Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista not accepting updates & blocking Avast web shield


  • This topic is locked This topic is locked
16 replies to this topic

#1 jhoybs

jhoybs

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 21 March 2016 - 11:32 AM

Working on a computer with 32-bit Vista. Windows Updates appear to be stuck - any updates are rolled back with the error of them "not being configured properly". Tried Googling and trying individual update solutions, but no luck.

 

PC had Microsoft Security Essentials installed, I removed it and installed Avast. Although Avast installs, the Web shield appears to be permanently disabled.

 

I have run Adwcleaner, Malwarebytes Anti-malware and Eset online scanner.  A few low-level threats were found and cleaned, but nothing has changed with the symptoms above.

 

Thanks for the help!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Shari (administrator) on P2JOFFICE (21-03-2016 11:16:46)
Running from J:\
Loaded Profiles: Shari (Available Profiles: Denise Pauls & Shari)
Platform: Windows Vista ™ Home Premium (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Sonic Solutions) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(SpareBackup, Inc.) C:\Program Files\Spare Backup\SpareBackup.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciTrayApp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Portrait Displays, Inc) C:\Program Files\Gateway\EzTune\dthtml.exe
() C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Chicony) C:\Windows\ModPS2Key.exe
() C:\Windows\zHotkey.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(PIXELA CORPORATION) C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
() C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
(Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [NapsterShell] => C:\Program Files\Napster\napster.exe /systray
HKLM\...\Run: [Spare Backup] => C:\Program Files\Spare Backup\SpareBackup.exe [5252936 2007-09-13] (SpareBackup, Inc.)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [1573888 2010-07-27] (Alcatel-Lucent)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-15] (Nero AG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141624 2010-06-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.)
HKLM\...\Run: [NvMediaCenter] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [232184 2007-04-03] (Sonic Solutions)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [DT GWY] => C:\Program Files\Gateway\EzTune\DTHtml.exe [282624 2007-05-02] (Portrait Displays, Inc)
HKLM\...\Run: [PivotSoftware] => C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [694008 2007-02-09] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4435968 2007-04-23] (Realtek Semiconductor)
HKLM\...\Run: [ModPS2] => C:\Windows\ModPS2Key.exe [53248 2006-11-07] (Chicony)
HKLM\...\Run: [ShowWnd] => C:\Windows\ShowWnd.exe [36864 2005-01-27] ()
HKLM\...\Run: [CHotkey] => C:\Windows\zHotkey.exe [547840 2006-11-07] ()
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-11-17] (Microsoft Corporation)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [68608 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-18] (AVAST Software)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-13] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-441842238-3827488038-1711259271-1003\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-441842238-3827488038-1711259271-1003\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-441842238-3827488038-1711259271-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-18] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk [2011-03-13]
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.10 10.1.10.5
Tcpip\..\Interfaces\{7AC926DA-5804-4E34-BC8F-8447497809E9}: [DhcpNameServer] 10.1.10.10 10.1.10.5

