Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7, Internet Email ONLY in Safe Mode [Closed]

Started by everythingsm , Aug 11 2014 06:46 PM

  • This topic is locked This topic is locked

#1
everythingsm
Posted 11 August 2014 - 06:46 PM

everythingsm

    Member

  • Member
  • PipPipPip
  • 171 posts

I run Windows 7, 32 bit

AVG/Paid, Maleware Bytes/Paid, Spybot, CCleaner, TFC.Exe - I ran all programs in Regular Mode(No detections). I ran All in Safe Mode (No Detections). I looked in Startup and nothing abnormal.

 

I can not get on to the Net(IE or Firfox will not show sites) or Email, and some programs will not open or open very slowly in Normal Mode. All seems to work well in SAFE Mode w/Networking. Thank you for your help the OTL log is below. My computer takes over 5 mins to shut down ? not if this prob relates to the first.

 

 

 

 

OTL logfile created on: 8/11/2014 5:28:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17028)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 73.19% Memory free
5.98 Gb Paging File | 5.29 Gb Available in Paging File | 88.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 42.64 Gb Free Space | 9.16% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1431.45 Gb Free Space | 76.84% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 1254.43 Gb Free Space | 67.33% Space Free | Partition Type: NTFS
 
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/11 17:26:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
PRC - [2014/07/22 08:19:49 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/07/03 08:39:46 | 001,091,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\Framework\Common\avguix.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/22 10:37:00 | 031,842,816 | ---- | M] () -- C:\Program Files\AVG\Framework\Common\libcef.dll
MOD - [2014/07/22 08:19:47 | 003,800,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2014/07/22 08:19:47 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/14 12:26:08 | 001,858,360 | ---- | M] (AVG) [Auto | Stopped] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2014/07/10 15:34:10 | 003,244,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/07/10 15:32:46 | 001,417,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2014/07/10 15:23:36 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/07/09 15:32:02 | 004,741,384 | ---- | M] (Emsisoft GmbH) [Auto | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2014/07/03 08:39:38 | 000,678,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\Framework\Common\avgsvcx.exe -- (avgsvc)
SRV - [2014/05/22 10:20:44 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Stopped] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/10 20:26:06 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/10 12:50:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Scott\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/08/11 17:05:15 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/06/30 12:43:12 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/06/23 08:44:54 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2014/06/17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/06/17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/06/17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/06/17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/06/17 16:06:40 | 000,199,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014/06/17 16:06:24 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014/06/17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014/06/17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2014/05/12 18:43:58 | 000,058,200 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2014/05/12 18:43:56 | 000,018,552 | ---- | M] (Emsisoft GmbH) [File_System | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:58 | 000,074,456 | ---- | M] (Malwarebytes Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/12/04 19:23:36 | 000,050,200 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys -- (cleanhlp)
DRV - [2013/09/30 18:23:02 | 000,038,248 | ---- | M] (Emsisoft GmbH) [File_System | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2013/09/26 11:00:38 | 000,047,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2013/03/28 19:03:02 | 000,022,056 | ---- | M] (Emsisoft GmbH) [File_System | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011/02/11 14:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010/11/20 14:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2004/12/22 13:47:10 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8ED32383-468A-4A24-BDD3-1CF6EFCBCB5F}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.ixquick.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 70 3E B2 1F 54 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0169E633-8781-F882-9BC7-7B014AE4DE4E}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{09533787-AE1B-4686-AD2C-648367BFEF2B}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{454575F2-C92B-4CBB-B1F6-3D04AC434B77}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{8ED32383-468A-4A24-BDD3-1CF6EFCBCB5F}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.ixquick.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ [2014/05/31 07:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ [2014/05/31 07:13:34 | 000,000,000 | ---D | M]
 
