SpywareHammer.com

SpywareHammer Malware Removal Forums => Completed Malware and Rootkit Removal Topics => Topic started by: PGB on August 30, 2015, 12:06:58 PM

Title: [Resolved] A/V Scans hanging up
Post by: PGB on August 30, 2015, 12:06:58 PM
Have been here before -- you guys are tremendous!  Recently when manually running Microsoft Security Essentials or MalwareBytes, the scan hangs up and over an our does not complete.  Is something not right in my ssytem?


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/30/2013 6:58:57 PM
System Uptime: 8/30/2015 1:58:17 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | Z87-PLUS
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz | SOCKET 1150 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 56.671 GiB free.
D: is CDROM ()
Y: is NetworkDisk (NTFS) - 3663 GiB total, 807.738 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP296: 8/30/2015 11:14:22 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acronis True Image 2014
Adobe Acrobat Reader DC
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Adobe Refresh Manager
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Asmedia ASM106x SATA Host Controller Driver
Brother HL-5250DN
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco WebEx Meetings
Citrix Online Launcher
Corel PaintShop Pro X6
Creative Content
CrystalDiskMark 3.0.2f
DC-Bass Source 1.3.0
Definition Update for Microsoft Office 2010 (KB3054979) 32-Bit Edition
DirectVobSub 2.40.4209
DirectXInstallService
DivX Setup
Dropbox
EMCGadgets64
ERUNT 1.1j
ffdshow
ffdshow v1.1.4399 [2012-03-22]
Fuze Meeting
FXCM MetaTrader 4
FXCM Trading Station
Google Chrome
Google Update Helper
GoToMeeting 7.2.4.3277
HL-5450DN
Hubb Client Data Manager
IBFX MT4
ICA
Integrated Investor
Intel(R) Management Engine Components
Intel(R) Network Connections 18.1.59.0
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
IPM_PSP_COM64
iSEEK AnswerWorks English Runtime
Java 8 Update 31
Java 8 Update 45
Java Auto Updater
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
LogMeIn
Malwarebytes Anti-Malware version 2.1.8.1057
Microsoft .NET Framework 4.5.2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 4.0 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Moyea FLV Player version 1.6.2.2
Mozilla Firefox 40.0.3 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySpeed v5.4.5
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NEW HAMPSHIRE ASSOCIATION REALTORS FORMS
Nitro Reader 3
OpenOffice 4.1.1
OpenSource Flash Video Splitter 1.0.0.5
PipStrider III
PrimoPDF -- brought to you by Nitro PDF Software
PSPPContent
PSPPHelp
PSPPro64
Quicken 2012
Quicken 2015
Quicken WillMaker Plus 2012
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer Cloud
Realtek High Definition Audio Driver
RealUpgrade 1.1
Replay Video Capture 7
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio RecordNow 10 Music Lab
Roxio Update Manager
Samsung Magician
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Security Update for Microsoft Excel 2010 (KB3055044) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598244) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2863817) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2965310) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3054848) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB3055033) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB3054876) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB3055039) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setup
SHARP MX/DX Series PCL/PS Printer Driver
Skype Click to Call
Skype™ 7.0
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware
TeamViewer 9
thinkorswim
Top Producer Outlook Sync
Trade Navigator
TradeStation 9.1
TradeStation 9.5
TTM Squeeze 2.2
TTM Squeeze Radar 3.2
TTM Voodoo Lines
Update for Microsoft Access 2010 (KB2965300) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589282) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2965296) 32-Bit Edition
Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054962) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2965297) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB3055041) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition
UpdateService
VC_CRT_x64
VC80CRTRedist - 8.0.50727.6195
VD64Inst
VectorVest 7
Video Downloader
VisualTour Studio
VT Remote Support
VTTrader
WinPcap 4.1.3
Wisdom-soft ScreenHunter 6.0 Free
Xvid Video Codec
zipForm6
.
==== Event Viewer Messages From Past Week ========
.
8/30/2015 2:47:18 AM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937  BrowserJavaVersion: 11.45.2
Run by Phyllis at 14:01:23 on 2015-08-30
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32706.28089 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\SysWOW64\DllHost.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\proclaunch.exe
C:\Windows\System32\cscript.exe
c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\ffprobe.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.stevebrownsellshomes.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Dropbox Update] "C:\Users\Phyllis\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRunOnce: [Application Restart #4] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --win-jumplist-action=recently-closed --flag-switches-begin --flag-switches-end --restore-last-session https://www.topproducer8i.com/14.7000.07.00/Calendar/CalendarLanding.aspx?view_id=1&plDate=2015-04-29&assigned_to_id={01829190-3b47-4637-ad7c-4d1c1cbec748}
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
StartupFolder: C:\Users\Phyllis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Phyllis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCREEN~1.LNK - C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tradestation.webex.com/client/T29LSP12/support/ieatgpc1.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{73BD1BBB-596A-4971-BC51-8CBFF9CB11DB} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F381B6C9-5FF3-4264-99BD-7DB56032B7E3} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com 
x64-mSearch Page = hxxp://www.google.com 
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_DTS] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevebrownsellshomes.com
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files\thinkorswim\npthinkorswim.dll
FF - plugin: C:\Program Files\thinkorswim\nptossc.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\Users\Phyllis\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Phyllis\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll
FF - plugin: C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Phyllis\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2013-1-10 47512]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-12-11 116000]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-11-4 55024]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2015-3-11 25056]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-12-11 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-12-11 198432]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-12-11 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-12-11 117024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-12-11 3873784]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2013-10-30 927232]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-11-12 118056]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2013-10-30 240584]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-10-24 417640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-11-12 72216]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-6-23 109272]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-23 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-23 1133880]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 124568]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-10-26 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-11-25 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-10-30 31856]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-13 5261584]
