Author Topic: [Resolved] A/V Scans hanging up  (Read 8217 times)

Offline PGB

  • Bronze Member
  • Posts: 381
[Resolved] A/V Scans hanging up
« on: August 30, 2015, 12:06:58 PM »
Have been here before -- you guys are tremendous!  Recently when manually running Microsoft Security Essentials or MalwareBytes, the scan hangs up and over an our does not complete.  Is something not right in my ssytem?


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/30/2013 6:58:57 PM
System Uptime: 8/30/2015 1:58:17 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | Z87-PLUS
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz | SOCKET 1150 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 56.671 GiB free.
D: is CDROM ()
Y: is NetworkDisk (NTFS) - 3663 GiB total, 807.738 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP296: 8/30/2015 11:14:22 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acronis True Image 2014
Adobe Acrobat Reader DC
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Adobe Refresh Manager
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Asmedia ASM106x SATA Host Controller Driver
Brother HL-5250DN
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco WebEx Meetings
Citrix Online Launcher
Corel PaintShop Pro X6
Creative Content
CrystalDiskMark 3.0.2f
DC-Bass Source 1.3.0
Definition Update for Microsoft Office 2010 (KB3054979) 32-Bit Edition
DirectVobSub 2.40.4209
DirectXInstallService
DivX Setup
Dropbox
EMCGadgets64
ERUNT 1.1j
ffdshow
ffdshow v1.1.4399 [2012-03-22]
Fuze Meeting
FXCM MetaTrader 4
FXCM Trading Station
Google Chrome
Google Update Helper
GoToMeeting 7.2.4.3277
HL-5450DN
Hubb Client Data Manager
IBFX MT4
ICA
Integrated Investor
Intel(R) Management Engine Components
Intel(R) Network Connections 18.1.59.0
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
IPM_PSP_COM64
iSEEK AnswerWorks English Runtime
Java 8 Update 31
Java 8 Update 45
Java Auto Updater
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
LogMeIn
Malwarebytes Anti-Malware version 2.1.8.1057
Microsoft .NET Framework 4.5.2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 4.0 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Moyea FLV Player version 1.6.2.2
Mozilla Firefox 40.0.3 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySpeed v5.4.5
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NEW HAMPSHIRE ASSOCIATION REALTORS FORMS
Nitro Reader 3
OpenOffice 4.1.1
OpenSource Flash Video Splitter 1.0.0.5
PipStrider III
PrimoPDF -- brought to you by Nitro PDF Software
PSPPContent
PSPPHelp
PSPPro64
Quicken 2012
Quicken 2015
Quicken WillMaker Plus 2012
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer Cloud
Realtek High Definition Audio Driver
RealUpgrade 1.1
Replay Video Capture 7
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio RecordNow 10 Music Lab
Roxio Update Manager
Samsung Magician
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Security Update for Microsoft Excel 2010 (KB3055044) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598244) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2863817) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2965310) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3054848) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB3055033) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB3054876) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB3055039) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setup
SHARP MX/DX Series PCL/PS Printer Driver
Skype Click to Call
Skype™ 7.0
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware
TeamViewer 9
thinkorswim
Top Producer Outlook Sync
Trade Navigator
TradeStation 9.1
TradeStation 9.5
TTM Squeeze 2.2
TTM Squeeze Radar 3.2
TTM Voodoo Lines
Update for Microsoft Access 2010 (KB2965300) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589282) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2965296) 32-Bit Edition
Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054962) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2965297) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB3055041) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition
UpdateService
VC_CRT_x64
VC80CRTRedist - 8.0.50727.6195
VD64Inst
VectorVest 7
Video Downloader
VisualTour Studio
VT Remote Support
VTTrader
WinPcap 4.1.3
Wisdom-soft ScreenHunter 6.0 Free
Xvid Video Codec
zipForm6
.
==== Event Viewer Messages From Past Week ========
.
8/30/2015 2:47:18 AM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937  BrowserJavaVersion: 11.45.2
Run by Phyllis at 14:01:23 on 2015-08-30
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32706.28089 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\SysWOW64\DllHost.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\proclaunch.exe
C:\Windows\System32\cscript.exe
c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\ffprobe.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.stevebrownsellshomes.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Dropbox Update] "C:\Users\Phyllis\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRunOnce: [Application Restart #4] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --win-jumplist-action=recently-closed --flag-switches-begin --flag-switches-end --restore-last-session https://www.topproducer8i.com/14.7000.07.00/Calendar/CalendarLanding.aspx?view_id=1&plDate=2015-04-29&assigned_to_id={01829190-3b47-4637-ad7c-4d1c1cbec748}
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
StartupFolder: C:\Users\Phyllis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Phyllis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCREEN~1.LNK - C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tradestation.webex.com/client/T29LSP12/support/ieatgpc1.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{73BD1BBB-596A-4971-BC51-8CBFF9CB11DB} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F381B6C9-5FF3-4264-99BD-7DB56032B7E3} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com 
x64-mSearch Page = hxxp://www.google.com 
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_DTS] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevebrownsellshomes.com
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files\thinkorswim\npthinkorswim.dll
FF - plugin: C:\Program Files\thinkorswim\nptossc.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\Users\Phyllis\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Phyllis\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll
FF - plugin: C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Phyllis\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2013-1-10 47512]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-12-11 116000]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-11-4 55024]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2015-3-11 25056]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-12-11 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-12-11 198432]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-12-11 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-12-11 117024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-12-11 3873784]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2013-10-30 927232]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-11-12 118056]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2013-10-30 240584]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-10-24 417640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-11-12 72216]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-6-23 109272]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-23 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-23 1133880]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 124568]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-10-26 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-11-25 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-10-30 31856]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-13 5261584]