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
HKU\S-1-5-21-441842238-3827488038-1711259271-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
HKU\S-1-5-21-441842238-3827488038-1711259271-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-441842238-3827488038-1711259271-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-03-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-18] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll [2006-02-01] (Gateway Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-03-18] (Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Shari\AppData\Roaming\Mozilla\Firefox\Profiles\0z89tbcs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-01-18] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-06-09] ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-03-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-03-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2010-05-04] (Alcatel-Lucent)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-06-27] (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-10-15]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-11-05] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-18]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2010-06-09]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-18]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-18] (AVAST Software)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [73728 2007-05-02] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2014-05-06] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-12-11] (Eastman Kodak Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-05-04] (Alcatel-Lucent) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2007-11-17] (New Boundary Technologies, Inc.) [File not signed]
R2 Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2006-12-13] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2006-12-13] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-11-17] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-03-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-18] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [171608 2016-03-18] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67088 2016-03-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-18] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [15920 2006-11-16] (Portrait Displays, Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U5 Browser; C:\Windows\System32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RasSstp; system32\DRIVERS\rassstp.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-21 11:16 - 2016-03-21 11:16 - 00000000 ____D C:\FRST
2016-03-21 11:15 - 2016-03-21 11:15 - 01725440 _____ (Farbar) C:\Users\Shari\Downloads\FRST.exe
2016-03-21 11:10 - 2016-03-21 11:11 - 00183990 _____ C:\TDSSKiller.3.1.0.9_21.03.2016_11.10.00_log.txt
2016-03-21 10:51 - 2016-03-21 10:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Shari\Downloads\MicrosoftFixit.wu.Run.exe
2016-03-21 10:32 - 2016-03-21 10:32 - 00000000 ____D C:\Users\Shari\Downloads\dotnetfx_cleanup_tool
2016-03-21 10:29 - 2016-03-21 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-21 10:28 - 2016-03-21 10:28 - 01098961 _____ (Igor Pavlov) C:\Users\Shari\Downloads\7z1514.exe
2016-03-21 10:26 - 2016-03-21 10:26 - 00267049 _____ C:\Users\Shari\Downloads\dotnetfx_cleanup_tool.zip
2016-03-18 17:45 - 2016-03-18 17:45 - 00000000 ____D C:\Program Files\MSN
2016-03-18 17:43 - 2016-03-18 17:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
2016-03-18 16:26 - 2016-03-21 11:10 - 00000000 ____D C:\Users\Shari\Tracing
2016-03-18 15:53 - 2016-03-18 16:26 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SPWizUI.dll
2016-03-18 15:53 - 2016-03-18 16:26 - 00047560 _____ (Microsoft Corporation) C:\Windows\system32\SPReview.exe
2016-03-18 15:28 - 2008-01-18 23:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cbsra.exe
2016-03-18 15:27 - 2016-03-18 16:44 - 00327680 _____ C:\Windows\SPInstall.etl
2016-03-18 15:26 - 2016-03-18 15:26 - 00000000 ____D C:\1aaa687c1aa5653cb0648a
2016-03-18 15:22 - 2016-03-18 15:22 - 00347816 _____ (Microsoft Corporation) C:\Users\Shari\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe
2016-03-18 15:21 - 2016-03-18 15:21 - 00000000 ____D C:\Users\Shari\AppData\Roaming\SampleView
2016-03-18 14:02 - 2016-03-18 14:02 - 00001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-18 14:02 - 2016-03-18 14:02 - 00000000 ____D C:\Users\Shari\AppData\Roaming\AVAST Software
2016-03-18 14:02 - 2016-03-18 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-18 14:00 - 2016-03-18 14:00 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-18 14:00 - 2016-03-18 14:00 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-03-18 14:00 - 2016-03-18 14:00 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-03-18 14:00 - 2016-03-18 14:00 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-18 14:00 - 2016-03-18 13:59 - 00171608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-03-18 14:00 - 2016-03-18 13:59 - 00067088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-03-18 14:00 - 2016-03-18 13:59 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-03-18 14:00 - 2016-03-18 13:59 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-18 14:00 - 2016-03-18 13:59 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-18 13:59 - 2016-03-18 13:59 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-18 13:59 - 2016-03-18 13:59 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-18 13:58 - 2016-03-18 13:58 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-18 13:57 - 2016-03-18 13:57 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-18 13:50 - 2016-03-18 13:50 - 00000680 _____ C:\Users\Shari\AppData\Local\d3d9caps.dat
2016-03-18 11:20 - 2016-03-18 11:20 - 00000000 ____D C:\Program Files\ESET
2016-03-18 11:19 - 2016-03-18 11:19 - 02870984 _____ (ESET) C:\Users\Shari\Downloads\esetsmartinstaller_enu.exe
2016-03-18 10:54 - 2016-03-18 10:56 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-18 10:54 - 2016-03-18 10:54 - 01527296 _____ C:\Users\Shari\Downloads\adwcleaner_5.102.exe
2016-03-18 10:52 - 2016-03-18 10:52 - 00000000 ____D C:\Users\Shari\AppData\Local\Eastman Kodak Company
2016-03-18 10:49 - 2016-03-18 10:49 - 00735328 _____ (Oracle Corporation) C:\Users\Shari\Downloads\jxpiinstall.exe
2016-03-18 10:47 - 2016-03-18 10:48 - 00000000 ____D C:\ProgramData\Oracle
2016-03-18 10:47 - 2016-03-18 10:45 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-03-18 10:46 - 2016-03-18 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-18 10:46 - 2016-03-18 10:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2016-03-18 10:46 - 2016-03-18 10:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2016-03-18 10:46 - 2016-03-18 10:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-03-17 19:52 - 2006-11-02 04:45 - 00638976 _____ (Microsoft Corporation) C:\Utilman.exe
2016-03-17 17:08 - 2016-03-04 14:14 - 201900432 _____ (AVAST Software) C:\Users\Shari\Desktop\avast_free_antivirus_setup.exe
2016-03-17 16:57 - 2016-03-17 16:57 - 00000000 ____D C:\Users\Shari\AppData\Roaming\ICAClient
2016-03-17 16:56 - 2016-03-17 16:56 - 00000000 ____D C:\Users\Shari\AppData\Local\Citrix
2016-03-17 16:56 - 2016-03-17 16:56 - 00000000 ____D C:\ProgramData\Citrix