[2014/04/10 16:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2014/07/24 09:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\7a9e9569.default\extensions
[2014/07/24 09:22:53 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\7a9e9569.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/22 08:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/07/22 08:19:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/07/23 10:02:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AvgUi] C:\Program Files\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\spybot - search & destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C6031F9-D42E-4882-9D5F-83F90B249A56}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/11 17:26:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2014/07/29 09:45:32 | 004,626,712 | ---- | C] (Piriform Ltd) -- C:\Users\Scott\Desktop\CCleaner.exe
[2014/07/23 13:13:43 | 000,036,152 | ---- | C] (AVG) -- C:\Windows\System32\TURegOpt.exe
[2014/07/23 13:13:40 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\System32\authuitu.dll
[2014/07/23 13:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[2014/07/23 13:13:14 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\AVG
[2014/07/23 13:12:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/07/23 10:05:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/23 10:05:25 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\temp
[2014/07/23 09:49:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/07/23 09:49:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/07/23 09:49:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/07/23 09:47:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/23 09:47:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/07/22 10:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
[2014/07/22 10:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg
[2014/07/22 10:36:04 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\AvgSetupLog
[2014/07/22 10:36:04 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Avg
[2014/07/22 09:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/07/22 08:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/07/18 09:09:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/17 18:28:28 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/17 18:00:57 | 000,000,000 | ---D | C] -- C:\EEK
[2014/07/17 17:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Emsisoft
[2014/07/17 15:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2014/07/17 15:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2014/07/14 22:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/11 17:26:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2014/08/11 17:05:15 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/11 16:44:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/11 16:44:45 | 2407,403,520 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/11 16:27:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/11 16:11:18 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/11 16:11:18 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/11 06:34:02 | 000,002,629 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat
[2014/08/10 09:07:21 | 000,119,119 | ---- | M] () -- C:\Users\Scott\Desktop\1404.ForgedOriginsOfNewTestament.pdf
[2014/08/10 07:27:17 | 000,035,086 | ---- | M] () -- C:\Users\Scott\Desktop\EnochianAlpha.jpg
[2014/08/10 06:58:50 | 000,042,631 | ---- | M] () -- C:\Users\Scott\Desktop\tradition_rosicrucian_jesus2.gif
[2014/08/05 06:24:05 | 000,136,037 | ---- | M] () -- C:\Users\Scott\Desktop\nimrod.pdf
[2014/08/03 08:12:50 | 007,342,878 | ---- | M] () -- C:\Users\Scott\Desktop\Fossilized Customs.pdf
[2014/07/29 13:15:25 | 000,662,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/29 13:15:25 | 000,122,252 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/23 11:05:26 | 000,000,866 | ---- | M] () -- C:\Users\Scott\Desktop\AVG.lnk
[2014/07/23 10:02:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/07/23 09:54:16 | 004,626,712 | ---- | M] (Piriform Ltd) -- C:\Users\Scott\Desktop\CCleaner.exe
[2014/07/17 15:19:55 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014/07/14 22:21:51 | 000,004,386 | ---- | M] () -- C:\Windows\System32\.crusader
[2014/07/14 12:26:14 | 000,036,152 | ---- | M] (AVG) -- C:\Windows\System32\TURegOpt.exe
[2014/07/14 12:26:06 | 000,025,400 | ---- | M] (AVG) -- C:\Windows\System32\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2014/08/10 09:07:17 | 000,119,119 | ---- | C] () -- C:\Users\Scott\Desktop\1404.ForgedOriginsOfNewTestament.pdf
[2014/08/10 07:27:17 | 000,035,086 | ---- | C] () -- C:\Users\Scott\Desktop\EnochianAlpha.jpg
[2014/08/10 06:58:43 | 000,042,631 | ---- | C] () -- C:\Users\Scott\Desktop\tradition_rosicrucian_jesus2.gif
[2014/08/05 06:23:55 | 000,136,037 | ---- | C] () -- C:\Users\Scott\Desktop\nimrod.pdf
[2014/07/23 13:13:31 | 000,002,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2014/07/23 09:49:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/07/23 09:49:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/07/23 09:49:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/23 09:49:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/07/23 09:49:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/07/22 10:37:35 | 000,000,866 | ---- | C] () -- C:\Users\Scott\Desktop\AVG.lnk
[2014/07/17 15:19:55 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014/07/14 22:21:51 | 000,004,386 | ---- | C] () -- C:\Windows\System32\.crusader
[2014/07/13 08:13:06 | 007,342,878 | ---- | C] () -- C:\Users\Scott\Desktop\Fossilized Customs.pdf
[2014/05/17 22:53:57 | 000,007,605 | ---- | C] () -- C:\Users\Scott\AppData\Local\Resmon.ResmonCfg
[2014/05/14 08:20:37 | 000,089,136 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2014/04/11 06:19:22 | 000,000,455 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\dsf.dat
[2014/04/11 06:19:20 | 000,002,629 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat
[2014/04/10 03:01:38 | 000,023,096 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2014/04/09 11:14:26 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/12/03 05:04:00 | 000,000,582 | ---- | C] () -- C:\Windows\System32\tx19_ic.ini
[2009/06/07 21:19:19 | 000,000,692 | ---- | C] () -- C:\Users\Scott\.plugin141_07.trace
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/07/23 13:13:14 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\AVG
[2014/04/09 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\AVG2014
[2014/04/11 10:04:01 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Thunderbird
[2014/04/09 11:50:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
 


Edited by everythingsm, 11 August 2014 - 07:12 PM.

  • 0

Advertisements

#2
dbreeze
Posted 11 August 2014 - 07:14 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi everythingsm,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Let's get started....

First, there should be an Extras.txt made when OTL ran. Can you see if that is on the same location as OTL and copy and paste that log file here?

Second, please download the following scanner and boot into normal mode; run the scan and then boot to Safe Mode with networking to copy and paste these logs here?

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things for your next reply (You can use more than one post if you want):
  • OTL Extra.txt log.
  • FRST.txt log text.
  • FRST Addition.txt log txt.
  • Any questions you have? Any other symptoms you want to mention?
Thank you.
  • 0

#3
everythingsm
Posted 12 August 2014 - 12:52 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

I forgot to tell you I tried RESTORE and a message said it was not able to restore , timed out Error code 0x81000101.(EDIT after this POST I now can not get on the net or emails again in NORMAL MODE ???)

Here is what has happened since running the OTC in SAFE Mode. The other log is attached.

- I Rebooted in Regular Mode and I was able to get on the net,emails, and programs were opening from my desktop.  I thought maybe I ran CCcleaner early as this problem seemed to occur(after downloading files from the net) and it grabbed a nasty file which stopped my access from the net, email  etc. This morning i tried to run OTC again and the Windows SPin Circle would not go away and my desktop locked up. I could though get on the net and all else was well. I shut down tried to run FRST from Desktop and again... Windows Spin circle Locked up my desktop and I could not run either program from Desktop.. had to reboot in SafeMOde Networking  to give you FRST log. Seems like something hangs up and it takes a long time for the computer to shut down.