R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2015-3-11 307928]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-12-11 367200]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-10-30 96768]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-10-30 496400]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-23 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-23 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-10-30 169432]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-6-4 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-6-4 166384]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-2-4 7142320]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2015-3-11 1256192]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-10-16 249856]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-11 114688]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-17 442368]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-15 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-6-4 1120752]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-3-3 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-15 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-31 1255736]
.
=============== Created Last 30 ================
.
2015-08-30 17:58:41   75888   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E4EDB35-1E1A-4722-B958-319DEC694D6B}\offreg.200.dll
2015-08-30 15:39:01   75888   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E4EDB35-1E1A-4722-B958-319DEC694D6B}\offreg.1016.dll
2015-08-30 06:29:49   75888   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E4EDB35-1E1A-4722-B958-319DEC694D6B}\offreg.172.dll
2015-08-30 06:29:24   1190000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E05FFBB2-7FB3-4F9B-8F8C-79C050DE8D78}\gapaengine.dll
2015-08-30 06:29:14   11745192   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E4EDB35-1E1A-4722-B958-319DEC694D6B}\mpengine.dll
2015-08-29 20:45:59   11745192   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-27 20:12:48   --------   d-----w-   C:\Program Files (x86)\TradeStation 9.5
2015-08-20 07:00:16   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-08-20 07:00:16   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-08-12 07:10:03   124624   ----a-w-   C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:10:03   103120   ----a-w-   C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
.
==================== Find3M  ====================
.
2015-08-30 17:59:31   113880   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-08-25 15:15:07   35688   ----a-w-   C:\Windows\System32\LMIport.dll
2015-08-25 15:15:07   122752   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll
2015-08-25 15:15:07   107368   ----a-w-   C:\Windows\System32\LMIinit.dll
2015-08-12 06:47:09   778440   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-12 06:47:09   142536   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06:57   2565120   ----a-w-   C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57   1648128   ----a-w-   C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57   1180160   ----a-w-   C:\Windows\System32\FntCache.dll
2015-07-30 18:06:42   41984   ----a-w-   C:\Windows\System32\lpk.dll
2015-07-30 18:06:39   100864   ----a-w-   C:\Windows\System32\fontsub.dll
2015-07-30 18:06:35   14336   ----a-w-   C:\Windows\System32\dciman32.dll
2015-07-30 18:06:34   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30   1987584   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30   1251328   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08   70656   ----a-w-   C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05   10240   ----a-w-   C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56   25600   ----a-w-   C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07   3208192   ----a-w-   C:\Windows\System32\win32k.sys
2015-07-30 16:52:53   372736   ----a-w-   C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55   299520   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2015-07-28 20:09:44   17344   ----a-w-   C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53   774656   ----a-w-   C:\Windows\System32\invagent.dll
2015-07-28 20:05:50   743424   ----a-w-   C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47   437760   ----a-w-   C:\Windows\System32\devinv.dll
2015-07-28 20:05:45   1116672   ----a-w-   C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44   69120   ----a-w-   C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44   227328   ----a-w-   C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14   1148416   ----a-w-   C:\Windows\System32\aeinv.dll
2015-07-20 18:12:45   98304   ----a-w-   C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45   3154944   ----a-w-   C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45   192000   ----a-w-   C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16   91136   ----a-w-   C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05   12288   ----a-w-   C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02   37376   ----a-w-   C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49   93184   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49   173056   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08   34816   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:33   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22   417792   ----a-w-   C:\Windows\System32\html.iec
2015-07-16 20:36:21   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00   5923328   ----a-w-   C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:00:07   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47   504320   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38   341504   ----a-w-   C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42   2427904   ----a-w-   C:\Windows\System32\wininet.dll
2015-07-16 19:12:39   4520448   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-07-16 19:12:29   856064   ----a-w-   C:\Windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12:29   53248   ----a-w-   C:\Windows\SysWow64\tsgqec.dll
2015-07-16 19:12:28   6131200   ----a-w-   C:\Windows\SysWow64\mstscax.dll
2015-07-16 19:11:27   62976   ----a-w-   C:\Windows\System32\tsgqec.dll
2015-07-16 19:11:26   7077376   ----a-w-   C:\Windows\System32\mstscax.dll
2015-07-16 19:11:26   1057792   ----a-w-   C:\Windows\System32\rdvidcrl.dll
2015-07-16 19:06:06   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02   1951232   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-07-16 00:43:52   107392   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2015-07-15 18:15:12   5568960   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-07-15 18:15:11   94656   ----a-w-   C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10   155584   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09   1730496   ----a-w-   C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14   243712   ----a-w-   C:\Windows\System32\wow64.dll
2015-07-15 18:11:14   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57   338432   ----a-w-   C:\Windows\System32\conhost.exe
2015-07-15 18:09:52   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45   3989952   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45   3934656   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24   1311768   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49   552960   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43   36864   ----a-w-   C:\Windows\SysWow64\cryptbase.dll
.
============= FINISH: 14:01:37.66 ===============
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on August 30, 2015, 02:19:41 PM
Hello it is Hoov again.