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-21 11:17 - 2012-04-03 18:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-21 11:10 - 2013-06-16 09:19 - 00000000 ____D C:\Users\Shari\AppData\Roaming\Spare Backup
2016-03-21 11:02 - 2013-11-14 21:37 - 00000000 ____D C:\ProgramData\Kodak
2016-03-21 11:02 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-21 11:02 - 2006-11-02 07:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-21 11:02 - 2006-11-02 07:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-21 11:02 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-21 11:01 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2016-03-21 10:59 - 2006-11-02 08:01 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-21 10:46 - 2009-06-07 10:15 - 84606976 _____ C:\Windows\ocsetup_install_NetFx3.etl
2016-03-21 10:46 - 2009-06-07 10:15 - 00983040 _____ C:\Windows\ocsetup_cbs_install_NetFx3.perf
2016-03-21 10:46 - 2009-06-07 10:15 - 00065536 _____ C:\Windows\ocsetup_cbs_install_NetFx3.dpx
2016-03-21 10:29 - 2009-01-24 18:41 - 00000000 ____D C:\Program Files\7-Zip
2016-03-21 08:59 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2016-03-18 18:18 - 2006-11-02 07:50 - 00000749 ___RH C:\Windows\WindowsShell.Manifest
2016-03-18 18:18 - 2006-11-02 07:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-18 18:18 - 2006-11-02 05:33 - 00721936 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-18 17:48 - 2006-11-02 07:47 - 00430008 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Calendar
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Movie Maker
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ___HD C:\Windows\inf
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\sysprep
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\SLUI
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\setup
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\oobe
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\migwiz
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\manifeststore
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\ias
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\com
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\servicing
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\MSAgent
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\L2Schemas
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\IME
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-18 17:41 - 2007-11-17 18:33 - 00000000 ____D C:\Windows\system32\RTCOM
2016-03-18 17:37 - 2006-11-02 05:32 - 00101376 _____ (Infineon Technologies AG) C:\Windows\system32\ifxcardm.dll
2016-03-18 17:37 - 2006-11-02 05:32 - 00079872 _____ (Axalto, Inc.) C:\Windows\system32\axaltocm.dll
2016-03-18 16:46 - 2012-04-03 18:11 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-18 16:46 - 2011-07-10 09:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-18 16:26 - 2010-04-08 16:38 - 00000000 ____D C:\Users\Shari
2016-03-18 15:09 - 2008-12-14 12:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-18 15:02 - 2010-06-03 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-18 14:54 - 2014-06-17 18:37 - 00000000 ____D C:\Windows\system32\MRT
2016-03-18 14:47 - 2006-11-02 05:24 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-03-18 10:57 - 2011-04-15 22:19 - 00000000 ____D C:\Users\Denise Pauls\AppData\LocalLow\Yahoo!
2016-03-18 10:55 - 2014-08-03 16:05 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-18 10:48 - 2014-07-13 14:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-18 10:47 - 2007-11-17 18:43 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-18 10:45 - 2007-11-17 18:43 - 00000000 ____D C:\Program Files\Java
2016-03-17 17:12 - 2014-07-13 15:03 - 00001945 _____ C:\Windows\epplauncher.mif
2016-03-12 09:10 - 2015-04-26 09:33 - 222403667 _____ C:\Windows\MEMORY.DMP

==================== Files in the root of some directories =======

2016-03-18 13:50 - 2016-03-18 13:50 - 0000680 _____ () C:\Users\Shari\AppData\Local\d3d9caps.dat
2015-10-18 08:24 - 2015-10-18 08:24 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\Denise Pauls\gotomypc_533.exe
C:\Users\Denise Pauls\gotomypc_635.exe
C:\Users\Denise Pauls\mseinstall.exe


Some files in TEMP:
====================
C:\Users\Denise Pauls\AppData\Local\Temp\avg-94a50c2c-c60a-472a-b86e-526c09c1a116.exe
C:\Users\Denise Pauls\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Shari\AppData\Local\Temp\jre-7u79-windows-i586-iftw.exe
C:\Users\Shari\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-21 11:15

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:40 AM

Posted 22 March 2016 - 07:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

I need more information. Please run this tool.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#3 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 22 March 2016 - 08:50 AM

Sorry, for some reason the Addition file didn't attach from yesterday.

