[SOLVED] Windows Malicious Software Removal [KB890830] tool keeps requesting to reinstall

C

chriscol

Member
Joined
Nov 15, 2016
Posts
7
Vista Home Premium SP2 (x86)

Update history shows that it installed successfully; it does not appear in the installed updates list.


Selecting to install it temporarily gets Wupdate to acknowledge this, then it starts prompting me all over. (Within minutes.)

SFCFix version 3.0.0.0 by niemiro.
Start time: 2016-11-14 22:33:47.323
Microsoft Windows Vista Service Pack 2 - x86
Not using a script file.


AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.


Successfully processed all directives.


Failed to generate a complete zip file. Upload aborted.


SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2016-11-14 22:56:26.621
----------------------EOF-----------------------


two msgboxes popped up while running the above:


This application has failed to start because api-ms-core-misc-l1-1-0.dll was not found. Re-installing the application may fix this problem.


This application has failed to start because api-ms-win-security-base-l1-1-0.dll was not found. Re-installing the application may fix this problem.

Suggestions?
 

Attachments

Yes. Everything else is now working OK, but if I'd let it, it would install every 10 minutes or so.
 
OK, please start with the following.

SFC Scan


  1. Click on the Start
    Start%20Orb.jpg
    button and in the search box, type Command Prompt
  2. When you see Command Prompt on the list, right-click on it and select Run as administrator
  3. When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow

    Wait for this to finish before you continue

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
  4. This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.
 
Thanks. Do the following next.

Step#1 - System Update Readiness Tool (SUR)
1. Download and run the following file.
2. When it asks you if you wish to install, please answer yes. Note: It could take 15 minutes or more to run. Please don't cancel.
3. You will get an Installation Complete screen when it's done running.
4. Please attach the log from the following location. C:\Windows\Logs\CBS\CheckSUR.log
Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.
 
Thanks. Please do the following.

Fresh Set of Logs Needed

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2016
Ran by Coleen (administrator) on COLEEN-PC (03-12-2016 20:47:12)
Running from C:\Users\Coleen\Desktop
Loaded Profiles: Coleen & Bob (Available Profiles: Coleen & Bob)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe




==================== Registry (Whitelisted) ====================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [831576 2016-08-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
HKU\S-1-5-21-2047633946-635831719-1502881236-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7045848 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2047633946-635831719-1502881236-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2047633946-635831719-1502881236-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2047633946-635831719-1502881236-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2047633946-635831719-1502881236-1001\...\MountPoints2: {a76e54c4-1039-11e3-a6e5-806e6f6e6963} - E:\start.exe
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


ProxyServer: [S-1-5-21-2047633946-635831719-1502881236-1001] => localhost:21320
AutoConfigURL: [S-1-5-21-2047633946-635831719-1502881236-1001] => localhost:21320
Winsock: Catalog9 01 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 27 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{4C025760-731A-4E4F-966E-4EC877522D09}: [DhcpNameServer] 192.168.0.1 205.171.2.65


Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2047633946-635831719-1502881236-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2047633946-635831719-1502881236-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2047633946-635831719-1502881236-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/webhp?tab=ww
HKU\S-1-5-21-2047633946-635831719-1502881236-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-2047633946-635831719-1502881236-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-2047633946-635831719-1502881236-1000 -> DefaultScope {CBA4F12F-9A11-4DF2-9A2E-F2C0A55F184A} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2047633946-635831719-1502881236-1000 -> {CBA4F12F-9A11-4DF2-9A2E-F2C0A55F184A} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-03] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: No Name -> {d5a1d22b-9e17-454f-8ecd-83c578fb3983} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-03] (Oracle Corporation)
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpIdfPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab


FireFox:
========
FF ProfilePath: C:\Users\Coleen\AppData\Roaming\Mozilla\Firefox\Profiles\ojlMWnw2.default [2016-11-03]
FF Extension: (No Name) - C:\Users\Coleen\AppData\Roaming\Mozilla\Firefox\Profiles\ojlMWnw2.default\Extensions\abs@avira.com [2016-11-03]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Coleen\AppData\Roaming\Mozilla\Firefox\Profiles\ojlMWnw2.default\Extensions\safesearchplus2@avira.com [2016-11-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-28] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)


Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Coleen\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Coleen\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
CHR Profile: C:\Users\Coleen\AppData\Local\Google\Chrome\User Data\Default [2016-11-28]
CHR Extension: (SearchLock) - C:\Users\Coleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2016-08-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Coleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [970632 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [470600 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [470600 2016-08-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1253352 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-01] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [35440 2016-11-28] (Dropbox, Inc.) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
S4 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [115600 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140272 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2016-08-18] (Avira Operations GmbH & Co. KG)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [114296 2013-07-14] (Ray Hinchliffe)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-10-03] ()
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-12-03 20:47 - 2016-12-03 20:47 - 00016324 _____ C:\Users\Coleen\Desktop\FRST.txt
2016-12-03 20:46 - 2016-12-03 20:47 - 00000000 ____D C:\FRST
2016-12-03 20:42 - 2016-12-03 20:43 - 01761280 _____ (Farbar) C:\Users\Coleen\Desktop\FRST.exe
2016-12-03 14:54 - 2016-12-03 14:54 - 00000000 ____D C:\Windows\CheckSur
2016-12-03 14:49 - 2016-12-03 14:51 - 154546261 _____ C:\Users\Coleen\Desktop\Windows6.0-KB947821-v35-x86.msu
2016-12-01 22:13 - 2016-12-02 16:07 - 00000000 ___RD C:\Users\Coleen\Dropbox
2016-12-01 18:56 - 2016-12-01 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-01 18:53 - 2016-12-03 20:39 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-01 18:53 - 2016-12-01 22:13 - 00000000 ____D C:\Users\Coleen\AppData\Local\Dropbox
2016-12-01 18:53 - 2016-12-01 22:06 - 00000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-01 18:53 - 2016-12-01 18:56 - 00000000 ____D C:\Program Files\Dropbox
2016-12-01 18:53 - 2016-12-01 18:53 - 00000000 ____D C:\ProgramData\Dropbox
2016-11-28 08:05 - 2016-11-28 08:05 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-28 08:05 - 2016-11-28 08:05 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-28 08:05 - 2016-11-28 08:05 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-28 08:05 - 2016-11-28 08:05 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-21 19:14 - 2016-11-24 10:19 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-20 22:30 - 2016-11-26 15:26 - 00001603 _____ C:\Users\Coleen\Desktop\Unlinked Slessors.txt
2016-11-18 18:26 - 2016-11-18 18:27 - 00000000 ____D C:\Users\Coleen\Desktop\Soutra
2016-11-18 18:00 - 2016-11-18 19:01 - 00000000 ____D C:\Users\Coleen\Desktop\ScottishGeology
2016-11-18 17:07 - 2016-11-18 19:21 - 00000000 ____D C:\Users\Coleen\Desktop\ScotsGenealogy
2016-11-15 20:39 - 2016-11-15 20:39 - 00004994 _____ C:\Users\Coleen\Documents\cc_20161115_203947.reg
2016-11-14 22:56 - 2016-11-14 22:56 - 00000000 ____D C:\SFCFix
2016-11-14 22:33 - 2016-11-14 22:56 - 00000000 ____D C:\Users\Coleen\AppData\Local\niemiro
2016-11-14 20:19 - 2016-11-14 20:29 - 00000000 ____D C:\Users\Coleen\AppData\Roaming\GSplit
2016-11-14 20:19 - 2016-11-14 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSplit 3
2016-11-14 20:19 - 2016-11-14 20:19 - 00000000 ____D C:\Program Files\GSplit
2016-11-14 20:19 - 2016-11-14 20:19 - 00000000 ____D C:\Program Files\Common Files\GSplit
2016-11-14 20:15 - 2016-11-14 20:15 - 00000000 ____D C:\Users\Coleen\AppData\Roaming\JGsoft
2016-11-14 20:06 - 2016-11-15 20:29 - 00000000 ____D C:\Users\Coleen\AppData\Roaming\Notepad++
2016-11-14 20:06 - 2016-11-15 20:29 - 00000000 ____D C:\Program Files\Notepad++
2016-11-14 14:55 - 2016-11-14 14:55 - 00000000 ____D C:\Program Files\Windows Resource Kits
2016-11-14 14:01 - 2016-11-16 13:21 - 00000000 ____D C:\Users\Coleen\Desktop\Sysnative help forum
2016-11-14 13:37 - 2016-11-14 13:41 - 368945248 _____ (Microsoft Corporation) C:\Users\Coleen\Desktop\office2007sp3-kb2526086-fullfile-en-us.exe
2016-11-14 13:37 - 2016-11-14 13:38 - 38808920 _____ (Microsoft Corporation) C:\Users\Coleen\Desktop\FileFormatConverters.exe
2016-11-12 17:36 - 2016-10-07 09:59 - 03610344 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-11-12 17:36 - 2016-10-07 09:59 - 03557608 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-12 17:36 - 2016-08-12 12:55 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-12 15:22 - 2016-10-17 16:04 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-12 15:12 - 2016-09-14 17:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-12 15:08 - 2016-10-08 09:51 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-12 15:08 - 2016-10-08 09:50 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-12 15:05 - 2016-10-07 09:52 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-12 15:03 - 2016-10-07 09:52 - 00573952 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-12 15:03 - 2016-10-07 09:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-11-12 15:03 - 2016-10-07 09:51 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-12 15:01 - 2016-09-14 18:01 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-12 14:58 - 2016-10-17 16:05 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-12 14:58 - 2016-10-17 16:04 - 00884224 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-12 14:58 - 2016-10-17 16:04 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-12 14:58 - 2016-10-17 16:04 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-12 14:58 - 2016-10-17 16:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-12 14:58 - 2016-10-17 16:04 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-12 14:58 - 2016-10-17 16:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-12 14:58 - 2016-10-17 16:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-12 14:58 - 2016-10-17 16:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-12 14:58 - 2016-10-17 16:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-12 14:58 - 2016-10-17 16:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-12 14:58 - 2016-10-17 16:04 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-12 14:56 - 2016-10-12 10:02 - 00244968 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-12 14:50 - 2016-08-03 09:45 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-11-12 14:50 - 2016-08-03 08:21 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-11-12 14:50 - 2016-08-03 08:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-11-12 14:50 - 2016-08-03 08:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-11-12 14:20 - 2016-09-10 10:27 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-11-12 14:20 - 2016-08-10 09:44 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-12 14:20 - 2016-08-10 09:43 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-12 14:20 - 2016-08-10 07:13 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-11-12 14:18 - 2015-07-21 10:04 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-11-12 14:18 - 2013-02-20 21:52 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2016-11-12 14:18 - 2013-02-20 21:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-11-12 14:16 - 2014-12-10 17:58 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-11-12 14:13 - 2010-12-21 06:30 - 01034240 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-11-12 12:42 - 2016-10-05 16:36 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-12 12:42 - 2016-10-05 16:34 - 12841472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-12 12:42 - 2016-10-05 16:32 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-12 12:42 - 2016-10-05 16:31 - 09756160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-12 12:42 - 2016-10-05 16:31 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-12 12:42 - 2016-10-05 16:30 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-12 12:42 - 2016-10-05 16:29 - 01805312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-12 12:42 - 2016-10-05 16:29 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-12 12:42 - 2016-10-05 16:29 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-12 12:42 - 2016-10-05 16:29 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-12 12:42 - 2016-10-05 16:29 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-12 12:42 - 2016-10-05 16:29 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-11-12 12:42 - 2016-10-05 16:29 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-12 12:42 - 2016-10-05 16:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-12 12:42 - 2016-10-05 16:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-12 12:42 - 2016-10-05 16:28 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-12 12:42 - 2016-10-05 16:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-12 12:42 - 2016-10-05 16:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-12 12:42 - 2016-10-05 16:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-12 12:42 - 2016-10-05 16:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-11-12 12:42 - 2016-10-05 16:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-11-12 12:42 - 2016-10-05 16:28 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-11-12 10:59 - 2016-11-02 10:06 - 00306408 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-12 10:59 - 2016-11-02 09:59 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-12 10:48 - 2016-10-04 08:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-12 10:24 - 2016-08-14 09:48 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-11-12 09:10 - 2016-10-25 16:47 - 02073600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 21:49 - 2016-11-11 22:57 - 00001960 _____ C:\Users\Coleen\Desktop\sinus.txt
2016-11-09 16:11 - 2016-11-09 16:11 - 00000000 ____D C:\Users\Coleen\Desktop\BSJ
2016-11-05 18:33 - 2016-11-05 18:33 - 00000778 _____ C:\Users\Coleen\Desktop\tax2016.xls - Shortcut.lnk
2016-11-03 14:29 - 2016-11-03 14:29 - 00000000 ____D C:\Users\Coleen\AppData\Roaming\Avira
2016-11-03 14:28 - 2016-11-03 14:28 - 00000000 ____D C:\Users\Coleen\AppData\Roaming\Mozilla
2016-11-03 14:25 - 2016-08-18 14:52 - 00140272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-11-03 14:25 - 2016-08-18 14:52 - 00115600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-11-03 14:25 - 2016-08-18 14:52 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-11-03 14:25 - 2016-08-18 14:52 - 00018760 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2016-11-03 14:20 - 2016-12-02 16:06 - 00000000 ____D C:\Program Files\Avira
2016-11-03 14:20 - 2016-11-14 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-03 14:20 - 2016-11-03 14:26 - 00000000 ____D C:\ProgramData\Avira
2016-11-03 14:06 - 2016-11-03 14:06 - 00000000 ____D C:\ProgramData\AVAST Software