Are your scans hanging up on the same file?
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on August 30, 2015, 02:57:15 PM
Hello Hoov!  I don't know-- never looked for that.  Sorry, am not sophisticated in this arena!
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on August 30, 2015, 05:23:58 PM
Start windows cleanly and run both scans again. Wait until the the scans hang up and then look at the file they are on. Let me know both of the files they are on (after starting windows normally again). Instructions for starting Windows cleanly are below.

To start windows cleanly go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

Once you have figured out the file they are sticking on, run msconfig and select normal startup then click apply then OK and reboot windows.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on August 30, 2015, 06:42:12 PM
Once I hid all Microsoft Services, MSE was no longer available for me to run in selective startup.  I ran the Malawarebytes Threat Scan.  It completed in 00:07:48, scanned 384,314 items, 0 threats detected.

Then I ran msconfig and selected normal startup, OK, rebooted; then ran MSE Full Scan.  It hung up at
c:\\Windows\Installer\c9c433.msp->PATCH_CAB
that was 00:15:14 into the scan, 1396472 items scanned.

I re-ran Malawarebytes in normal mode and it hung at
C:USERS\PHYLLIS\APPDATA\LOCAL\TEMP|CitrixUpdates\GoToMeeting\2492\GMTranscoder.exe
Objects scanned:90,916
Elapsed time: 00:20:41 ...the timer kept running, even though I hit PAUSE
Detected Objects: 0

Does this help?
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on August 30, 2015, 07:26:04 PM
I just tries MSE again.  It stopped running at Tie elapsed: 00:15:10 and the green progress line is only 3/4 the way across. Shows Items Scanned: 1400557 and it stopped on Item: C:\Windows\Installer\$PatchCache$\Managed\0EE3A20E3911C454E895DBCF6ECEB722\9.5.0\Guid_  (cannot see any further to the right)

Does this help?
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on August 30, 2015, 07:37:54 PM
Kind of. It tells me that it is not a single file it is hanging up on, but there is something in Windows that is stopping the scan.

With windows running normally, Please download and install Speccy (http://www.piriform.com/speccy). Once that is done, then start it up. Once it is done analyzing, click on File and then on Save Snapshot. Save the snapshot to your desktop and then right click on it and select Send To and then Compressed (Zipped) Folder. I will send you a PM on what to do with the file.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on August 31, 2015, 06:09:28 PM
Speccy file-- done!
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on August 31, 2015, 06:35:58 PM
Its not a heat problem, and you have plenty of space on your hard drives. Try running both scans again. Before you start them open the task manager and make sure you have the process's tab selected. Then click on the CPU column header to reorder the list according to the cycles used. Makes sure the highest number of cycles is at the top. Now run the scans and when they bog down, look at see what process is using the most cycles. Tell me anything using more than 20% (other than the two scanners).
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 01, 2015, 07:09:47 AM
In both cases, the only other process showing is System Idle Process (when I have the bottom left box "Show processes from all users" checked.  My understanding is that that shows the percentage of the processor that is idle.  Each of the A/V scans cuts out entirely after about 16 minutes, and the System Idle Process then goes up to 99.  If you want, I can record it all, so you can see the Windows Task manager box and the Scans the entire time they are running (I can record anything that shows on my screen using ReplayVideoCapture).  Would that help?
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 02, 2015, 10:39:46 AM
Don't worry about getting more, what you have told me is enough, even if it does not make sense.

Go to this page (https://support.malwarebytes.org/customer/portal/articles/1833358-how-do-i-use-malwarebytes-chameleon-to-run-malwarebytes-anti-malware-on-an-infected-system-?b_id=6447) and run the instructions under method A
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 02, 2015, 01:28:54 PM
Chameleon ran from the first button; the MBAM scan took 00:05:22 to complete, scanned 385,290 items, 0 threats identified.
Rebooted, then ran MBAM again; scanned 386,221 items, 0 threats identified. :t

Disabled MBAM to run MSE Full scan (which I do not keep as real-time protection); Scan hung up at 00:15:49  Items scanned: 1407509   
Item:  C:\\Windows\Installer\c9c443.msp->PATCH_CAB   ???
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 02, 2015, 03:22:15 PM
Have you ever had other Antivirus scanners installed on this machine?
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 02, 2015, 05:56:07 PM
Not that I recall.  I use SuperAntipyware Free Edition EVERY time I get off FaceBook, to remove the adware and trackers.  But that's all.  Have been using that for a long time.  Have had this problem with the A/V scans only recently.
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 02, 2015, 06:05:46 PM
A tad off topic, have you ever thought of using a program like Ghostery to block the cookies and trackers from even being put on your system.

Download Silent Runners.zip (http://www.silentrunners.org/Silent%20Runners.zip) and extract it to a new folder on your Desktop.

    * Run the Silent Runners.vbs file.
    * You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."
    * If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run.
    * This script is not malicious so please allow it.
    * A text file will appear in the folder - it''s not done, let it run. (It won''t appear to be doing anything!)
    * Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.


Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 02, 2015, 06:49:04 PM
Had never heard of it before.  Will check it out.

"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Operating System: Microsoft Windows 7 Professional Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [SUPERAntiSpyware]
RESTART_STICKY_NOTES = C:\Windows\System32\StikyNot.exe [MS]
Dropbox Update = "C:\Users\Phyllis\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c [Dropbox, Inc.]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
Application Restart #4 = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --win-jumplist-action=recently-closed --flag-switches-begin --flag-switches-end --restore-last-session https://www.topproducer8i.com/14.7000.07.00/Calendar/CalendarLanding.aspx?view_id=1&plDate=2015-04-29&assigned_to_id={01829190-3b47-4637-ad7c-4d1c1cbec748} [Google Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [Realtek Semiconductor]
RtHDVBg_DTS = "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P [Realtek Semiconductor]
Persistence = "C:\Windows\system32\igfxpers.exe" [Intel Corporation]
MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]
LogMeIn GUI = "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [LogMeIn, Inc.]
IgfxTray = "C:\Windows\system32\igfxtray.exe" [Intel Corporation]
IAStorIcon = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [Intel Corporation]
HotKeysCmds = "C:\Windows\system32\hkcmd.exe" [Intel Corporation]
Acronis Scheduler2 Service = "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [Acronis]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
(Default) = (empty string) [file not found]
USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [Intel Corporation]
TrueImageMonitor.exe = "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [Acronis]
TkBellExe = "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot [RealNetworks, Inc.]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]
StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]
RoxWatchTray = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [Sonic Solutions]
RealDownloader = C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [null data]
DivXUpdate = "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [null data]
DivXMediaServer = C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [DivX, LLC]
BrStsMon00 = C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [Brother Industries, Ltd.]
AcronisTibMounterMonitor = C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [Acronis International GmbH]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
  -> {HKLM...CLSID} = RealNetworks Download and Record Plugin for Internet Explorer
                   \InProcServer32\(Default) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [RealDownloader]
  -> {HKLM...Wow...CLSID} = RealNetworks Download and Record Plugin for Internet Explorer
                         \InProcServer32\(Default) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [RealDownloader]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO
  -> {HKLM...CLSID} = Skype Click to Call for Internet Explorer
                   \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS]
  -> {HKLM...Wow...CLSID} = Skype Click to Call for Internet Explorer
                         \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [MS]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM...CLSID} = Office Document Cache Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
  -> {HKLM...CLSID} = RealNetworks Download and Record Plugin for Internet Explorer
                   \InProcServer32\(Default) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [RealDownloader]
  -> {HKLM...Wow...CLSID} = RealNetworks Download and Record Plugin for Internet Explorer
                         \InProcServer32\(Default) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [RealDownloader]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [Oracle Corporation]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO
  -> {HKLM...CLSID} = Skype Click to Call for Internet Explorer
                   \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS]
  -> {HKLM...Wow...CLSID} = Skype Click to Call for Internet Explorer
                         \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [MS]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM...CLSID} = Office Document Cache Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

 DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt1 Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]

 DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt2 Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]

 DropboxExt3\(Default) = {FB314EDD-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt5 Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]

 DropboxExt4\(Default) = {FB314EDE-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt6 Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]

 DropboxExt5\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt3 Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]

 DropboxExt6\(Default) = {FB314EDF-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt7 Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]

 DropboxExt7\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt4 Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]

 DropboxExt8\(Default) = {FB314EE0-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt8 Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]

AcronisSyncError\(Default) = {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [Acronis]

AcronisSyncInProgress\(Default) = {00F848DC-B1D4-4892-9C25-CAADC86A215D}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [Acronis]

AcronisSyncOk\(Default) = {71573297-552E-46fc-BE3D-3DFAF88D47B7}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [Acronis]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

 DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt1 Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

 DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt2 Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

 DropboxExt3\(Default) = {FB314EDD-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt5 Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

 DropboxExt4\(Default) = {FB314EDE-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt6 Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

 DropboxExt5\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt3 Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

 DropboxExt6\(Default) = {FB314EDF-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt7 Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

 DropboxExt7\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt4 Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

 DropboxExt8\(Default) = {FB314EE0-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt8 Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt1 Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt2 Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt3 Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
  -> {HKLM...CLSID} = DisplayCplExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]

{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
  -> {HKLM...CLSID} = SimpleShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = c:\PROGRA~1\MICROS~1\shellext.dll [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...CLSID} = ImageExtractorShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...CLSID} = CInfoTipShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
  -> {HKLM...CLSID} = Enterprise Projects
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} = RXDCExtShlExt extension
  -> {HKLM...CLSID} = RXDCExtShlExt Class
                   \InProcServer32\(Default) = C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [Sonic Solutions]

{C539A15A-3AF9-4c92-B771-50CB78F5C751} = Acronis True Image Shell Context Menu Extension
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [Acronis]

{C539A15B-3AF9-4c92-B771-50CB78F5C751} = Acronis True Image Shell Extension
  -> {HKLM...CLSID} = Acronis Secure Zone
                   \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [Acronis]

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler
  -> {HKLM...CLSID} = OpenOffice Property Handler
                   \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll [Apache Software Foundation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]

{00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler
  -> {HKLM...Wow...CLSID} = Microsoft Outlook
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\MLSHEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...Wow...CLSID} = Outlook File Icon Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player
  -> {HKLM...Wow...CLSID} = RealOne Player Context Menu Class
                         \InProcServer32\(Default) = c:\program files (x86)\real\realplayer\rpshell.dll [RealNetworks, Inc.]

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler
  -> {HKLM...Wow...CLSID} = OpenOffice Property Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl.dll [Apache Software Foundation]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice Column Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice Infotip Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice Property Sheet Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice Thumbnail Viewer
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}\(Default) = LogMeInCredProv
  -> {HKLM...CLSID} = LogMeInCredProv
                   \InProcServer32\(Default) = LMIinit.dll [LogMeIn, Inc.]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> skypec2c\CLSID = {91774881-D725-4E58-B298-07617B9B86A8}
  -> {HKLM...CLSID} = Skype Click to Call for IE Pluggable Protocol
                   \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
  -> {HKCU...CLSID} = ContextMenuHandler Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]
  -> {HKCU...Wow...CLSID} = ContextMenuHandler Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = c:\PROGRA~1\MICROS~1\shellext.dll [MS]

RXDCExtSvr\(Default) = {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
  -> {HKLM...CLSID} = RXDCExtShlExt Class
                   \InProcServer32\(Default) = C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [Sonic Solutions]

VersionsPageShellExt\(Default) = {9E42900A-85F9-4E67-9778-575FBBA0A81C}
  -> {HKLM...CLSID} = VersionsPageShellExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [Acronis]
  -> {HKLM...Wow...CLSID} = VersionsPageShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [Acronis]

{C539A15A-3AF9-4c92-B771-50CB78F5C751}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [Acronis]
  -> {HKLM...Wow...CLSID} = Acronis True Image Shell Context Menu Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll [Acronis]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
  -> {HKLM...CLSID} = SASContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com]

HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

{9E42900A-85F9-4E67-9778-575FBBA0A81C}\(Default) = (no title provided)
  -> {HKLM...CLSID} = VersionsPageShellExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [Acronis]
  -> {HKLM...Wow...CLSID} = VersionsPageShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [Acronis]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation]

{4A7C4306-57E0-4C0C-83A9-78C1528F618C}\(Default) = {4A7C4306-57E0-4C0C-83A9-78C1528F618C}
  -> {HKLM...CLSID} = RealPlayer Cloud
                   \InProcServer32\(Default) = c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [RealNetworks, Inc.]
  -> {HKLM...Wow...CLSID} = RealPlayer Cloud
                         \InProcServer32\(Default) = c:\program files (x86)\real\realplayer\RPDS\Bin\rpcloudview.dll [RealNetworks, Inc.]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
  -> {HKLM...CLSID} = SASContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com]