R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2015-3-11 307928]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-12-11 367200]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-10-30 96768]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-10-30 496400]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-23 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-23 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-10-30 169432]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-6-4 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-6-4 166384]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-2-4 7142320]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2015-3-11 1256192]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-10-16 249856]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-11 114688]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-17 442368]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-15 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-6-4 1120752]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-3-3 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-15 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-31 1255736]
.
=============== Created Last 30 ================
.
2015-08-30 17:58:41   75888   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E4EDB35-1E1A-4722-B958-319DEC694D6B}\offreg.200.dll
2015-08-30 15:39:01   75888   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E4EDB35-1E1A-4722-B958-319DEC694D6B}\offreg.1016.dll
2015-08-30 06:29:49   75888   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E4EDB35-1E1A-4722-B958-319DEC694D6B}\offreg.172.dll
2015-08-30 06:29:24   1190000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E05FFBB2-7FB3-4F9B-8F8C-79C050DE8D78}\gapaengine.dll
2015-08-30 06:29:14   11745192   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E4EDB35-1E1A-4722-B958-319DEC694D6B}\mpengine.dll
2015-08-29 20:45:59   11745192   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-27 20:12:48   --------   d-----w-   C:\Program Files (x86)\TradeStation 9.5
2015-08-20 07:00:16   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-08-20 07:00:16   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-08-12 07:10:03   124624   ----a-w-   C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:10:03   103120   ----a-w-   C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
.
==================== Find3M  ====================
.
2015-08-30 17:59:31   113880   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-08-25 15:15:07   35688   ----a-w-   C:\Windows\System32\LMIport.dll
2015-08-25 15:15:07   122752   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll
2015-08-25 15:15:07   107368   ----a-w-   C:\Windows\System32\LMIinit.dll
2015-08-12 06:47:09   778440   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-12 06:47:09   142536   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06:57   2565120   ----a-w-   C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57   1648128   ----a-w-   C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57   1180160   ----a-w-   C:\Windows\System32\FntCache.dll
2015-07-30 18:06:42   41984   ----a-w-   C:\Windows\System32\lpk.dll
2015-07-30 18:06:39   100864   ----a-w-   C:\Windows\System32\fontsub.dll
2015-07-30 18:06:35   14336   ----a-w-   C:\Windows\System32\dciman32.dll
2015-07-30 18:06:34   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30   1987584   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30   1251328   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08   70656   ----a-w-   C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05   10240   ----a-w-   C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56   25600   ----a-w-   C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07   3208192   ----a-w-   C:\Windows\System32\win32k.sys
2015-07-30 16:52:53   372736   ----a-w-   C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55   299520   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2015-07-28 20:09:44   17344   ----a-w-   C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53   774656   ----a-w-   C:\Windows\System32\invagent.dll
2015-07-28 20:05:50   743424   ----a-w-   C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47   437760   ----a-w-   C:\Windows\System32\devinv.dll
2015-07-28 20:05:45   1116672   ----a-w-   C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44   69120   ----a-w-   C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44   227328   ----a-w-   C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14   1148416   ----a-w-   C:\Windows\System32\aeinv.dll
2015-07-20 18:12:45   98304   ----a-w-   C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45   3154944   ----a-w-   C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45   192000   ----a-w-   C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16   91136   ----a-w-   C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05   12288   ----a-w-   C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02   37376   ----a-w-   C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49   93184   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49   173056   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08   34816   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:33   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22   417792   ----a-w-   C:\Windows\System32\html.iec
2015-07-16 20:36:21   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00   5923328   ----a-w-   C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:00:07   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47   504320   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38   341504   ----a-w-   C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42   2427904   ----a-w-   C:\Windows\System32\wininet.dll
2015-07-16 19:12:39   4520448   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-07-16 19:12:29   856064   ----a-w-   C:\Windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12:29   53248   ----a-w-   C:\Windows\SysWow64\tsgqec.dll
2015-07-16 19:12:28   6131200   ----a-w-   C:\Windows\SysWow64\mstscax.dll
2015-07-16 19:11:27   62976   ----a-w-   C:\Windows\System32\tsgqec.dll
2015-07-16 19:11:26   7077376   ----a-w-   C:\Windows\System32\mstscax.dll
2015-07-16 19:11:26   1057792   ----a-w-   C:\Windows\System32\rdvidcrl.dll
2015-07-16 19:06:06   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02   1951232   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-07-16 00:43:52   107392   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2015-07-15 18:15:12   5568960   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-07-15 18:15:11   94656   ----a-w-   C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10   155584   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09   1730496   ----a-w-   C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14   243712   ----a-w-   C:\Windows\System32\wow64.dll
2015-07-15 18:11:14   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57   338432   ----a-w-   C:\Windows\System32\conhost.exe
2015-07-15 18:09:52   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45   3989952   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45   3934656   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24   1311768   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49   552960   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43   36864   ----a-w-   C:\Windows\SysWow64\cryptbase.dll
.
============= FINISH: 14:01:37.66 ===============
« Last Edit: August 30, 2015, 02:18:44 PM by Hoov »

