PipPip
  • 231 posts

Posted 12 July 2014 - 11:22 AM

Ok, here ya go,

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-07-2014
Ran by Mary at 2014-07-12 13:17:25 Run:1
Running from C:\Users\Mary\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AppInit_DLLs: İ蘟眬偰眭 => İ蘟眬偰眭 File Not Found
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> (No File)
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
*****************

"İ蘟眬偰眭" => Value Data not found.
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> (No File) not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully.
'HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}'=> Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.

==== End of Fixlog ====



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 July 2014 - 07:39 PM

Hi Guyl,

As you can see from this line from the Security Check scan we ran earlier, your hard drive doesn't appear to be fragmented at all. :)

`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %

=========================

Let's go ahead and remove the Fix-it Utility program you installed.

bullseye_zpse9eaf36e.gif Revo Uninstaller Pro

Please download Revo Uninstaller Pro and save it to your desktop.
(This version is a fully functional, 30 day free trial)

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • From the list of programs click on
    Fix-It Utility
  • Chose "Uninstall". When prompted click Yes.
  • Make sure the advanced option is checked... then click Next.
  • The program will run, when prompted... click Yes... then Next.
  • Once the program has searched for leftovers click Next.
  • Check ONLY the bolded items on the list then... click Next... then Yes.
  • When done click Finish.

=========================

bullseye_zpse9eaf36e.gif Clear Java Cache

Locate the Java Control Panel

  • Click on the Start button and then click on the Control Panel option.
  • In the Control Panel Search enter "Java Control Panel".
  • Click on the Java icon javacupicon.jpg to open the Java Control Panel.

Delete Temporary Files through the Java Control Panel
java4-1.jpg

  • In the Java Control Panel, under the General tab, click Settings under the Temporary Internet Files section.
    The Temporary Files Settings dialog box appears.

java5.jpg

  • Click Delete Files on the Temporary Files Settings dialog.
    The Delete Temporary Files dialog box appears.

java6.jpg

  • Click OK on the Delete Temporary Files dialog.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK on the Temporary Files Settings dialog.
    Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

Test the system and see if there is any change in performance.
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 Guyl

Guyl

    Authentic Member

  • Authentic Member
  • PipPip
  • 231 posts

Posted 13 July 2014 - 06:42 AM

Houston, we have a problem, I think.  After doing the last steps the computer locked up.  After the last step it required a re-boot which I did.  It would not get back to the log on screen.  I had to shut it down manually.  I started it back up and it wouldn't get to the log on screen again - this time I literally fell asleep for about 45 minutes waiting.  When I woke up I re-booted again and waited another 5 minutes and then went to bed.

 

When I got up this morning after awaking the computer the log on screen was there.  I put in the password and finally got the desktop loaded after about 5 minutes of waiting.  Once in, things seemed better.  Programs seemed to load faster and navigation was better.  I decided to shut it down and try to re-start to see what would happen.  It took a long time for everything to shut down and re-start.  So this time I decided to time everything.  I shut it down again.  Shutdown (not re-start) was 2:15, start-up to login was 2:10, and after entering password to desktop loaded was 6:20.  To me, the first two seem longer than normal but the 6:20 just seems excessive.  What do you think?

 

By the way, the defrag of 0% was because when I couldn't get the Vista defrag program to run they gave me Degraggler (or whatever it's name is) and I ran it before moving over to you.



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 July 2014 - 08:19 AM

Hi Guyl,
 

Once in, things seemed better. Programs seemed to load faster and navigation was better. I decided to shut it down and try to re-start to see what would happen. It took a long time for everything to shut down and re-start. So this time I decided to time everything. I shut it down again. Shutdown (not re-start) was 2:15, start-up to login was 2:10, and after entering password to desktop loaded was 6:20. To me, the first two seem longer than normal but the 6:20 just seems excessive. What do you think?


You have to keep in mind that this operating system is quite a few years old, and degredation of performance should be expected. With that being said, the start-up and shut down times don't seem too bad. But the 6:20 does seem excessive.

Let's do a few more scans and se if we can uncover anything that might be contributing to that.

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:


  • MBAM log
  • ESET's log.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 Guyl

Guyl

    Authentic Member

  • Authentic Member
  • PipPip
  • 231 posts

Posted 13 July 2014 - 10:12 PM

Here are the results:

 

C:\Users\Mary\Desktop\CouponPrinter.exe    probably a variant of Win32/Adware.Softomate.AD application
C:\Users\Mary\Desktop\dfsetup218.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/13/2014
Scan Time: 8:48:27 AM
Logfile: MBAMScan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.13.03
Rootkit Database: v2014.07.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Mary

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304413
Time Elapsed: 22 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

 

 



#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 July 2014 - 11:35 AM

Hi Guyl,

Hmmm, not really turning up anything. :wall:

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

If these two (2) files remain on the desktop after running AdwCleaner, then just delete them.

bullseye_zpse9eaf36e.gif Delete a File/Folder

Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):

  • C:\Users\Mary\Desktop\CouponPrinter.exe
  • C:\Users\Mary\Desktop\dfsetup218.exe

Exit Explorer

=========================

In your next post please provide the following:

  • AdwCleaner[S0].txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 Guyl

Guyl

    Authentic Member

  • Authentic Member
  • PipPip
  • 231 posts

Posted 14 July 2014 - 04:19 PM

Is this dang pc giving you a challenge?  It's given me a lot of headaches, that's for sure, lol.  Love the emoticom, I feel the same way with this thing.  Anyway, here's the results of the last scan:

 

# AdwCleaner v3.215 - Report created 14/07/2014 at 14:48:02
# Updated 09/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Mary - MARY-PC
# Running from : C:\Users\Mary\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Genesis
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genesis
File Deleted : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\7tn0xz02.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\q6sri3r7.default\prefs.js ]


[ File : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\7tn0xz02.default\prefs.js ]

Line Deleted : user_pref("extensions.funmoods.aflt", "axl");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hmpg", false);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0AtBtD0CtAtCyD0F0D0AtN0D0Tzu0CtByCtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1916924269");
Line Deleted : user_pref("extensions.funmoods.id", "001BB9A20C315FDA");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15600");
Line Deleted : user_pref("extensions.funmoods.instlRef", "axl");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0AtBtD0CtAtCyD0F0D0AtN0D0Tzu0CtByCtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1916924269");
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0AtBtD0CtAtCyD0F0D0AtN0D0Tzu0CtByCtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1916924269&[...]
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", false);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2213:8:21");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [15671 octets] - [01/07/2014 23:07:29]
AdwCleaner[R1].txt - [4261 octets] - [14/07/2014 14:02:24]
AdwCleaner[S0].txt - [16179 octets] - [01/07/2014 23:18:14]
AdwCleaner[S1].txt - [4262 octets] - [14/07/2014 14:48:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4322 octets] ##########
 


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users