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
  -> {HKCU...CLSID} = ContextMenuHandler Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]
  -> {HKCU...Wow...CLSID} = ContextMenuHandler Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = c:\PROGRA~1\MICROS~1\shellext.dll [MS]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
  -> {HKLM...CLSID} = SASContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com]

HKCU\Software\Classes\Directory\shellex\CopyHookHandlers\

DropboxCopyHook\(Default) = {FBC9D74C-AF55-4309-9FB2-C426E071637F}
  -> {HKCU...CLSID} = DropboxExt CopyHook Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]
  -> {HKCU...Wow...CLSID} = DropboxExt CopyHook Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
  -> {HKCU...CLSID} = ContextMenuHandler Class
                   \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.]
  -> {HKCU...Wow...CLSID} = ContextMenuHandler Class
                         \InProcServer32\(Default) = C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
  -> {HKLM...CLSID} = SimpleShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM...CLSID} = GraphicsShellExt Class
                   \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice Column Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll [Apache Software Foundation]
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation]

RXDCExtSvr\(Default) = {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
  -> {HKLM...CLSID} = RXDCExtShlExt Class
                   \InProcServer32\(Default) = C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [Sonic Solutions]

VersionsPageShellExt\(Default) = {9E42900A-85F9-4E67-9778-575FBBA0A81C}
  -> {HKLM...CLSID} = VersionsPageShellExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [Acronis]
  -> {HKLM...Wow...CLSID} = VersionsPageShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [Acronis]

{C539A15A-3AF9-4c92-B771-50CB78F5C751}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [Acronis]
  -> {HKLM...Wow...CLSID} = Acronis True Image Shell Context Menu Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll [Acronis]

HKLM\SOFTWARE\Classes\Folder\shellex\PropertySheetHandlers\

{9E42900A-85F9-4E67-9778-575FBBA0A81C}\(Default) = (no title provided)
  -> {HKLM...CLSID} = VersionsPageShellExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [Acronis]
  -> {HKLM...Wow...CLSID} = VersionsPageShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [Acronis]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

EnableLinkedConnections = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

Corel PaintShop Pro X6ShowPicturesOnArrivalHandler\
InvokeProgID = PaintShopProX6_64.Image
InvokeVerb = Review
HKLM\SOFTWARE\Classes\PaintShopProX6_64.Image\shell\Review\command\(Default) = "c:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe" "%1" [Corel, Inc.]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

RoxioSCAudioCDTask36\
Provider = Roxio Central Audio
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = AudioCDTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\AudioCDTask\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {1DF24BC5-8E7F-4D41-AF7B-1EAAF8CE889B} [null data]

RoxioSCCopyCD36\
Provider = Roxio Central Copy
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D} [null data]

RoxioSCCopyDisc36\
Provider = Roxio Central Copy
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D} [null data]

RoxioSCDataProject36\
Provider = Roxio Central Data
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = DataGuide
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataGuide\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch Data [null data]

RoxioSCDataTask36\
Provider = Roxio Central Data
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = DataTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataTask\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {85B64A0F-9111-4A55-8B5A-59343EE1EE8B} [null data]

RPCDBurningOnArrival\
Provider = RealPlayer Cloud
InvokeProgID = RealPlayer.CDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /burn "%1" [RealNetworks, Inc.]

RPDVDBurningOnArrival\
Provider = RealPlayer Cloud
InvokeProgID = RealPlayer.DVDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.]

RPPlayCDAudioOnArrival\
Provider = RealPlayer Cloud
InvokeProgID = RealPlayer.AudioCD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe"  /play %1  [RealNetworks, Inc.]

RPPlayDVDMovieOnArrival\
Provider = RealPlayer Cloud
InvokeProgID = RealPlayer.DVD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe"  /dvd %1  [RealNetworks, Inc.]

RPPlayMediaOnArrival\
Provider = RealPlayer Cloud
InvokeProgID = RealPlayer.AutoPlay.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.]


Startup items in "Phyllis" & "All Users" startup folders:
---------------------------------------------------------

C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
Dropbox -> shortcut to: C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.]
ScreenHunter 6.0 Free -> shortcut to: C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe [Wisdom Software Inc. ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}
NETGEAR WNDA3100v2 Genie -> shortcut to: C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [null data]
RealPlayer Cloud Service UI -> shortcut to: C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [RealNetworks, Inc.]


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Acrobat Update Task ->  launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated]
Adobe Flash Player Updater ->  launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
CCleanerSkipUAC ->  launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
DropboxUpdateTaskUserS-1-5-21-4249353033-2772040276-2529461727-1000Core ->  launches: C:\Users\Phyllis\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c [Dropbox, Inc.]
DropboxUpdateTaskUserS-1-5-21-4249353033-2772040276-2529461727-1000UA ->  launches: C:\Users\Phyllis\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler [Dropbox, Inc.]
EasyShare Registration Task ->  launches: C:\Windows\system32\rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.30.2.sxt _RegistrationOffer@16 [MS]
G2MUpdateTask-S-1-5-21-4249353033-2772040276-2529461727-1000 ->  launches: C:\Program Files (x86)\Citrix\GoToMeeting\3356\g2mupdate.exe [Citrix Online, a division of Citrix Systems, Inc.]
G2MUploadTask-S-1-5-21-4249353033-2772040276-2529461727-1000 ->  launches: C:\Program Files (x86)\Citrix\GoToMeeting\3356\g2mupload.exe [Citrix Online, a division of Citrix Systems, Inc.]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
RealDownloader Update Check ->  launches: C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe /scheduler [null data]
RealDownloaderRealUpgradeLogonTaskS-1-5-21-4249353033-2772040276-2529461727-1000 ->  launches: C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /logoncheck [RealNetworks, Inc.]
RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4249353033-2772040276-2529461727-1000 ->  launches: C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /scheduledcheck [RealNetworks, Inc.]
RealPlayerRealUpgradeLogonTaskS-1-5-21-4249353033-2772040276-2529461727-1000 ->  launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck [RealNetworks, Inc.]
RealPlayerRealUpgradeScheduledTaskS-1-5-21-4249353033-2772040276-2529461727-1000 ->  launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [RealNetworks, Inc.]
Reset ShopAtHome BAC ->  launches: "C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe" "C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe" "restart" [file not found]
SamsungMagician ->  launches: "C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe" /AUTOHIDE [Samsung Electronics.]
TradeStation Backup - Daily ->  launches: C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe /Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Daily.tsb [TradeStation Technologies, Inc.]
TradeStation Backup - Monthly ->  launches: C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe /Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Monthly.tsb [TradeStation Technologies, Inc.]
TradeStation Backup - Weekly ->  launches: C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe /Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Weekly.tsb [TradeStation Technologies, Inc.]
{CDFDC4BD-99CB-4BAE-B95C-45EFEB402EE3} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\ZipLogix\zipForm6\zipForm6.exe" -d "C:\Program Files (x86)\ZipLogix\zipForm6\" [MS]