 

OTL Extras logfile created on: 8/11/2014 5:30:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17028)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.95% Memory free
5.98 Gb Paging File | 5.27 Gb Available in Paging File | 88.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 42.64 Gb Free Space | 9.16% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1431.45 Gb Free Space | 76.84% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 1254.43 Gb Free Space | 67.33% Space Free | Partition Type: NTFS
 
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0536205F-D297-42C8-8932-CCB75EA7EC2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0911BA60-51B0-4545-A87A-4FE4120DCE4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F942078-AE99-4F93-8B1F-92FD2DC9D233}" = lport=138 | protocol=17 | dir=in | app=system |
"{2909F608-F53F-4E85-8B60-3CF0C8602B50}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{4820ADA7-787C-4C38-9A1A-153EA70D86F8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BACF471-0611-4186-8C48-DF9347182432}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6074CD4C-B33F-44C3-9183-E1EBB4018243}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CB2EAB3-070B-4301-8B6D-6C9E04D5AC63}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{72FD5916-C8FF-45B3-A055-023B728D8A4E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7881E06F-05DD-4CB7-9E87-D080210688FA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{824009CD-C7CD-4066-9F01-3B8AE909B6E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{89AEB23C-F2BF-4305-8FBB-C865021CF988}" = rport=137 | protocol=17 | dir=out | app=system |
"{9782D89D-303D-4E0E-B37A-141ECF123022}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{99E7F8CB-76E1-4378-8564-D286DF25E6F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B2A7961-B768-4D77-87D5-D0BA76AADA7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A22A34B9-88BD-4B3E-A00C-0EB9B4CD2F92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8BBA9BF-6BE3-48F4-A66B-E5E33457D001}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C39D614D-5E88-40AC-A028-E2C20720311F}" = rport=445 | protocol=6 | dir=out | app=system |
"{CB895A3E-8E45-4017-A031-7B2C46C1E5E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE5CA547-09D6-4041-887B-027587095605}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB7CD3E1-5289-4087-8057-F89308A44C83}" = lport=139 | protocol=6 | dir=in | app=system |
"{E38D368E-83FA-4418-BFBB-75DE709C8BA7}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7F4110C-00EE-4C26-9014-72EE841150E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{F54FFFD6-DA32-4111-87DA-AE1BC0C60EE0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C86F93-E97C-4311-9A87-A0196BE953D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0805C4A4-0EEC-4F53-8519-ED09AF01112A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{10FA7DD8-A030-4B60-8434-9CF2F0C8D178}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{155B7093-9DFB-452B-BFDA-FDE366668DD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{285D0949-1447-443F-A827-F9EC8E323A05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F573AEE-F547-4DFC-B3F7-DF85ADB12756}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{58505A7D-861B-4815-9145-3DBFE3F93770}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77B7E07F-B43D-4420-B60C-061BB0AE91A1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{7F3A5279-10B8-4623-B6DA-01A09E96AEE8}" = protocol=58 | dir=out | [email protected],-28546 |
"{997432B6-1CAF-428E-AE90-4715B491E018}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9E5442DB-DADA-4152-939D-136AD30EEF32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A56DD711-E752-432E-BE8B-11D0129DFC3A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{A5DA766C-66B9-43AC-9DF8-308F6496E2E5}" = protocol=1 | dir=out | [email protected],-28544 |
"{A93F060F-0771-4EB6-86E8-FC7AC755986D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC30EE5E-E2BD-413C-B10C-DF680BEFE90F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7274CD1-5C3D-4F9C-BB3A-096DA096E179}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B910E7E2-EF2A-4F73-9F42-94FEA14ED596}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBB41778-ED25-406A-99C7-49A35C787371}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BEF43BDC-8A71-4411-A6F4-0325F37095C3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{C039A8D8-D00B-4FEE-8E35-1C28F470C7AD}" = protocol=58 | dir=in | [email protected],-28545 |
"{CAA99D75-BCC4-4095-8823-28C6F496D4B2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{D372D014-1A79-4E01-B779-AC098E91E870}" = dir=in | app=c:\users\scott\appdata\local\microsoft\skydrive\skydrive.exe |
"{D3E6C43F-DD78-4EE9-A088-DB5694A6BD99}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{D5F5E354-F94F-4958-B466-6E0CBCBC7786}" = protocol=1 | dir=in | [email protected],-28543 |
"{E2F3F6DF-1B80-4708-87E1-DC8593BE1DCF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{E4DD189B-F81E-408E-8B20-0A9A897F6765}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{E9803095-F1D3-4C63-B62E-2C6AB8C043A9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F287A2F9-91C9-4E7C-BDC4-C7569CF8C9C8}" = protocol=6 | dir=out | app=system |
"{FD92EA84-115A-4037-AC0B-BD4EE6D11928}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE03778F-DE28-453D-A046-3F18CF1FFF16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014
"{294B365B-32EF-49EE-99B3-A00558DC76E5}" = e-Sword
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3E322933-FA94-438E-AA1F-2F066B1CC46C}" = FMW 1
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1" = Emsisoft Anti-Malware
"{6E442F8C-3EB1-4911-BB65-F3AD73438F52}_is1" = e-Sword Module Installer version .4
"{7E30D45E-EEC5-41A6-A613-F3BFB2694ACB}" = EZ-DUB
"{8CD86D42-C4DD-4E40-9211-164DFFBCA4DB}" = AVG PC TuneUp 2014 (en-US)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9716EA2F-5DC5-4ECB-AA7B-909457378877}" = AVG Zen
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A2F8F3F6-5AE8-4BE7-AE0E-9FA930C8EE90}" = AVG 2014
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9811F26-3EF6-449A-9736-BB79A125D894}" = AVG 2014
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1" = THE NAG HAMMADI LIBRARY.topx version 0
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F33C4D28-899A-4C3C-868B-9169A121528B}" = EZ-DUB Finder
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Advanced Scan to PDF Free_is1" = Advanced Scan to PDF Free 3.9.2
"AVG" = AVG 2014
"AVG PC TuneUp" = AVG PC TuneUp 2014
"AvgZen" = AVG
"CutePDF Writer Installation" = CutePDF Writer 3.0
"Freemake Video Downloader_is1" = Freemake Video Downloader
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{F33C4D28-899A-4C3C-868B-9169A121528B}" = EZ-DUB Finder
"LiveUpdate" = LiveUpdate
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"Mozilla Thunderbird 24.6.0 (x86 en-US)" = Mozilla Thunderbird 24.6.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TVWiz" = Intel® TV Wizard
"VLC media player" = VLC media player 2.0.0
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACT! 2000" = ACT! 2000
"OneDriveSetup.exe" = Microsoft OneDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/11/2014 4:52:43 PM | Computer Name = Scott-PC | Source = Application Hang | ID = 1002
Description = The program e-Sword.exe version 10.2.0.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1c94    Start
 Time: 01cfb5a5981d00e8    Termination Time: 16    Application Path: C:\Program Files\e-Sword\e-Sword.exe