 

FYI - While re-performing the procedure today, Windows Explorer crashed immediately after clicking "Clean" within the AdwCleaner tool.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Shari (administrator) on P2JOFFICE (22-03-2016 08:42:22)
Running from J:\03-22
Loaded Profiles: Shari (Available Profiles: Denise Pauls & Shari)
Platform: Windows Vista ™ Home Premium (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Sonic Solutions) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(SpareBackup, Inc.) C:\Program Files\Spare Backup\SpareBackup.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciTrayApp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Portrait Displays, Inc) C:\Program Files\Gateway\EzTune\dthtml.exe
() C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Chicony) C:\Windows\ModPS2Key.exe
() C:\Windows\zHotkey.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(PIXELA CORPORATION) C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
() C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [NapsterShell] => C:\Program Files\Napster\napster.exe /systray
HKLM\...\Run: [Spare Backup] => C:\Program Files\Spare Backup\SpareBackup.exe [5252936 2007-09-13] (SpareBackup, Inc.)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [1573888 2010-07-27] (Alcatel-Lucent)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-15] (Nero AG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141624 2010-06-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.)
HKLM\...\Run: [NvMediaCenter] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [232184 2007-04-03] (Sonic Solutions)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [DT GWY] => C:\Program Files\Gateway\EzTune\DTHtml.exe [282624 2007-05-02] (Portrait Displays, Inc)
HKLM\...\Run: [PivotSoftware] => C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [694008 2007-02-09] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4435968 2007-04-23] (Realtek Semiconductor)
HKLM\...\Run: [ModPS2] => C:\Windows\ModPS2Key.exe [53248 2006-11-07] (Chicony)
HKLM\...\Run: [ShowWnd] => C:\Windows\ShowWnd.exe [36864 2005-01-27] ()
HKLM\...\Run: [CHotkey] => C:\Windows\zHotkey.exe [547840 2006-11-07] ()
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-11-17] (Microsoft Corporation)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [68608 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-18] (AVAST Software)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-13] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-441842238-3827488038-1711259271-1003\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-441842238-3827488038-1711259271-1003\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-441842238-3827488038-1711259271-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-18] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk [2011-03-13]
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.10 10.1.10.5
Tcpip\..\Interfaces\{7AC926DA-5804-4E34-BC8F-8447497809E9}: [DhcpNameServer] 10.1.10.10 10.1.10.5