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-12-03 20:41 - 2008-08-08 16:15 - 00000000 ____D C:\Users\Coleen\Documents\Finance&TaxFiles
2016-12-03 20:39 - 2015-07-18 09:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-03 20:39 - 2006-11-02 06:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-03 20:39 - 2006-11-02 06:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-03 15:34 - 2012-08-17 20:49 - 00000000 ___RD C:\Users\Coleen\Desktop\shortcuts
2016-12-02 16:26 - 2013-08-28 15:01 - 00000000 ____D C:\Windows\system32\MRT
2016-12-02 16:20 - 2006-11-02 04:24 - 138444440 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-12-02 16:10 - 2006-11-02 04:33 - 00006568 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-02 16:04 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-02 16:04 - 2006-11-02 06:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-12-01 22:20 - 2006-11-02 07:01 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-01 22:14 - 2015-02-11 22:46 - 00000000 ____D C:\Users\Coleen\AppData\Roaming\Dropbox
2016-12-01 22:13 - 2013-08-28 13:59 - 00000000 ____D C:\Users\Coleen
2016-11-30 15:06 - 2013-08-28 17:33 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-30 15:06 - 2013-08-28 17:33 - 00001828 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-30 15:06 - 2013-08-28 17:32 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-28 20:43 - 2013-09-18 14:54 - 00000000 ____D C:\Users\Coleen\AppData\Local\CrashDumps
2016-11-26 15:25 - 2008-08-08 18:59 - 00000000 ____D C:\Users\Coleen\Documents\Recipes
2016-11-21 19:14 - 2014-11-03 00:24 - 00000000 ____D C:\Users\Coleen\AppData\Local\Adobe
2016-11-21 19:14 - 2013-09-26 11:51 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-21 19:14 - 2013-09-26 11:51 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-21 19:14 - 2013-09-26 11:51 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-19 11:08 - 2015-09-24 10:48 - 00000000 ____D C:\Users\Coleen\Desktop\kidlet
2016-11-18 20:12 - 2014-08-17 13:06 - 00000000 ____D C:\Program Files\Legacy8
2016-11-16 13:22 - 2008-08-08 16:03 - 00000000 ___RD C:\Users\Coleen\Desktop\CleanUp Shortcuts
2016-11-15 20:28 - 2014-10-03 00:33 - 00000000 ____D C:\Program Files\Google
2016-11-15 12:32 - 2006-11-02 06:47 - 00324632 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-14 19:02 - 2013-08-28 14:00 - 00082656 _____ C:\Users\Coleen\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-14 12:48 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\inf
2016-11-12 15:47 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\rescache
2016-11-12 13:17 - 2006-11-02 06:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2016-11-11 10:36 - 2008-08-08 16:06 - 00000000 ____D C:\Users\Coleen\Documents\Books
2016-11-10 12:51 - 2016-10-04 09:18 - 00000000 ____D C:\Users\Coleen\Documents\Windows repair
2016-11-03 14:20 - 2015-08-16 14:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-03 14:10 - 2016-10-03 22:46 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware


==================== Files in the root of some directories =======


2013-09-30 02:56 - 2016-10-15 15:59 - 0001517 _____ () C:\Users\Coleen\AppData\Roaming\mainhst.zgh
2013-09-10 18:07 - 2013-09-10 19:16 - 1178624 _____ (CPUID) C:\Users\Coleen\AppData\Roaming\siw_sdk.dll
2014-01-15 13:56 - 2014-01-15 13:56 - 0000103 _____ () C:\Users\Coleen\AppData\Roaming\WB.CFG
2014-03-01 22:42 - 2016-10-06 12:20 - 0001356 _____ () C:\Users\Coleen\AppData\Local\d3d9caps.dat
2013-08-28 19:48 - 2013-08-28 19:48 - 0004608 _____ () C:\Users\Coleen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-07 15:33 - 2016-10-07 15:33 - 0004096 ____H () C:\Users\Coleen\AppData\Local\keyfile3.drm
2013-11-12 17:00 - 2013-11-12 17:11 - 0000790 _____ () C:\ProgramData\hpzinstall.log
2015-07-27 22:03 - 2015-07-28 13:03 - 0032974 _____ () C:\ProgramData\nvModes.001
2015-07-27 22:03 - 2015-07-28 13:03 - 0032974 _____ () C:\ProgramData\nvModes.dat


Some files in TEMP:
====================
C:\Users\Coleen\AppData\Local\Temp\avgnt.exe