C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware
Microsoft Antimalware Scheduled Scan ->  launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
Microsoft Compatibility Appraiser ->  launches: %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe invagent.dll,RunUpdate -noappraiser [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM...CLSID} = KernelCeipCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM...CLSID} = UsbCeip
                   \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM...Wow...CLSID} = UsbCeip
                         \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM...CLSID} = WinSAT Task Manger Task
                   \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                         \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
mcupdate_scheduled ->  launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM...CLSID} = HotStart User Agent
                   \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                   \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                         \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
                   \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
                         \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM...CLSID} = RasMobilityManager
                   \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM...CLSID} = RegistryIdleBackupHandler
                   \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx
launchtrayprocess ->  launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS]
refreshgwxconfig ->  launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS]
refreshgwxconfigandcontent ->  launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS]
refreshgwxcontent ->  launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
Logon-5d ->  launches: %windir%\system32\GWX\GWX.exe /event:7 [MS]
MachineUnlock-5d ->  launches: %windir%\system32\GWX\GWX.exe /event:8 [MS]
OutOfIdle-5d ->  launches: %windir%\system32\GWX\GWX.exe /event:6 [MS]
OutOfSleep-5d ->  launches: %windir%\system32\GWX\GWX.exe /event:9 [MS]
refreshgwxconfig-B ->  launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS]
Telemetry-4xd ->  launches: %windir%\system32\GWX\GWX.exe /event:11 [MS]
Time-5d ->  launches: %windir%\system32\GWX\GWX.exe /event:10 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM...CLSID} = GadgetsManager Class
                   \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM...CLSID} = RunTask
                   \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM...Wow...CLSID} = RunTask
                         \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                   \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                         \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                         \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask ->  launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
  -> {HKLM...CLSID} = Wininet Cache task object
                   \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
  -> {HKLM...Wow...CLSID} = Wininet Cache task object
                         \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-424935
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 02, 2015, 06:58:48 PM
You may get a warning not to run it, but it is safe.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 02, 2015, 09:07:55 PM
Ghostery now on my Explorer, Firefox and Chrome browsers. (I need different ones for different programs and services I use.)   I've been playing with it; think I'm going to like it.
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 02, 2015, 09:29:49 PM
Have you tried turning off your backup software and see if that will allow a complete scan?
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 03, 2015, 08:55:31 PM
Turned of the Acronis True Image back-up software, and am running MSE.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 03, 2015, 09:21:27 PM
Scan ran well until  Time elapsed: 00:15:29  and stopped, incomplete 
Items scanned:  1376844
Item: C:\Windows\Installer\$PatchCache$\Mnaaged\00004109D30000000000000000F01FEC\14.0.4763\)...  cannot read the rest
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 04, 2015, 08:45:16 AM
I mistyped ...  Item: C:\Windows\Installer\$PatchCache$\Mnaaged\000041
 should read  Managed\000041....
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 04, 2015, 11:29:59 AM
Curious, it always seems to lockup right about 15 minutes. Run a scan with Malwarebytes' Anti-Malware and see if it runs all the way thru  still.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 04, 2015, 06:41:21 PM
MBAM ran with no problems, to finish.  No threats identified.
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 04, 2015, 07:13:22 PM
Go to http://www.eset.com/us/online-scanner/ and click on the Run ESET Online Scan button. Do this in IE. Follow the instructions. Let me know how the scan goes.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 05, 2015, 05:41:15 AM
Ran ESET Online scan in IE.  Scan Finished in 00:14:14.  No threats found.
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 05, 2015, 06:21:44 PM
Well isn't that curious. Is Microsoft Security Essentials set on the default settings, or have you changed any settings?
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 05, 2015, 06:43:20 PM
Am not aware of changing any settings, ...where would I see that?  I do not have it set on real-time, as MBAB covers that. 
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 06, 2015, 09:07:45 AM
You should still have it set on real-time. I have ESET and Malwarebytes' Anti-Malware both installed running real-time scans.

Instead of checking settings, lets do an uninstall and reinstall of Microsoft Security Essentials.

Use this uninstaller (http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/) to uninstall it. You can get the installation tool from here (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions), make sure to get the correct language version.