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
HKU\S-1-5-21-441842238-3827488038-1711259271-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
HKU\S-1-5-21-441842238-3827488038-1711259271-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-441842238-3827488038-1711259271-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-03-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-18] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll [2006-02-01] (Gateway Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-03-18] (Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Shari\AppData\Roaming\Mozilla\Firefox\Profiles\0z89tbcs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-01-18] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-06-09] ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-03-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-03-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2010-05-04] (Alcatel-Lucent)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-06-27] (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-11-05] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-03-21] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2010-06-09]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-18]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-18] (AVAST Software)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [73728 2007-05-02] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2014-05-06] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-12-11] (Eastman Kodak Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-05-04] (Alcatel-Lucent) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2007-11-17] (New Boundary Technologies, Inc.) [File not signed]
R2 Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2006-12-13] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2006-12-13] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-11-17] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-03-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-18] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [171608 2016-03-18] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67088 2016-03-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-18] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [15920 2006-11-16] (Portrait Displays, Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U5 Browser; C:\Windows\System32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RasSstp; system32\DRIVERS\rassstp.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 08:34 - 2016-03-22 08:34 - 01725440 _____ (Farbar) C:\Users\Shari\Downloads\FRST(1).exe
2016-03-22 08:31 - 2016-03-22 08:37 - 00000000 ____D C:\AdwCleaner
2016-03-21 11:16 - 2016-03-22 08:42 - 00000000 ____D C:\FRST
2016-03-21 11:15 - 2016-03-21 11:15 - 01725440 _____ (Farbar) C:\Users\Shari\Downloads\FRST.exe
2016-03-21 11:10 - 2016-03-21 11:11 - 00183990 _____ C:\TDSSKiller.3.1.0.9_21.03.2016_11.10.00_log.txt
2016-03-21 10:51 - 2016-03-21 10:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Shari\Downloads\MicrosoftFixit.wu.Run.exe
2016-03-21 10:32 - 2016-03-21 10:32 - 00000000 ____D C:\Users\Shari\Downloads\dotnetfx_cleanup_tool
2016-03-21 10:29 - 2016-03-21 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-21 10:28 - 2016-03-21 10:28 - 01098961 _____ (Igor Pavlov) C:\Users\Shari\Downloads\7z1514.exe
2016-03-21 10:26 - 2016-03-21 10:26 - 00267049 _____ C:\Users\Shari\Downloads\dotnetfx_cleanup_tool.zip
2016-03-18 17:45 - 2016-03-18 17:45 - 00000000 ____D C:\Program Files\MSN
2016-03-18 17:43 - 2016-03-18 17:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
2016-03-18 16:26 - 2016-03-22 08:40 - 00000000 ____D C:\Users\Shari\Tracing
2016-03-18 15:53 - 2016-03-18 16:26 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SPWizUI.dll
2016-03-18 15:53 - 2016-03-18 16:26 - 00047560 _____ (Microsoft Corporation) C:\Windows\system32\SPReview.exe
2016-03-18 15:28 - 2008-01-18 23:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cbsra.exe
2016-03-18 15:27 - 2016-03-18 16:44 - 00327680 _____ C:\Windows\SPInstall.etl
2016-03-18 15:26 - 2016-03-18 15:26 - 00000000 ____D C:\1aaa687c1aa5653cb0648a
2016-03-18 15:22 - 2016-03-18 15:22 - 00347816 _____ (Microsoft Corporation) C:\Users\Shari\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe
2016-03-18 15:21 - 2016-03-18 15:21 - 00000000 ____D C:\Users\Shari\AppData\Roaming\SampleView
2016-03-18 14:02 - 2016-03-18 14:02 - 00001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-18 14:02 - 2016-03-18 14:02 - 00000000 ____D C:\Users\Shari\AppData\Roaming\AVAST Software
2016-03-18 14:02 - 2016-03-18 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-18 14:00 - 2016-03-18 14:00 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-18 14:00 - 2016-03-18 14:00 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-03-18 14:00 - 2016-03-18 14:00 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-03-18 14:00 - 2016-03-18 14:00 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-18 14:00 - 2016-03-18 13:59 - 00171608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-03-18 14:00 - 2016-03-18 13:59 - 00067088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-03-18 14:00 - 2016-03-18 13:59 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-03-18 14:00 - 2016-03-18 13:59 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-18 14:00 - 2016-03-18 13:59 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-18 13:59 - 2016-03-18 13:59 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-18 13:59 - 2016-03-18 13:59 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-18 13:58 - 2016-03-18 13:58 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-18 13:57 - 2016-03-18 13:57 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-18 13:50 - 2016-03-18 13:50 - 00000680 _____ C:\Users\Shari\AppData\Local\d3d9caps.dat
2016-03-18 11:20 - 2016-03-18 11:20 - 00000000 ____D C:\Program Files\ESET
2016-03-18 11:19 - 2016-03-18 11:19 - 02870984 _____ (ESET) C:\Users\Shari\Downloads\esetsmartinstaller_enu.exe
2016-03-18 10:54 - 2016-03-18 10:56 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-18 10:54 - 2016-03-18 10:54 - 01527296 _____ C:\Users\Shari\Downloads\adwcleaner_5.102.exe
2016-03-18 10:52 - 2016-03-18 10:52 - 00000000 ____D C:\Users\Shari\AppData\Local\Eastman Kodak Company
2016-03-18 10:49 - 2016-03-18 10:49 - 00735328 _____ (Oracle Corporation) C:\Users\Shari\Downloads\jxpiinstall.exe
2016-03-18 10:47 - 2016-03-18 10:48 - 00000000 ____D C:\ProgramData\Oracle
2016-03-18 10:47 - 2016-03-18 10:45 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-03-18 10:46 - 2016-03-18 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-18 10:46 - 2016-03-18 10:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2016-03-18 10:46 - 2016-03-18 10:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2016-03-18 10:46 - 2016-03-18 10:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-03-17 19:52 - 2006-11-02 04:45 - 00638976 _____ (Microsoft Corporation) C:\Utilman.exe
2016-03-17 17:08 - 2016-03-04 14:14 - 201900432 _____ (AVAST Software) C:\Users\Shari\Desktop\avast_free_antivirus_setup.exe
2016-03-17 16:57 - 2016-03-17 16:57 - 00000000 ____D C:\Users\Shari\AppData\Roaming\ICAClient
2016-03-17 16:56 - 2016-03-17 16:56 - 00000000 ____D C:\Users\Shari\AppData\Local\Citrix
2016-03-17 16:56 - 2016-03-17 16:56 - 00000000 ____D C:\ProgramData\Citrix