Report
 Id: f9e46268-2198-11e4-8229-0024e80181a9  
 
Error - 8/11/2014 4:52:45 PM | Computer Name = Scott-PC | Source = Application Hang | ID = 1002
Description = The program e-Sword.exe version 10.2.0.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1b4c    Start
 Time: 01cfb5a5e6bbf75c    Termination Time: 60000    Application Path: C:\Program Files\e-Sword\e-Sword.exe

Report
 Id: 4626e3ff-2199-11e4-8229-0024e80181a9  
 
Error - 8/11/2014 4:54:23 PM | Computer Name = Scott-PC | Source = Application Hang | ID = 1002
Description = The program e-Sword.exe version 10.2.0.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1848    Start
 Time: 01cfb5a5e7355d89    Termination Time: 0    Application Path: C:\Program Files\e-Sword\e-Sword.exe

Report
 Id:   
 
Error - 8/11/2014 4:54:23 PM | Computer Name = Scott-PC | Source = Application Hang | ID = 1002
Description = The program e-Sword.exe version 10.2.0.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1c88    Start
 Time: 01cfb5a5e6f779c2    Termination Time: 15    Application Path: C:\Program Files\e-Sword\e-Sword.exe

Report
 Id:   
 
Error - 8/11/2014 4:58:33 PM | Computer Name = Scott-PC | Source = Application Hang | ID = 1002
Description = The program e-Sword.exe version 10.2.0.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1208    Start
 Time: 01cfb5a672ece25f    Termination Time: 16    Application Path: C:\Program Files\e-Sword\e-Sword.exe

Report
 Id: ca91d09d-2199-11e4-8229-0024e80181a9  
 
Error - 8/11/2014 5:14:44 PM | Computer Name = Scott-PC | Source = Application Hang | ID = 1002
Description = The program SDUpdate.exe version 1.6.0.12 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 2488    Start
 Time: 01cfb5a8b779dbb8    Termination Time: 31    Application Path: C:\Program Files\spybot
 - search & destroy\SDUpdate.exe    Report Id: 0ce462a1-219c-11e4-8229-0024e80181a9  
 
Error - 8/11/2014 5:37:41 PM | Computer Name = Scott-PC | Source = Application Hang | ID = 1002
Description = The program SDUpdate.exe version 1.6.0.12 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1f4c    Start
 Time: 01cfb5ac2c5a5e27    Termination Time: 60000    Application Path: C:\Program Files\spybot
 - search & destroy\SDUpdate.exe    Report Id: 8bfb7c38-219f-11e4-8229-0024e80181a9  
 
Error - 8/11/2014 6:15:49 PM | Computer Name = Scott-PC | Source = Bonjour Service | ID = 100
Description = 372: ERROR: read_msg errno 10054 (An existing connection was forcibly
 closed by the remote host.)
 
Error - 8/11/2014 7:19:59 PM | Computer Name = Scott-PC | Source = System Restore | ID = 8200
Description =
 
Error - 8/11/2014 7:46:33 PM | Computer Name = Scott-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 8/11/2014 8:20:53 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/11/2014 8:22:59 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/11/2014 8:22:59 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/11/2014 8:22:59 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/11/2014 8:27:59 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/11/2014 8:27:59 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/11/2014 8:27:59 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/11/2014 8:30:07 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/11/2014 8:30:07 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/11/2014 8:30:07 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
 