==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
=========================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-12-2016
Ran by Coleen (03-12-2016 20:47:56)
Running from C:\Users\Coleen\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2013-08-28 23:49:26)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-2047633946-635831719-1502881236-500 - Administrator - Disabled)
Bob (S-1-5-21-2047633946-635831719-1502881236-1001 - Limited - Enabled) => C:\Users\Bob
Coleen (S-1-5-21-2047633946-635831719-1502881236-1000 - Administrator - Enabled) => C:\Users\Coleen
Guest (S-1-5-21-2047633946-635831719-1502881236-501 - Limited - Enabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Brother MFL-Pro Suite HL-2280DW (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-2047633946-635831719-1502881236-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x86) (HKLM\...\{D09605BE-5587-4B0C-86C8-69B5092CB80F}) (Version: 6.12.2.633 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Family History CD Legacy Edition (HKLM\...\{E769769A-8D67-4283-88BD-F5D8625E7D6F}) (Version: 1.4.6 - The Jefferson Project)
Free MOV Player (HKLM\...\{691ACDEC-0454-4C0D-854B-E6BDF8C26B33}) (Version: 1.0.0 - Media Freeware)
FreeOCR v4.2 (HKLM\...\freeocr_is1) (Version: - )
GSplit 3 (HKLM\...\GSplit3Set) (Version: 3.0.1.0 - G.D.G. Software)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.64.0 - HP) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.1.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
Legacy 8.0 (HKLM\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - )
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.15.11.9038 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (Version: - ) Hidden
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.0 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
ZipGenius 6 (HKLM\...\{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1) (Version: 6.3 - The ZipGenius Team)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {08AA5573-5AEC-45FE-B293-23E9CA5AFEE6} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {0B5FDCD9-8439-4804-84F0-D02A6EBF53AA} - \Scan the system (Spybot - Search & Destroy) -> No File <==== ATTENTION
Task: {0C56F356-1ADF-4258-878E-E279A115875F} - \{84FB8C6C-A157-49D4-8169-09B9980275C3} -> No File <==== ATTENTION
Task: {0D0C74A2-F19E-4DE8-B6D7-C848E10C796F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-12-01] (Dropbox, Inc.)
Task: {0EE48D25-823A-4DD0-B482-D05E871C8C0D} - \{B45A1142-2CAB-4410-92C5-616649234A36} -> No File <==== ATTENTION
Task: {39F3D116-948D-4418-9458-89DCCED714B8} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {4EC3C56B-4536-4996-8E1C-A43AB22AE9AF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {584401BA-704F-49BA-969F-8A0C85FA62BC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-21] (Adobe Systems Incorporated)
Task: {802FF4FA-A36B-434E-9718-F7D61D568C96} - System32\Tasks\Opera scheduled Autoupdate 1475636144 => C:\Program Files\Opera\launcher.exe [2016-08-05] (Opera Software)
Task: {8501EDD9-417C-40EE-B319-E52BFFC2813F} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {9123CA0A-B08F-4FC1-8148-036C550A67F1} - \Check for updates (Spybot - Search & Destroy) -> No File <==== ATTENTION
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {A778C54E-CFE5-48AF-A303-00B26AAB5161} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {BCB8ABA2-9861-4FC5-BC56-708D41B7671A} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {DD73470D-B915-477A-B97E-288D5DD54C30} - \avast! Emergency Update -> No File <==== ATTENTION
Task: {F47C32E6-4C53-44E5-A47F-0C836C50E6CC} - \Maxthon Update -> No File <==== ATTENTION
Task: {F4B236AE-6646-4C1B-80B0-E92534ED1EF8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-12-01] (Dropbox, Inc.)
Task: {F735CB48-EE9B-4007-8B4B-983F55E3C52E} - \Refresh immunization (Spybot - Search & Destroy) -> No File <==== ATTENTION


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Coleen\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com


==================== Loaded Modules (Whitelisted) ==============
 
Thanks. First thing I need to have you do is uninstall Avira Antivirus. Once we fix this issue we can have you re-install it but I suspect it might be interfering with this particular update and need to rule it out.
 
That seems to have done the trick! Just removing it. I'm now running Microsoft Security Essentials.
I only installed Avira because I was having update troubles earlier, which affected MSE as well as Windows itself. Those issues are now solved thanks to this site: Search for Windows Updates takes forever? - A possible solution
I went there and installed his suggested updates for Vista manually. (Manual updates weren't working either--until I figured out that I had to click the Advanced button on the Services page to actually STOP the update service.) I'd gotten all kinds of bad advice--to reinstall Vista, etc.--but none of that was needed, and once I did the manual installs suggested, the Update stopped hanging, and I was left only with the issue I wrote you about.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top