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 08:41 - 2013-06-16 09:19 - 00000000 ____D C:\Users\Shari\AppData\Roaming\Spare Backup
2016-03-22 08:39 - 2013-11-14 21:37 - 00000000 ____D C:\ProgramData\Kodak
2016-03-22 08:39 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-22 08:39 - 2006-11-02 07:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-22 08:39 - 2006-11-02 07:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-22 08:39 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-22 08:37 - 2006-11-02 08:01 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-22 08:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2016-03-22 08:17 - 2012-04-03 18:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-22 08:14 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2016-03-21 11:45 - 2009-06-07 10:15 - 84738048 _____ C:\Windows\ocsetup_install_NetFx3.etl
2016-03-21 11:45 - 2009-06-07 10:15 - 01114112 _____ C:\Windows\ocsetup_cbs_install_NetFx3.perf
2016-03-21 11:45 - 2009-06-07 10:15 - 00065536 _____ C:\Windows\ocsetup_cbs_install_NetFx3.dpx
2016-03-21 10:29 - 2009-01-24 18:41 - 00000000 ____D C:\Program Files\7-Zip
2016-03-18 18:18 - 2006-11-02 07:50 - 00000749 ___RH C:\Windows\WindowsShell.Manifest
2016-03-18 18:18 - 2006-11-02 07:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-18 18:18 - 2006-11-02 05:33 - 00721936 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-18 17:48 - 2006-11-02 07:47 - 00430008 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Calendar
2016-03-18 17:45 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Movie Maker
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ___HD C:\Windows\inf
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\sysprep
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\SLUI
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\setup
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\oobe
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\migwiz
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\manifeststore
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\ias
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\com
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\servicing
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\MSAgent
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\L2Schemas
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\IME
2016-03-18 17:45 - 2006-11-02 06:18 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-18 17:41 - 2007-11-17 18:33 - 00000000 ____D C:\Windows\system32\RTCOM
2016-03-18 17:37 - 2006-11-02 05:32 - 00101376 _____ (Infineon Technologies AG) C:\Windows\system32\ifxcardm.dll
2016-03-18 17:37 - 2006-11-02 05:32 - 00079872 _____ (Axalto, Inc.) C:\Windows\system32\axaltocm.dll
2016-03-18 16:46 - 2012-04-03 18:11 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-18 16:46 - 2011-07-10 09:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-18 16:26 - 2010-04-08 16:38 - 00000000 ____D C:\Users\Shari
2016-03-18 15:09 - 2008-12-14 12:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-18 15:02 - 2010-06-03 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-18 14:54 - 2014-06-17 18:37 - 00000000 ____D C:\Windows\system32\MRT
2016-03-18 14:47 - 2006-11-02 05:24 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-03-18 10:57 - 2011-04-15 22:19 - 00000000 ____D C:\Users\Denise Pauls\AppData\LocalLow\Yahoo!
2016-03-18 10:55 - 2014-08-03 16:05 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-18 10:48 - 2014-07-13 14:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-18 10:47 - 2007-11-17 18:43 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-18 10:45 - 2007-11-17 18:43 - 00000000 ____D C:\Program Files\Java
2016-03-17 17:12 - 2014-07-13 15:03 - 00001945 _____ C:\Windows\epplauncher.mif
2016-03-12 09:10 - 2015-04-26 09:33 - 222403667 _____ C:\Windows\MEMORY.DMP

==================== Files in the root of some directories =======

2016-03-18 13:50 - 2016-03-18 13:50 - 0000680 _____ () C:\Users\Shari\AppData\Local\d3d9caps.dat
2015-10-18 08:24 - 2015-10-18 08:24 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\Denise Pauls\gotomypc_533.exe
C:\Users\Denise Pauls\gotomypc_635.exe
C:\Users\Denise Pauls\mseinstall.exe


Some files in TEMP:
====================
C:\Users\Denise Pauls\AppData\Local\Temp\avg-94a50c2c-c60a-472a-b86e-526c09c1a116.exe
C:\Users\Denise Pauls\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Shari\AppData\Local\Temp\jre-7u79-windows-i586-iftw.exe
C:\Users\Shari\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-22 08:24

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:40 AM

Posted 22 March 2016 - 01:21 PM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-441842238-3827488038-1711259271-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-18]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RasSstp; system32\DRIVERS\rassstp.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
CustomCLSID: HKU\S-1-5-21-441842238-3827488038-1711259271-1003_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> "C:\Users\Denise Pauls\AppData\Roaming\Runaware\TestDrive Wizard\WFICA.OCX" => No File
CustomCLSID: HKU\S-1-5-21-441842238-3827488038-1711259271-1003_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> "C:\Users\Denise Pauls\AppData\Roaming\Runaware\TestDrive Wizard\WFICA.OCX" => No File
CustomCLSID: HKU\S-1-5-21-441842238-3827488038-1711259271-1003_Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-441842238-3827488038-1711259271-1003_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-441842238-3827488038-1711259271-1003_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-441842238-3827488038-1711259271-1003_Classes\CLSID\{AC414988-E5BB-4C2C-873B-EA53D2F3D23A}\InprocServer32 -> C:\Windows\Downloaded Program Files\CCTVUpdateInstall.dll => No File
CustomCLSID: HKU\S-1-5-21-441842238-3827488038-1711259271-1003_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download and run the Microsoft Security Essentials Removal Tool
http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

After a restart of the computeris is Avast working correctly?
If not reinstall the application.


Please let me know what problem persists with this computer.

====

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 7 Update 79 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)

#5 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 22 March 2016 - 03:01 PM

nasdaq,

 

I reran FRST with "fixlist" commands you requested.  Attached is the "Fixlog.txt".  I also "repaired" Avast using the add/remove "repair" option.

 

After the reboot, Avast still can't activate it's WebShield and trying to resolve with the "resolve buttons" doesn't work.  In terms of Windows updates, the system is still stuck on updates "KB970158" and .NET Framework 3.5 SP1 (KB951847).  The updates appear to install, but an "Updates were not configured correctly. Reverting changes."  occurs while rebooting.

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:40 AM

Posted 23 March 2016 - 06:40 AM




Avast may not irreparable.

Remove it completely by downloaded their uninstaller and remove it completely.

https://www.avast.com/uninstall-utility

When done restart the computer normally and reinstall the application.
===

If the problem persists with Windows updates.

Try the fix suggested on this Microsoft page.
https://support.microsoft.com/en-us/kb/949358

Follow the directives under this section.
Windows Vista

To start the Windows Update Troubleshooter, click the run now button below:


Install the Windows updates.

If that fails again continue and execute these instructions.

Install Windows updates in a clean boot state (Windows 8, Windows 7, and Windows Vista)

If at any time you need help before proceeding please ask.

#7 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 23 March 2016 - 10:55 AM

Thanks for the update.  Here is what I tried:

 

1) Avast - tried uninstalling using the Avast uninstall utility and reinstalling from scratch - no change, Avast Web Shield still unable to activate.

 

2) Windows Updates - I tried running the Windows Update troubleshooter and it immediately popped up an error "Troubleshooting cannot continue because an error has occurred".  The dialog lets you download a utility to troubleshoot, but that doesn't work either.  Next, I followed the instructions to disable startup programs & services and then install the update - it failed with an error code of 80070BC9.  So far, searching for fixes for that error code have led to failed attempts.

 

3) Java Updates - There were 2 Java programs that I successfully removed, but the Java installer to install the latest build is being blocked (running the program doesn't even popup a UAC warning - nothing happens).



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:40 AM

Posted 24 March 2016 - 07:24 AM

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

#9 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 24 March 2016 - 08:27 AM

ComboFix 16-03-19.01 - Shari 03/24/2016   8:10.1.2 - x86
Running from: j:\03-22\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2016-02-24 to 2016-03-24  )))))))))))))))))))))))))))))))
.
.
2016-03-24 07:31 . 2016-03-24 07:31    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB067405-2CDD-45C0-9CB3-9DA883A61A08}\offreg.984.dll
2016-03-23 15:30 . 2016-03-23 15:30    --------    d-----w-    C:\267365c8a48f7921232be55668243d
2016-03-23 13:41 . 2016-03-23 13:41    --------    d-----w-    c:\users\Shari\AppData\Roaming\AVAST Software
2016-03-22 18:23 . 2016-03-02 21:59    9067696    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB067405-2CDD-45C0-9CB3-9DA883A61A08}\mpengine.dll
2016-03-22 13:31 . 2016-03-22 13:37    --------    d-----w-    C:\AdwCleaner
2016-03-21 16:16 . 2016-03-22 19:06    --------    d-----w-    C:\FRST
2016-03-18 21:26 . 2016-03-23 14:20    --------    d-----w-    c:\users\Shari\Tracing
2016-03-18 20:53 . 2016-03-18 21:26    47560    ----a-w-    c:\windows\system32\SPReview.exe
2016-03-18 20:53 . 2016-03-18 21:26    152576    ----a-w-    c:\windows\system32\SPWizUI.dll
2016-03-18 20:28 . 2008-01-19 04:33    44032    ----a-w-    c:\windows\system32\cbsra.exe
2016-03-18 20:26 . 2016-03-18 20:26    --------    d-----w-    C:\1aaa687c1aa5653cb0648a
2016-03-18 20:21 . 2016-03-18 20:21    --------    d-----w-    c:\users\Shari\AppData\Roaming\SampleView
2016-03-18 16:20 . 2016-03-18 16:20    --------    d-----w-    c:\program files\ESET
2016-03-18 15:54 . 2016-03-18 15:56    --------    d-----w-    c:\program files\AdwCleaner
2016-03-18 15:52 . 2016-03-18 15:52    --------    d-----w-    c:\users\Shari\AppData\Local\Eastman Kodak Company
2016-03-18 15:47 . 2016-03-18 15:48    --------    d-----w-    c:\programdata\Oracle
2016-03-18 00:52 . 2006-11-02 09:45    638976    ----a-w-    C:\Utilman.exe
2016-03-17 21:57 . 2016-03-17 21:57    --------    d-----w-    c:\users\Shari\AppData\Roaming\ICAClient
2016-03-17 21:56 . 2016-03-17 21:56    --------    d-----w-    c:\programdata\Citrix
2016-03-17 21:56 . 2016-03-17 21:56    --------    d-----w-    c:\users\Shari\AppData\Local\Citrix
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-18 22:37 . 2006-11-02 10:32    101376    ----a-w-    c:\windows\system32\ifxcardm.dll
2016-03-18 22:37 . 2006-11-02 10:32    79872    ----a-w-    c:\windows\system32\axaltocm.dll
2016-03-18 15:55 . 2014-08-03 21:05    170200    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-03-23 13:36    770088    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-03 1232896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-03-23 7139256]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"ShowWnd"="c:\windows\ShowWnd.exe" [2005-01-27 36864]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-03 232184]
"Redirector"="c:\program files\Citrix\ICA Client\redirector.exe" [2013-10-02 153992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]
"ModPS2"="c:\windows\ModPS2Key.exe" [2006-11-07 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-12-11 2750840]
"DT GWY"="c:\program files\Gateway\EzTune\DTHtml.exe" [2007-05-02 282624]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2013-10-02 395656]
"Conime"="c:\windows\system32\conime.exe" [2006-11-02 68608]
"CHotkey"="c:\windows\zHotkey.exe" [2006-11-07 547840]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2014-05-06 2234064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2011-3-13 537968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
mStart Page = www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.10.10 10.1.10.5
FF - ProfilePath - c:\users\Shari\AppData\Roaming\Mozilla\Firefox\Profiles\0z89tbcs.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-03-24 08:16
Windows 6.0.6000  NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACR02CA\4&2995a141&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACR02CA\4&2995a141&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&2995a141&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&2995a141&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DEL7006\4&2995a141&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DEL7006\4&2995a141&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DELE004\4&2995a141&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DELE004\4&2995a141&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY0785\4&2995a141&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY0785\4&2995a141&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM0215\4&2995a141&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM0215\4&2995a141&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2016-03-24  08:17:56
ComboFix-quarantined-files.txt  2016-03-24 13:17
.
Pre-Run: 197,788,946,432 bytes free
Post-Run: 197,736,759,296 bytes free
.
- - End Of File - - BC3016F988AE037B592FD779F74819C6
5C616939100B85E558DA92B899A0FC36
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:40 AM