< End of report >
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-08-2014 01
Ran by Scott (administrator) on SCOTT-PC on 12-08-2014 11:30:47
Running from C:\Users\Scott\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Scott\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EZ-DUB Finder.lnk
ShortcutTarget: EZ-DUB Finder.lnk -> C:\Program Files\EZ-DUB\EZ-DUB.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCC703EB21F54CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ixquick.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0169E633-8781-F882-9BC7-7B014AE4DE4E} URL = http://www.bing.com/...eferrer:source}
SearchScopes: HKCU - {09533787-AE1B-4686-AD2C-648367BFEF2B} URL = http://search.yahoo....=utf-8&fr=b1ie7
SearchScopes: HKCU - {454575F2-C92B-4CBB-B1F6-3D04AC434B77} URL = http://search.yahoo....p={SearchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\7a9e9569.default
FF Homepage: https://www.ixquick.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\7a9e9569.default\user.js
FF Extension: Adblock Plus - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\7a9e9569.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-05-31]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-05-31]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)
S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-07-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [678416 2014-07-03] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
S2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1858360 2014-07-14] (AVG)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
S1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
S1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
S1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [74456 2014-05-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-22] (Ulead Systems, Inc.) [File not signed]
S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 11:30 - 2014-08-12 11:30 - 00004781 _____ () C:\Users\Scott\Desktop\FRST.txt
2014-08-12 11:17 - 2014-08-12 11:17 - 01091584 _____ (Farbar) C:\Users\Scott\Desktop\FRST(1).exe
2014-08-12 10:58 - 2014-08-12 10:58 - 01091584 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
2014-08-11 18:45 - 2014-08-12 11:10 - 00000224 _____ () C:\Windows\setupact.log
2014-08-11 18:45 - 2014-08-11 18:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 18:14 - 2014-08-11 18:14 - 00027450 _____ () C:\Users\Scott\Documents\.txt
2014-08-11 17:31 - 2014-08-11 17:33 - 00047474 _____ () C:\Users\Scott\Desktop\Extras.Txt
2014-08-11 17:30 - 2014-08-11 17:32 - 00055508 _____ () C:\Users\Scott\Desktop\OTL.Txt
2014-08-11 17:30 - 2014-08-11 17:30 - 00602112 _____ (OldTimer Tools) C:\Users\Scott\Desktop\OTL.scr
2014-08-11 17:26 - 2014-08-11 17:26 - 00602112 _____ (OldTimer Tools) C:\Users\Scott\Desktop\OTL.exe
2014-08-05 12:06 - 2014-08-05 12:36 - 00001589 _____ () C:\Users\Scott\Desktop\Grownupshavechildren.txt
2014-07-29 09:45 - 2014-07-23 09:54 - 04626712 _____ (Piriform Ltd) C:\Users\Scott\Desktop\CCleaner.exe
2014-07-23 13:13 - 2014-07-23 13:13 - 00002161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-07-23 13:13 - 2014-07-23 13:13 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\AVG
2014-07-23 13:13 - 2014-07-23 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-07-23 13:13 - 2014-07-14 12:26 - 00036152 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-07-23 13:13 - 2014-07-14 12:26 - 00025400 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-07-23 13:12 - 2014-07-23 13:23 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-23 10:05 - 2014-07-23 10:05 - 00010842 _____ () C:\ComboFix.txt
2014-07-23 09:49 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-23 09:49 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-23 09:49 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-23 09:49 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-23 09:49 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-23 09:49 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-23 09:49 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-23 09:49 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-23 09:47 - 2014-07-23 10:05 - 00000000 ____D () C:\Qoobox
2014-07-23 09:47 - 2014-07-23 10:03 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 10:37 - 2014-07-23 11:05 - 00000866 _____ () C:\Users\Scott\Desktop\AVG.lnk
2014-07-22 10:36 - 2014-07-23 13:15 - 00000000 ____D () C:\ProgramData\Avg
2014-07-22 10:36 - 2014-07-23 13:13 - 00000000 ____D () C:\Users\Scott\AppData\Local\Avg
2014-07-22 10:36 - 2014-07-23 13:11 - 00000000 ____D () C:\Users\Scott\AppData\Local\AvgSetupLog
2014-07-22 10:35 - 2014-07-22 10:35 - 15212976 _____ (AVG Technologies) C:\Users\Scott\Downloads\avg_gsr_stb_all_291p1_44.exe
2014-07-22 09:26 - 2014-07-22 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-22 08:19 - 2014-07-22 08:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 09:09 - 2014-07-18 09:09 - 00000000 ____D () C:\Windows\ERUNT
2014-07-17 18:29 - 2014-07-17 18:30 - 00018056 _____ () C:\Users\Scott\Downloads\Addition.txt
2014-07-17 18:28 - 2014-08-12 11:30 - 00000000 ____D () C:\FRST
2014-07-17 18:28 - 2014-07-18 09:27 - 00027741 _____ () C:\Users\Scott\Downloads\FRST.txt
2014-07-17 18:00 - 2014-07-17 18:01 - 00000000 ____D () C:\EEK
2014-07-17 17:52 - 2014-07-17 17:53 - 215983336 _____ () C:\Users\Scott\Downloads\EmsisoftEmergencyKit.exe
2014-07-17 17:44 - 2014-07-17 17:44 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-17 15:19 - 2014-08-12 11:11 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-07-17 15:19 - 2014-07-17 15:19 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-17 15:08 - 2014-07-17 15:12 - 222833152 _____ (Emsisoft GmbH ) C:\Users\Scott\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-14 22:21 - 2014-07-14 22:21 - 00004386 _____ () C:\Windows\system32\.crusader
2014-07-14 22:12 - 2014-07-14 22:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 22:11 - 2014-07-17 14:56 - 10279264 _____ (SurfRight B.V.) C:\Users\Scott\Downloads\HitmanPro.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 11:30 - 2014-08-12 11:30 - 00004781 _____ () C:\Users\Scott\Desktop\FRST.txt
2014-08-12 11:30 - 2014-07-17 18:28 - 00000000 ____D () C:\FRST
2014-08-12 11:23 - 2014-04-09 10:56 - 02023604 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 11:18 - 2009-07-13 21:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 11:18 - 2009-07-13 21:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 11:17 - 2014-08-12 11:17 - 01091584 _____ (Farbar) C:\Users\Scott\Desktop\FRST(1).exe
2014-08-12 11:17 - 2014-04-09 11:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-12 11:11 - 2014-07-17 15:19 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-08-12 11:11 - 2014-04-09 11:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 11:10 - 2014-08-11 18:45 - 00000224 _____ () C:\Windows\setupact.log
2014-08-12 11:10 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 10:58 - 2014-08-12 10:58 - 01091584 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
2014-08-12 10:52 - 2014-04-09 14:28 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\vlc
2014-08-12 10:27 - 2014-04-10 20:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 06:43 - 2014-04-11 06:19 - 00002629 _____ () C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat
2014-08-11 18:45 - 2014-08-11 18:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 18:14 - 2014-08-11 18:14 - 00027450 _____ () C:\Users\Scott\Documents\.txt
2014-08-11 17:33 - 2014-08-11 17:31 - 00047474 _____ () C:\Users\Scott\Desktop\Extras.Txt
2014-08-11 17:32 - 2014-08-11 17:30 - 00055508 _____ () C:\Users\Scott\Desktop\OTL.Txt
2014-08-11 17:30 - 2014-08-11 17:30 - 00602112 _____ (OldTimer Tools) C:\Users\Scott\Desktop\OTL.scr
2014-08-11 17:26 - 2014-08-11 17:26 - 00602112 _____ (OldTimer Tools) C:\Users\Scott\Desktop\OTL.exe
2014-08-11 16:47 - 2014-04-13 13:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-09 09:38 - 2011-12-22 15:29 - 00000000 ____D () C:\Users\Scott\Desktop\Religious
2014-08-05 12:36 - 2014-08-05 12:06 - 00001589 _____ () C:\Users\Scott\Desktop\Grownupshavechildren.txt
2014-08-05 08:54 - 2014-04-23 08:09 - 00000000 ____D () C:\Users\Scott\AppData\Local\CutePDF Writer
2014-08-04 07:55 - 2014-04-25 06:09 - 00000000 ____D () C:\Windows\Minidump
2014-07-29 13:15 - 2010-11-20 14:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-29 09:49 - 2014-04-09 11:46 - 00000000 ____D () C:\Windows\Panther
2014-07-26 08:26 - 2013-04-12 11:50 - 00000000 ____D () C:\Users\Scott\Documents\e-Sword
2014-07-23 13:23 - 2014-07-23 13:12 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-23 13:23 - 2014-04-14 20:56 - 00000000 ____D () C:\Users\Scott\AppData\Local\Downloaded Installations
2014-07-23 13:23 - 2014-04-12 11:02 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2014-07-23 13:23 - 2014-04-09 13:05 - 00000000 ____D () C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2014-07-23 13:15 - 2014-07-22 10:36 - 00000000 ____D () C:\ProgramData\Avg
2014-07-23 13:13 - 2014-07-23 13:13 - 00002161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-07-23 13:13 - 2014-07-23 13:13 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\AVG
2014-07-23 13:13 - 2014-07-23 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-07-23 13:13 - 2014-07-22 10:36 - 00000000 ____D () C:\Users\Scott\AppData\Local\Avg
2014-07-23 13:13 - 2014-04-09 11:08 - 00000000 ____D () C:\Users\Scott\AppData\Local\VirtualStore
2014-07-23 13:12 - 2014-04-09 11:49 - 00000000 ____D () C:\Program Files\AVG
2014-07-23 13:11 - 2014-07-22 10:36 - 00000000 ____D () C:\Users\Scott\AppData\Local\AvgSetupLog
2014-07-23 11:05 - 2014-07-22 10:37 - 00000866 _____ () C:\Users\Scott\Desktop\AVG.lnk
2014-07-23 10:05 - 2014-07-23 10:05 - 00010842 _____ () C:\ComboFix.txt
2014-07-23 10:05 - 2014-07-23 09:47 - 00000000 ____D () C:\Qoobox
2014-07-23 10:05 - 2009-07-13 19:37 - 00000000 __RHD () C:\Users\Default
2014-07-23 10:05 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-07-23 10:03 - 2014-07-23 09:47 - 00000000 ____D () C:\Windows\erdnt
2014-07-23 10:02 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2014-07-23 09:54 - 2014-07-29 09:45 - 04626712 _____ (Piriform Ltd) C:\Users\Scott\Desktop\CCleaner.exe
2014-07-22 10:42 - 2014-07-22 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-22 10:41 - 2014-04-09 11:50 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-22 10:35 - 2014-07-22 10:35 - 15212976 _____ (AVG Technologies) C:\Users\Scott\Downloads\avg_gsr_stb_all_291p1_44.exe
2014-07-22 10:30 - 2014-04-10 16:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-22 08:19 - 2014-07-22 08:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 09:27 - 2014-07-17 18:28 - 00027741 _____ () C:\Users\Scott\Downloads\FRST.txt
2014-07-18 09:09 - 2014-07-18 09:09 - 00000000 ____D () C:\Windows\ERUNT
2014-07-17 18:30 - 2014-07-17 18:29 - 00018056 _____ () C:\Users\Scott\Downloads\Addition.txt
2014-07-17 18:01 - 2014-07-17 18:00 - 00000000 ____D () C:\EEK
2014-07-17 17:53 - 2014-07-17 17:52 - 215983336 _____ () C:\Users\Scott\Downloads\EmsisoftEmergencyKit.exe
2014-07-17 17:44 - 2014-07-17 17:44 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-17 15:19 - 2014-07-17 15:19 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-17 15:12 - 2014-07-17 15:08 - 222833152 _____ (Emsisoft GmbH ) C:\Users\Scott\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-17 14:56 - 2014-07-14 22:11 - 10279264 _____ (SurfRight B.V.) C:\Users\Scott\Downloads\HitmanPro.exe
2014-07-14 22:22 - 2014-07-14 22:12 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 22:21 - 2014-07-14 22:21 - 00004386 _____ () C:\Windows\system32\.crusader
2014-07-14 12:26 - 2014-07-23 13:13 - 00036152 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-07-14 12:26 - 2014-07-23 13:13 - 00025400 _____ (AVG) C:\Windows\system32\authuitu.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 17:21