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] A/V Scans hanging up
« Reply #1 on: August 30, 2015, 02:19:41 PM »
Hello it is Hoov again.

Are your scans hanging up on the same file?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [In Progress] A/V Scans hanging up
« Reply #2 on: August 30, 2015, 02:57:15 PM »
Hello Hoov!  I don't know-- never looked for that.  Sorry, am not sophisticated in this arena!

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] A/V Scans hanging up
« Reply #3 on: August 30, 2015, 05:23:58 PM »
Start windows cleanly and run both scans again. Wait until the the scans hang up and then look at the file they are on. Let me know both of the files they are on (after starting windows normally again). Instructions for starting Windows cleanly are below.

To start windows cleanly go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

Once you have figured out the file they are sticking on, run msconfig and select normal startup then click apply then OK and reboot windows.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [In Progress] A/V Scans hanging up
« Reply #4 on: August 30, 2015, 06:42:12 PM »
Once I hid all Microsoft Services, MSE was no longer available for me to run in selective startup.  I ran the Malawarebytes Threat Scan.  It completed in 00:07:48, scanned 384,314 items, 0 threats detected.

Then I ran msconfig and selected normal startup, OK, rebooted; then ran MSE Full Scan.  It hung up at
c:\\Windows\Installer\c9c433.msp->PATCH_CAB
that was 00:15:14 into the scan, 1396472 items scanned.

I re-ran Malawarebytes in normal mode and it hung at
C:USERS\PHYLLIS\APPDATA\LOCAL\TEMP|CitrixUpdates\GoToMeeting\2492\GMTranscoder.exe
Objects scanned:90,916
Elapsed time: 00:20:41 ...the timer kept running, even though I hit PAUSE
Detected Objects: 0

Does this help?

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [In Progress] A/V Scans hanging up
« Reply #5 on: August 30, 2015, 07:26:04 PM »
I just tries MSE again.  It stopped running at Tie elapsed: 00:15:10 and the green progress line is only 3/4 the way across. Shows Items Scanned: 1400557 and it stopped on Item: C:\Windows\Installer\$PatchCache$\Managed\0EE3A20E3911C454E895DBCF6ECEB722\9.5.0\Guid_  (cannot see any further to the right)

Does this help?

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] A/V Scans hanging up
« Reply #6 on: August 30, 2015, 07:37:54 PM »
Kind of. It tells me that it is not a single file it is hanging up on, but there is something in Windows that is stopping the scan.

With windows running normally, Please download and install Speccy. Once that is done, then start it up. Once it is done analyzing, click on File and then on Save Snapshot. Save the snapshot to your desktop and then right click on it and select Send To and then Compressed (Zipped) Folder. I will send you a PM on what to do with the file.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [In Progress] A/V Scans hanging up
« Reply #7 on: August 31, 2015, 06:09:28 PM »
Speccy file-- done!

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] A/V Scans hanging up
« Reply #8 on: August 31, 2015, 06:35:58 PM »
Its not a heat problem, and you have plenty of space on your hard drives. Try running both scans again. Before you start them open the task manager and make sure you have the process's tab selected. Then click on the CPU column header to reorder the list according to the cycles used. Makes sure the highest number of cycles is at the top. Now run the scans and when they bog down, look at see what process is using the most cycles. Tell me anything using more than 20% (other than the two scanners).

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [In Progress] A/V Scans hanging up
« Reply #9 on: September 01, 2015, 07:09:47 AM »
In both cases, the only other process showing is System Idle Process (when I have the bottom left box "Show processes from all users" checked.  My understanding is that that shows the percentage of the processor that is idle.  Each of the A/V scans cuts out entirely after about 16 minutes, and the System Idle Process then goes up to 99.  If you want, I can record it all, so you can see the Windows Task manager box and the Scans the entire time they are running (I can record anything that shows on my screen using ReplayVideoCapture).  Would that help?

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] A/V Scans hanging up
« Reply #10 on: September 02, 2015, 10:39:46 AM »
Don't worry about getting more, what you have told me is enough, even if it does not make sense.

Go to this page and run the instructions under method A

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [In Progress] A/V Scans hanging up
« Reply #11 on: September 02, 2015, 01:28:54 PM »
Chameleon ran from the first button; the MBAM scan took 00:05:22 to complete, scanned 385,290 items, 0 threats identified.
Rebooted, then ran MBAM again; scanned 386,221 items, 0 threats identified. :t

Disabled MBAM to run MSE Full scan (which I do not keep as real-time protection); Scan hung up at 00:15:49  Items scanned: 1407509   
Item:  C:\\Windows\Installer\c9c443.msp->PATCH_CAB   ???

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] A/V Scans hanging up
« Reply #12 on: September 02, 2015, 03:22:15 PM »
Have you ever had other Antivirus scanners installed on this machine?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [In Progress] A/V Scans hanging up
« Reply #13 on: September 02, 2015, 05:56:07 PM »
Not that I recall.  I use SuperAntipyware Free Edition EVERY time I get off FaceBook, to remove the adware and trackers.  But that's all.  Have been using that for a long time.  Have had this problem with the A/V scans only recently.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] A/V Scans hanging up
« Reply #14 on: September 02, 2015, 06:05:46 PM »
A tad off topic, have you ever thought of using a program like Ghostery to block the cookies and trackers from even being put on your system.

Download Silent Runners.zip and extract it to a new folder on your Desktop.

    * Run the Silent Runners.vbs file.
    * You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."
    * If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run.
    * This script is not malicious so please allow it.
    * A text file will appear in the folder - it''s not done, let it run. (It won''t appear to be doing anything!)
    * Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.



Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!