Posted 24 March 2016 - 09:39 AM

If problems persists run this scan.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#11 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 24 March 2016 - 10:04 AM

Farbar Service Scanner Version: 27-01-2016
Ran by Shari (administrator) on 24-03-2016 at 10:02:26
Running from "C:\Users\Shari\Downloads"
Windows Vista ™ Home Premium  (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:40 AM

Posted 24 March 2016 - 02:26 PM

Lets install the Vista Service Pack 2

Navigate to this page.
http://windows.microsoft.com/en-ca/windows-vista/learn-how-to-install-windows-vista-service-pack-2-sp2
Learn how to install Windows Vista Service Pack 2 (SP2)

Read the instructions before proceeding.

===

Select
Manually installing SP2 using the Microsoft Download Center

In the comments you will see that you have to Save the installation file

To install SP2 later, click Save to copy the installation file to your computer. When you're ready to install the service pack, open the file you copied to your computer.


Before you run the update, close all Windows and Programs and make sure you Security programs disabled.

When complete enable the security programs.

Check the Microsoft Updates and let me know of any issues.

#13 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 24 March 2016 - 04:27 PM

When I try to install SP2 manually, I get an error message that SP1 needs to be installed first.  When I try to install SP1 manually, I get a message that "the installation cannot proceed until your computer is restarted".  After I restart and try to install SP1 again, I get the same restart message.  I'm never able to install it...



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:40 AM

Posted 25 March 2016 - 06:24 AM

Try to install the SP1 in a Clean Boot environment.

How to.

https://support.microsoft.com/en-us/kb/929135

Read the instructions on proceed with the Vista option.

Then install the SP1.

I would suggest you start the computer in normal mode, instructions at the end of the topic.

If all is well then repeat the Clean boot and install the SP2.

Restart the computer in normal mode.

Run the Windows updates.

Let me know the outcome.

#15 jhoybs

jhoybs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 25 March 2016 - 01:40 PM

Well, I tried installing SP1 from a 'clean boot' environment using the downloaded service pack file.  Same error: "the installation cannot proceed until your computer is restarted" appears.

 

I also ran the Update Readiness Tool successfully, but with the same results on SP1.  I tried to do a 'sfc /scannow' at the cmd prompt in various places, but it basically states there "is a system repair pending which requires a reboot to complete".  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users