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-08-2014 01
Ran by Scott at 2014-08-12 11:46:58
Running from C:\Users\Scott\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
ACT! 2000 (HKCU\...\ACT! 2000) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Scan to PDF Free 3.9.2 (HKLM\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.0.306 - AVG Technologies)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (Version: 14.0.1001.519 - AVG) Hidden
AVG Zen (Version: 1.0.306 - AVG Technologies) Hidden
Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
e-Sword (HKLM\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
e-Sword Module Installer version .4 (HKLM\...\{6E442F8C-3EB1-4911-BB65-F3AD73438F52}_is1) (Version: .4 - BibleSupport.com)
EZ-DUB (HKLM\...\{7E30D45E-EEC5-41A6-A613-F3BFB2694ACB}) (Version: 3.0 - Ulead System)
EZ-DUB Finder (HKLM\...\InstallShield_{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON)
EZ-DUB Finder (Version: 1.00.0722 - LiteON) Hidden
FMW 1 (Version: 1.0.222 - AVG Technologies) Hidden
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{350FB27C-CF62-4EF3-AF9D-70FF313FE221}) (Version: 10.0.0.68 - Apple Inc.)
LiveUpdate (HKLM\...\LiveUpdate) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
THE NAG HAMMADI LIBRARY.topx version 0 (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: 0 - BibleSupport.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Scott\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Scott\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Scott\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Scott\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Scott\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Scott\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Scott\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