Download both files then disconnect from the internet. Then uninstall Microsoft Security Essentials (using the tool) and run a scan with Ccleaner, remove any temporary files, then reboot and reinstall MSE. Once you have it installed reboot the computer again, reconnect to the internet and run an update on it. Now run a scan again and see if it hangs up again.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 06, 2015, 09:32:28 AM
Question:  The uninstaller  http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/  forwards to a page that says  "Object moved to here"  and "here" is a link to
http://download.microsoft.com/download/0/A/A/0AAAE105-9EDB-45ED-B5F9-1E3C333A28D6/MicrosoftFixit50692.msi  called Windows Installer package.  I disconnect from the internet and it installs MictosoftFixIt50692.msi   Is this correct?
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 06, 2015, 09:51:06 AM
Yep. If you are wondering why the third party link, it is easier to find than the link to the package, and I was feeling particularly tired this morning.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 06, 2015, 10:01:31 AM
Installed Microsoft Fix It.  Not connected to the internet it opens to a page that says server cannot be found.  Connectd to the internet, it opens to https://support.microsoft.com/en-us.  Is there another way for me to uninstall MSE?  .... Came back to add that it looks like MSE is not functioning, so perhaps it was uninstalled.  Will try the reinstall now.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 06, 2015, 10:22:51 AM
Ran Ccleaner, then rebooted and attempted to reinstall MSE.  Get message" Cannot complete the Security Scan installation.  ....Please restart your computer and try again." Error code:0x80070643  I tried again and got the same error message.
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 06, 2015, 10:51:13 AM
Go ahead and stay connected when you run the fix it. See if it will uninstall.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 06, 2015, 10:55:02 AM
I am not seeing MSE anymore in the menu.  It did not tell me that it uninstalled it, though. Ran Ccleaner, then rebooted.  Attempt to reinstall MSE gives Microsoft Security Essentials Installation error box, stating Cannot complete the Security Essentials installation   Error code:0x80070643  Apparently that error code has to do with turning on MSE fiorewall.  I'm getting the same error code with that box checked and with that box unchecked.     ???  Do I actually need to uninstall my other A/V programs to install this?  I tried disabling them (by deleting them from task bar) prior to install MSE; that didn't seem to help.  Please advise.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 06, 2015, 11:14:21 AM
task bar... should read   task manager
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 06, 2015, 03:47:15 PM
download Portable Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html (http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html)
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/ (http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/)

Unzip the contents into a newly created folder on your desktop. Make sure your AV protection is turned OFF before running the tool....

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"


(http://i121.photobucket.com/albums/o239/kevinf80/Tweaking-com/tweak1.jpg)


From the main GUI do the following:


Select Tab 3 and allow it to run Disk check


(http://i121.photobucket.com/albums/o239/kevinf80/Tweaking-com/tweak2.jpg)


Select Tab 4 and allow it to run SFC


(http://i121.photobucket.com/albums/o239/kevinf80/Tweaking-com/tweak3.jpg)


Select Tab 5 and Create System Restore Point


(http://i121.photobucket.com/albums/o239/kevinf80/Tweaking-com/tweak4.jpg)


Select Start Repairs tab => Click the Start


(http://i121.photobucket.com/albums/o239/kevinf80/Tweaking-com/tweak5.jpg)


The repairs window will open, uncheck the boxes as indicated, also the "Restart" option, then select Start...


(http://i121.photobucket.com/albums/o239/kevinf80/Tweaking-com/tweak6.jpg)


DON'T use the computer while each scan is in progress.

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

Now reboot and try reinstalling Microsoft Security Essentials .
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 06, 2015, 10:37:00 PM
 :t wow!  Scary looking scan!  MSE installed fine, updated and did a Quick Scan, ran fine and completed. No threats detected.

Here's the Windows Repair Log:

Tweaking.com - Windows Repair v3.4.3
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Professional
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: PHYLLIS-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Phyllis
Current Profile SID: S-1-5-21-4249353033-2772040276-2529461727-1000
Current Profile Classes: S-1-5-21-4249353033-2772040276-2529461727-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Phyllis\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 11:07:59

Process Count: 95
Commit Total: 4.05 GB
Commit Limit: 33.94 GB
Commit Peak: 7.35 GB
Handle Count: 27660
Kernel Total: 973.02 MB
Kernel Paged: 783.38 MB
Kernel Non Paged: 189.65 MB
System Cache: 18.01 GB
Thread Count: 1187
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 31.94 GB
Memory Used: 4.07 GB(12.7466%)
Memory Avail.: 27.87 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 31.94 GB
Memory Used: 3.36 GB(10.5074%)
Memory Avail.: 28.58 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (9/7/2015 12:04:12 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 173
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (9/7/2015 12:04:13 AM)


Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\hku.7z
Done,  0.17 seconds.


Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\hklm.7z
Done,  1.06 seconds.

   Running Repair Under System Account
   Done (9/7/2015 12:11:01 AM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (9/7/2015 12:11:01 AM)

   Running Repair Under Current User Account
   Done (9/7/2015 12:13:26 AM)

02 - Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (9/7/2015 12:13:26 AM)


Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\default.7z
Done,  0.13 seconds.


Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\profile.7z
Done,  0.14 seconds.


Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\program_files.7z
Done,  0.17 seconds.


Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\program_files_x86.7z
Done,  0.14 seconds.


Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\programdata.7z
Done,  0.14 seconds.


Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\windows.7z
Done,  0.89 seconds.

   Running Repair Under Current User Account
   Done (9/7/2015 12:16:41 AM)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (9/7/2015 12:16:41 AM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:16:43 AM)

03 - Reset Service Permissions
   Start (9/7/2015 12:16:43 AM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:17:00 AM)

04 - Register System Files
   Start (9/7/2015 12:17:00 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:17:24 AM)

05 - Repair WMI
   Start (9/7/2015 12:17:24 AM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   No Antivirus Products Reported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (9/7/2015 12:18:23 AM)

06 - Repair Windows Firewall
   Start (9/7/2015 12:18:23 AM)

Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.13 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:18:51 AM)

07 - Repair Internet Explorer
   Start (9/7/2015 12:18:51 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:19:16 AM)

08 - Repair MDAC/MS Jet
   Start (9/7/2015 12:19:16 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:19:21 AM)

09 - Repair Hosts File
   Start (9/7/2015 12:19:21 AM)
   Running Repair Under System Account
   Done (9/7/2015 12:19:22 AM)

10 - Remove Policies Set By Infections
   Start (9/7/2015 12:19:22 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:19:24 AM)

11 - Repair Start Menu Icons Removed By Infections
   Start (9/7/2015 12:19:24 AM)
   Running Repair Under System Account
   Done (9/7/2015 12:19:25 AM)

12 - Repair Icons
   Start (9/7/2015 12:19:25 AM)
   Running Repair Under Current User Account
   Done (9/7/2015 12:19:26 AM)

13 - Repair Network
   Start (9/7/2015 12:19:26 AM)

Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.14 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:19:46 AM)

15 - Repair Proxy Settings
   Start (9/7/2015 12:19:46 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:19:48 AM)

17 - Repair Windows Updates
   Start (9/7/2015 12:19:48 AM)

Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.13 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (9/7/2015 12:20:16 AM)

18 - Repair CD/DVD Missing/Not Working
   Start (9/7/2015 12:20:16 AM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (9/7/2015 12:20:16 AM)

19 - Repair Volume Shadow Copy Service
   Start (9/7/2015 12:20:16 AM)

Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.13 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:20:37 AM)

21 - Repair MSI (Windows Installer)
   Start (9/7/2015 12:20:37 AM)

Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:20:48 AM)

23.01 - Repair bat Association
   Start (9/7/2015 12:20:48 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:20:50 AM)

23.02 - Repair cmd Association
   Start (9/7/2015 12:20:50 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:20:53 AM)

23.03 - Repair com Association
   Start (9/7/2015 12:20:53 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:20:55 AM)

23.04 - Repair Directory Association
   Start (9/7/2015 12:20:55 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:20:57 AM)

23.05 - Repair Drive Association
   Start (9/7/2015 12:20:57 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:00 AM)

23.06 - Repair exe Association
   Start (9/7/2015 12:21:00 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:02 AM)

23.07 - Repair Folder Association
   Start (9/7/2015 12:21:02 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:04 AM)

23.08 - Repair inf Association
   Start (9/7/2015 12:21:04 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:07 AM)

23.09 - Repair lnk (Shortcuts) Association
   Start (9/7/2015 12:21:07 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:09 AM)

23.10 - Repair msc Association
   Start (9/7/2015 12:21:09 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:11 AM)

23.11 - Repair reg Association
   Start (9/7/2015 12:21:11 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:13 AM)

23.12 - Repair scr Association
   Start (9/7/2015 12:21:13 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:16 AM)

24 - Repair Windows Safe Mode
   Start (9/7/2015 12:21:16 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:18 AM)

25 - Repair Print Spooler
   Start (9/7/2015 12:21:18 AM)

Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:33 AM)

26 - Restore Important Windows Services
   Start (9/7/2015 12:21:33 AM)

Decompressing & Updating Windows Permission File C:\Users\Phyllis\Desktop\Windows repair\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.14 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:39 AM)

27 - Set Windows Services To Default Startup
   Start (9/7/2015 12:21:39 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:43 AM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

31 - Repair Windows 'New' Submenu
   Start (9/7/2015 12:21:43 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:45 AM)

32 - Restore UAC (User Account Control) Settings
   Start (9/7/2015 12:21:45 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/7/2015 12:21:47 AM)

33 - Repair Performance Counters
   Start (9/7/2015 12:21:47 AM)
   Running Repair Under Current User Account
   Done (9/7/2015 12:21:51 AM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (9/7/2015 12:21:51 AM)
   Total Repair Time: 00:17:40


...YOU MUST RESTART YOUR SYSTEM...
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 06, 2015, 11:10:16 PM
MSE Full scan ran well, too.  No issues!
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 06, 2015, 11:46:34 PM
I agree about the scan, it can be a bit intimidating. I don't normally go in for those "Run me and I fix everything" scans, but I have seen that one fix a lot of annoying problems like what you were having.

But because of the issues you were having I would like you to run the computer for 48 hrs or so, do everything you normally do, and make sure you can get into all the system area's (control panel, task manager and places like that). Reboot several times during that time. At the very end, run a scan with Malwarebytes' Anti-Malware and Microsoft Security Essentials and see if they both still work. Let me know how they go.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 06, 2015, 11:51:35 PM
Oh no; the scan had alsmost been done, and so I assumed it would be fine.  But NO!  MSE hung up during the Full scan at c:\Windows\Installer\c9c3ac.msp->91008B0000000014.0.6029.1000/[a symbol of some sort]Property 
See attached screen capture jpg
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 07, 2015, 05:29:48 AM
Still hanging up at 15 minutes. I need to think about this again.
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 07, 2015, 05:34:08 AM
Try running a quick scan with Microsoft Security Essentials.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 07, 2015, 07:14:34 AM
MSE Quick Scan runs well.  MBAM Threat Scan runs well.
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 09, 2015, 01:33:08 PM
Run a full scan with Microsoft Security Essentials again. Before you start it, make sure the only programs running are the ones in the system tray. Close your browsers and all the stuff you start manually and let Microsoft Security Essentials run by itself. Do a full scan (that you were doing before) and let me know the time and file it hangs up on, if it does. Also before starting the scan, see if there are any windows updates waiting to finish their install.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 09, 2015, 05:25:44 PM
Great!  Will do within the next few days.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 11, 2015, 12:06:23 PM
 :t  MSE Full scan completed on 1684431 items.  No threats detected.
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 11, 2015, 03:34:18 PM
So run your computer as you normally do and try running a full scan during that time.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 13, 2015, 08:44:34 PM
Will do!  I'll get back to you in a couple of days, OK?
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 22, 2015, 06:18:48 AM
Have been using computer normally, and MSE Full scan runs well.  Not seeing any ongoing issues.    :ty
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 22, 2015, 08:37:56 AM
Outstanding!

Do you have any other questions or concerns?
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 24, 2015, 04:46:43 AM
 At this time we're all set.  Delaying putting Windows 10 on the computer for as long as we can.  Am open to any comments you might have about that.
Title: Re: [In Progress] A/V Scans hanging up
Post by: Hoov on September 24, 2015, 08:30:59 AM
It is a personal choice. I have several systems I am also delaying on, and another that has Windows 10. I am going to use it for a while and see how I like it before changing the others over.
Title: Re: [In Progress] A/V Scans hanging up
Post by: PGB on September 27, 2015, 11:18:03 AM
OK, then.  Thanks for all your help here!