29-07-2014 22:52:18 Scheduled Checkpoint
06-08-2014 23:13:02 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2014-07-23 10:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {35910534-5F45-451B-86CF-536B12FEDDC1} - System32\Tasks\{8ED34269-D355-4824-81B4-8E0CA709686C} => C:\Program Files\iTunes\iTunes.exe [2010-09-01] (Apple Inc.)
Task: {60B245A9-53E6-4893-A5B9-78C94BC324BD} - System32\Tasks\{DCC16085-21A5-4481-BCD9-1750B143EE35} => C:\Program Files\iTunes\iTunes.exe [2010-09-01] (Apple Inc.)
Task: {76892BC5-DD39-4476-A303-245CDC15CFE7} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)
Task: {F2FA7467-3EDF-4E2C-9E53-B5E9B9F81698} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-22 08:19 - 2014-07-22 08:19 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2014 11:29:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 11:22:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 480: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/12/2014 11:11:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 11:02:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 372: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/12/2014 06:22:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2014 08:41:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2014 08:32:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 188: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/11/2014 06:46:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2014 04:46:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2014 04:19:59 PM) (Source: System Restore) (EventID: 8200) (User: )
Description: Failed to initiate System Restore (Scheduled Checkpoint).


System errors:
=============
Error: (08/12/2014 11:44:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:44:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:44:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:42:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:42:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:42:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:37:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:37:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:37:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:34:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3061.18 MB
Available physical RAM: 2424.75 MB
Total Pagefile: 6120.64 MB
Available Pagefile: 5534.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:41.98 GB) NTFS
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1431.45 GB) NTFS
Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1254.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7A055C85)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.

========================================================
Disk: 6 (Size: 1863 GB) (Disk ID: 8A352DED)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by everythingsm, 12 August 2014 - 01:25 PM.

  • 0

#4
everythingsm
Posted 13 August 2014 - 12:11 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

At Shut Down ... long delay and message says TASK HOST waiting to shut down. I tried to run SYSTEM FILE CHECKER and COMMAN Prompt will not come up. I looked in my Processes Running  and the 3 files listed would not allow me access ( csrss.exe, winlogon.exe, consent.exe). I did some checking on consent.exe and read it may be malware or Windows & problem. Please help I have not had a response in 24 hrs and no response to my logs. :no:

 

 

I did Diagnostic Startup and problems seem to go away if the below 2 itmes are not checked for start up.  I also do not see winlogon.exe or consent.exe in the Task Manager during this mode of start up.

 

2 Itesm:

 

Intel ® Common User Interface c/windows/systems32/hkcmd.exe

     "                                 "                                              igfxtray.exe

 

Microsoft Safety Scann - Quick Scan found nothing in Safe Mode.

 

 

 

 

Everytime I use Geeks I contribute to my helper.


Edited by everythingsm, 13 August 2014 - 01:11 PM.

  • 0

#5
dbreeze
Posted 13 August 2014 - 01:41 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Sorry about not replying earlier, everythingsm; it seems I did not get a notification that you had replied to this thread (I have now manually set that up so in the future it will not be a problem) until your PM.  Again, I apologize and will go over the logs now.


  • 0

#6
everythingsm
Posted 13 August 2014 - 01:46 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

Great TY ...  I appreciate your acknowledgement TY... but when will you move forward with my logs ? :yeah:

 

I'm traveling for biz tomorrow ,at my machine today will be gone tomorrow.. I just want to be near my machine when you can help me. I see you are all very very busy.


  • 0

#7
dbreeze
Posted 13 August 2014 - 01:55 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Any fixes I have for you have to be approved by a Teacher before I can send them to you / have you do them. 

 

We are fighting a "time zone" problem here; I know I can't get the approvals until late tonight.  If you do not need the computer for your trip, I would suggest that you not worry about this for now, get your business trip done and we can have you fixed on Friday.  Does that work for you?


  • 0

#8
everythingsm
Posted 13 August 2014 - 02:05 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

Sorry I asked abt the logs after your messssage! I was working on another system and didn't read your message correctly.   TY for the time info.  I will be back at my troubled system Thursday 8/14 at 1:00PM Pacific. So if you can send me your next correspondence late night I will move forward at that time .. and hopefully finish on Fri :smashcomp: (I will be at my system all day and watching for your availability on Fri).

 

TY very much for letting me know abt your approval process and the timing. It's very helpful ! :D


  • 0

#9
dbreeze
Posted 13 August 2014 - 02:29 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

First thing that we can do to help with this investigation is a "clean boot" of the system.  This will let us know if there is anything in the OS that is not working properly and then we will have a starting point.

 

The steps for doing a "Clean Boot" for Windows 7 can be found in this Microsoft KB article here.  When you restart the system just let it boot into "normal" mode and then see if you have access to the network / email works / system shuts down without hanging.  The article also tells you how to undo the changes to enable a regular boot.  Let us know the results when you can.


  • 0

#10
everythingsm
Posted 13 August 2014 - 03:30 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

I ran CLEAN BOOT. All ran well picture attached of Task Manager & System Config with CLEAN Boot. No consent.exe.. all runs well. Attachment CLEAN BOOT & SYSTEM CONFIG.

CLEAN BOOT: 2 Items not marked to START.

 

2 Items:

 

Intel ® Common User Interface c/windows/systems32/hkcmd.exe

     "                                 "                                              igfxtray.exe

 

 

 

 

When I do NORMAL BOOT and all launches I can get on the Net ,emails sometimes but programs freeze on my Desktop.  Once the programs freeze on my desk top, I can't get on the Net and so on. I can not then adjust msconfig, the computer freezes and can not be turn off by SHUT DOWN . I must turn the POWER OFF. Then it hangs for 5-7 minutes unless I hit the power again to turn it off. MESSAGE pops up TOO MANY FILES in 16 bit PROGRAM... all I can make out but there was more.  I' m no pro at this obviuosly but once the 2 items above are STARTED it looks like consent.exe comes back and then bad news. Could drivers have been changed by MAlware or virus ?

 

Attachment PROBLEMS

Attached Thumbnails

  • CleanBoot.JPG
  • SystemConfig2OFF.JPG
  • Problem.JPG

Edited by everythingsm, 13 August 2014 - 03:49 PM.

  • 0

Advertisements

#11
dbreeze
Posted 14 August 2014 - 02:03 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Let's try this to see if the system will run only Microsoft processes.

Clean Boot - Windows 7 & Vista

  • Log on to the computer by using an account that has administrator rights.
  • Click Start, type msconfig.exe in the Start Search box, and then press Enter to start the System Configuration utility.
    Note If you are prompted for an administrator password or for confirmation, you should type the password or provide confirmation.
    2440068.png
  • On the General tab, click the Selective startup option, and then click to clear the Load startup items check box. (The Use Original Boot.ini check box is unavailable.)
    2440069.png
  • On the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all. You must do these 3 steps in their entirety so that all services other than Microsoft OS services are not running on the next start of your system.
    2440071.png
    Note This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points.
  • Click OK, and then click Restart.

Once the system has restarted, please Snip a picture of the Task Manager, save the picture and then post it here for review. You should be able to get to the Internet in the Clean Boot mode but if you do not want to do so due to no AV running, I understand.


  • 0

#12
everythingsm
Posted 14 August 2014 - 02:34 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

So you want me to lose all of my RESTORE Points at this time ?

 

Note This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points

 

Is there anything on my logs ? I will take your direction and i'm not telling you how to drive but can you determine anything from what i've already done with RESTARTS/Screen Shots and LOGS. What happens if I do this and i have the same problem ? please give me an idea of what you may thingk before I delete my REASTORE POINTs to TRY SOMETHING.


  • 0

#13
dbreeze
Posted 14 August 2014 - 03:35 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

You missed one of the steps in the instructions (or actually, the instructions need to be clearer in their description of what is happening behind the scenes).

 

On the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all. You must do these 3 steps in their entirety so that all services other than Microsoft OS services are not running on the next start of your system.

 

Step1 - Go to Services tab

Step2 - select Hide all Microsoft services check box (by selecting this box, all the Microsoft services will be filtered out of the list so that they are not affected; sorry, I should have made this clearer from the beginning)

Step3 - Now click Disable All (but actually this should say "Disable All That Are Listed" - the filtered out Microsoft Services will still be as they were before; that is, if they were enabled to start and run with a boot then they will still be enabled and will run).

 

What I am seeing in your log(s) is some conflicts that this test will show what direction to go in.  And I do not want us to lose the restore points at all; if you Hide all Microsoft services first, then the Restore Points will not be removed and we should be good to go.

 

Once you have made the screen shot I asked for, you can start msconfig.exe once again and select Normal Startup on the main screen, Ok and restart the system.


  • 0

#14
everythingsm
Posted 14 August 2014 - 04:30 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

Thanks, did not want to take a chance with RESTORE. I tried to RESTORE, timed out earlier and thought this may be caused by my prob ?

 

I did REBOOT per instruction. The first picture is RIGHT after the REBOOT. All went well you( will see the screen and not consent.exe). Then I went on the Net once then got off. Tried to msconfig.exe at START UP then I can't type in area. I took another screen at that time. The 2nd screen shows the conset.exe . I could not log off and had to use power button. SAme message came up, too fast to read. It looked like the 16 bit earlier MESSAGE. Rebooted REGULAR, still could not type in msconfig. I had to REBOOT in SAFE MODE to send this message.

 

14jpg = 1st Reboot

13consent = After I went on Net after REBOOT then could not type or log off.

Attached Thumbnails

  • 14.JPG
  • 13consent.JPG

  • 0

#15
dbreeze
Posted 14 August 2014 - 06:17 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

What setting do you use on UAC? 

 

Is the User account you usually sign into an Administrator account?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP