Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft error 80246008. BITS service is disabled and can't be enabled


  • This topic is locked This topic is locked
83 replies to this topic

#1 huntsin2

huntsin2

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 03 December 2015 - 05:04 PM

Hello,
 
I am trying to clean up a computer. I went to do a Windows update and noticed that the computer hasn't been able to update since 2010. The error code that I searched on google which is 80246008, in an old Microsoft forum post showed that this could be a sign of potential malware if you are unable to start the BITS service. I have already done multiple scans such as rkill, tsdkiller in safe mode. I also did a Malwarebytes scan with their techbench product as well as a scan with roguekiller and a Kaspersky scan. If it would help I can give more information on the details of those scans. However, I am still not able to start the BITS service so I am wondering if there is something hiding that is disguised so as not to be found by a scan. 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Brian (administrator) on BRIAN-PC (03-12-2015 15:41:48)
Running from C:\Users\Brian\Downloads
Loaded Profiles: Brian (Available Profiles: Brian & Mcx1-BRIAN-PC)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
() C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware Corp.) C:\Program Files\Alienware\Command Center\ThermalController.exe
(Spotify Ltd) C:\Users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Alienware Corp.) C:\Program Files\Alienware\Command Center\RemotingServiceController.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Alienware Corp.) C:\Program Files\Alienware\Command Center\DoorController.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AlienFX Controller] => C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [61256 2010-05-04] (Alienware Corporation)
HKLM\...\Run: [Thermal Controller] => C:\Program Files\Alienware\Command Center\ThermalController.exe [167736 2010-05-04] (Alienware Corp.)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [7021880 2015-12-01] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe [18240 2010-05-21] (Dell)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\AlienRespawn\toasterLauncher.exe [301888 2010-07-21] ()
HKU\S-1-5-21-1858993863-788333597-1892198121-1001\...\Run: [Spotify Web Helper] => C:\Users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-29] (Spotify Ltd)
HKU\S-1-5-21-1858993863-788333597-1892198121-1001\...\Run: [Spotify] => C:\Users\Brian\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-29] (Spotify Ltd)
HKU\S-1-5-21-1858993863-788333597-1892198121-1001\...\MountPoints2: {5781d786-889e-11e0-b926-a4badbfcd6d3} - J:\LaunchU3.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-12-01] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
Tcpip\..\Interfaces\{55493621-C720-4DA9-ADFD-399736DFAD71}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1858993863-788333597-1892198121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.alienware.com/
HKU\S-1-5-21-1858993863-788333597-1892198121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienware.com/
HKU\S-1-5-21-1858993863-788333597-1892198121-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://support.alienware.com
HKU\S-1-5-21-1858993863-788333597-1892198121-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-12-01] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-12-01] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll [2009-11-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll [2009-11-16] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-09-07] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-09-07] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-09-07] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-09-07] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\p5a50mz0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll [2009-11-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2009-02-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-11] (Apple Inc.)
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015-12-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-09-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF Extension: MSN Toolbar - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2010-09-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-09-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2015-12-01]
FF HKU\S-1-5-21-1858993863-788333597-1892198121-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (MSN® Toolbar) - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll => No File
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-23]
CHR Extension: (Google Docs) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-23]
CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (YouTube) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Google Sheets) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-23]
CHR Extension: (Google Docs Offline) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]
CHR Extension: (Gmail) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-12-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [226440 2015-12-01] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-08-11] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-08-11] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-07-27] (Creative Technology Ltd) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S3 BITS; %SystemRoot%\System32\qmgr.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-01] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-01] (AVAST Software)
R3 AWOPFilterDriver; C:\Windows\system32\drivers\AWOPFilterDriver.sys [19464 2010-08-11] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2009-07-29] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2009-07-29] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2009-07-29] (Silicon Image, Inc)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36608 2015-12-02] ()
R3 V0710Vid; C:\Windows\System32\DRIVERS\V0710Vid.sys [393568 2010-09-12] (Creative Technology Ltd.)
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-03 15:41 - 2015-12-03 15:42 - 00024050 _____ C:\Users\Brian\Downloads\FRST.txt
2015-12-03 15:40 - 2015-12-03 15:41 - 00000000 ____D C:\FRST
2015-12-03 15:40 - 2015-12-03 15:40 - 02350080 _____ (Farbar) C:\Users\Brian\Downloads\FRST64.exe
2015-12-03 15:30 - 2015-12-03 15:30 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 15:30 - 2015-12-03 15:30 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-02 17:45 - 2015-12-02 17:45 - 00985600 _____ C:\Users\Brian\Downloads\MicrosoftFixit50123.msi
2015-12-02 14:40 - 2015-12-02 14:42 - 00211562 _____ C:\TDSSKiller.3.1.0.7_02.12.2015_14.40.01_log.txt
2015-12-02 14:34 - 2015-12-02 14:35 - 96059048 _____ (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\KVRT.exe
2015-12-02 14:33 - 2015-12-02 17:29 - 00000000 ____D C:\KVRT_Data
2015-12-02 14:26 - 2015-12-02 14:28 - 00211128 _____ C:\TDSSKiller.3.1.0.7_02.12.2015_14.26.23_log.txt
2015-12-02 14:21 - 2015-12-02 14:36 - 00203902 _____ C:\Windows\ntbtlog.txt
2015-12-02 13:39 - 2015-12-02 13:40 - 25023048 _____ C:\Users\Brian\Downloads\RogueKillerX64.exe
2015-12-02 13:37 - 2015-12-02 13:40 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-02 13:37 - 2015-12-02 13:37 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-02 12:59 - 2015-12-02 12:59 - 00208048 _____ C:\TDSSKiller.3.1.0.7_02.12.2015_12.59.21_log.txt
2015-12-02 12:58 - 2015-12-02 12:58 - 04376463 _____ C:\Users\Brian\Downloads\tdsskiller.zip
2015-12-02 12:58 - 2015-12-02 12:58 - 00000364 _____ C:\TDSSKiller.3.1.0.5_02.12.2015_12.58.40_log.txt
2015-12-02 12:57 - 2015-12-02 14:25 - 00002554 _____ C:\Users\Brian\Desktop\Rkill.txt
2015-12-02 12:55 - 2015-12-02 12:55 - 00222650 _____ C:\Users\Brian\Documents\windows could not start the Background intelligent transfer service on - Microsoft Community.pdf
2015-12-02 10:46 - 2015-12-02 10:49 - 00000000 ____D C:\ProgramData\SecTaskMan
2015-12-02 10:46 - 2015-12-02 10:46 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-12-02 10:46 - 2015-12-02 10:46 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2015-12-02 10:45 - 2015-12-02 10:45 - 02836520 _____ C:\Users\Brian\Downloads\SecurityTaskManager_Setup.exe
2015-12-02 10:40 - 2015-12-02 10:40 - 00084506 _____ C:\Users\Brian\Documents\cc registry backup.reg
2015-12-02 10:36 - 2015-12-02 10:36 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-02 10:36 - 2015-12-02 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-02 10:36 - 2015-12-02 10:36 - 00000000 ____D C:\Program Files\CCleaner
2015-12-02 10:34 - 2015-12-02 10:34 - 06801752 _____ (Piriform Ltd) C:\Users\Brian\Downloads\ccsetup512.exe
2015-12-01 21:34 - 2015-12-01 21:34 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-01 20:34 - 2015-12-01 20:34 - 00000000 _____ C:\Windows\SysWOW64\RENA6B9.tmp
2015-12-01 20:32 - 2015-12-01 20:33 - 00000000 ____D C:\Users\Brian\.oracle_jre_usage
2015-12-01 20:32 - 2015-12-01 20:32 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Sun
2015-12-01 20:31 - 2015-12-01 20:31 - 00003230 _____ C:\Windows\System32\Tasks\{3E0A0AD6-418C-47D0-AE35-8D1C4F7738CF}
2015-12-01 20:29 - 2015-12-01 20:29 - 00000000 ____D C:\Users\Brian\AppData\LocalLow\Oracle
2015-12-01 20:20 - 2015-12-01 20:19 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-01 20:19 - 2015-12-01 20:19 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-01 20:18 - 2015-12-01 20:18 - 00000000 ____D C:\Windows\pss
2015-11-30 20:48 - 2015-11-30 20:49 - 00000000 ____D C:\Users\Brian\Documents\carthage school work
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-03 15:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-03 15:31 - 2009-07-13 22:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-03 15:31 - 2009-07-13 22:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-03 15:28 - 2009-07-13 23:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-03 15:28 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-03 15:25 - 2013-05-16 22:17 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Spotify
2015-12-03 15:25 - 2012-07-21 14:54 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-03 15:24 - 2010-08-19 20:05 - 00000000 ____D C:\Users\Brian\AppData\Local\SoftThinks
2015-12-03 15:24 - 2010-08-11 20:01 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2015-12-03 15:23 - 2012-07-21 17:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 15:23 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-02 10:39 - 2012-04-28 01:57 - 00000000 ____D C:\Windows\Minidump
2015-12-02 10:39 - 2011-06-19 15:37 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Skype
2015-12-02 10:39 - 2010-08-28 17:17 - 00000000 ___DC C:\Users\Brian\AppData\Local\MigWiz
2015-12-02 10:39 - 2010-08-11 22:06 - 00000000 ____D C:\Windows\Panther
2015-12-01 21:34 - 2010-08-19 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-12-01 21:34 - 2010-08-19 20:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-12-01 20:34 - 2014-02-25 22:51 - 00000000 ____D C:\ProgramData\Oracle
2015-12-01 20:34 - 2014-02-25 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-01 20:34 - 2010-08-11 19:42 - 00000000 ____D C:\Program Files\Java
2015-12-01 20:34 - 2010-08-11 19:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-01 20:33 - 2015-05-07 16:36 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-12-01 20:32 - 2010-08-19 20:05 - 00000000 ____D C:\Users\Brian
2015-12-01 20:19 - 2014-04-24 22:22 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-01 20:19 - 2014-01-17 18:33 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-01 20:19 - 2013-04-14 22:00 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-01 20:19 - 2013-04-14 22:00 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-01 20:19 - 2012-07-21 14:54 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-01 20:19 - 2011-06-29 21:22 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-01 20:19 - 2010-08-19 20:15 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-01 20:19 - 2010-08-19 20:15 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-01 20:15 - 2010-09-05 11:34 - 00000000 ____D C:\Windows\system32\appmgmt
2015-12-01 20:14 - 2010-09-05 11:55 - 00000000 ____D C:\ProgramData\Symantec
2015-12-01 20:11 - 2012-07-21 17:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 20:11 - 2012-07-21 17:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 20:11 - 2012-07-21 17:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-30 20:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-30 20:39 - 2013-05-12 19:44 - 00000000 ____D C:\Users\Brian\notes
 
==================== Files in the root of some directories =======
 
2010-09-07 23:44 - 2013-02-27 02:23 - 0015360 _____ () C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-13 13:56 - 2011-07-13 13:56 - 0007605 _____ () C:\Users\Brian\AppData\Local\Resmon.ResmonCfg
2010-09-04 20:43 - 2014-03-11 21:41 - 0002561 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Brian\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Brian\AppData\Local\Temp\jre-8u66-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-02 00:43
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Brian (2015-12-03 15:42:26)
Running from C:\Users\Brian\Downloads
Windows 7 Ultimate (X64) (2010-08-20 02:05:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1858993863-788333597-1892198121-500 - Administrator - Disabled)
Brian (S-1-5-21-1858993863-788333597-1892198121-1001 - Administrator - Enabled) => C:\Users\Brian
Guest (S-1-5-21-1858993863-788333597-1892198121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1858993863-788333597-1892198121-1002 - Limited - Enabled)
Mcx1-BRIAN-PC (S-1-5-21-1858993863-788333597-1892198121-1003 - Limited - Enabled) => C:\Users\Mcx1-BRIAN-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.48 - Alienware)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0918.2131 - )
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software)
Backyard Baseball 2001 (HKLM-x32\...\Backyard Baseball 2001) (Version: - )
Banctec Service Agreement (HKLM-x32\...\{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Management Programs (HKLM\...\{688758A2-8520-4470-8FA6-765BAC86FC53}) (Version: 12.53.01 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C5100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c5100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Command Center (HKLM-x32\...\InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}) (Version: 2.5.52.0 - Alienware Corp.)
Command Center (Version: 2.5.52.0 - Alienware Corp.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Great Plains Managerial Accounting 6.0 (HKLM-x32\...\Great Plains Managerial Accounting 6.0) (Version: - )
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN Toolbar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0357.1 - Microsoft Corporation)
MSN Toolbar Platform (x32 Version: 4.0.0357.1 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{e0ce0117-038c-4390-81fb-02ecf9453518}) (Version: - Nero AG)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Rocketfish HD Webcam Lite (1.00.03.00) (HKLM\...\Rocketfish VF0710) (Version: - Rocketfish)
Rocketfish Live! Central (HKLM-x32\...\Rocketfish Live! Central) (Version: 2.00.59 - Creative Technology Ltd)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Security Task Manager 2.1e (HKLM-x32\...\Security Task Manager) (Version: 2.1e - Neuber Software)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skins (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-1858993863-788333597-1892198121-1001\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VBA (2720) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-08-2015 20:38:28 Scheduled Checkpoint
11-09-2015 19:12:57 Scheduled Checkpoint
26-09-2015 00:44:05 Scheduled Checkpoint
01-12-2015 20:12:55 Removed Symantec AntiVirus Win64.
02-12-2015 17:46:10 Installed Microsoft Fix it 50123

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A20B7C-D227-4057-BCA2-EA8DE13EDA20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {064885BB-3236-4377-838C-9B47D8751019} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {28D35967-FC70-4028-9316-0AC828180941} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {44DE48B4-9AD8-4C0B-AF61-AF74E86124BD} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-12-01] (AVAST Software)
Task: {777B58D7-AE8C-481F-9CAF-52FDCE3A1222} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {7A4DD9FD-D174-49BA-97E2-885FA000F525} - System32\Tasks\{58E325EA-FF56-42E6-AC74-CC3BF4D29869} => pcalua.exe -a "C:\Program Files\Alwil Software\Avast5\aswRunDll.exe" -c "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Task: {8F3709B2-3355-4C19-BF7B-FCB707C481E6} - System32\Tasks\{B17A4A91-1D39-4542-901D-E4DF76F4E77C} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {9801A3FD-1F15-4F96-AE81-3F57CE1C007C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {B2089C66-5D0C-486C-8F22-B959E322A911} - System32\Tasks\{3E0A0AD6-418C-47D0-AE35-8D1C4F7738CF} => pcalua.exe -a C:\Users\Brian\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {D0060EB1-B89E-44B5-A127-0B28BEE25A9C} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-BRIAN-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-11 20:01 - 2010-07-21 09:36 - 00783680 _____ () C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
2010-08-11 20:01 - 2010-07-21 09:37 - 00341312 _____ () C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
2010-08-11 19:52 - 2010-08-11 19:52 - 00037712 _____ () C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.90.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
2010-08-11 19:52 - 2010-08-11 19:52 - 00075056 _____ () C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.90.0__bebb3c8816410241\AlienLabsTools.dll
2008-11-18 11:00 - 2008-11-18 11:00 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-11 20:00 - 2010-08-11 20:00 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-12-01 20:19 - 2015-12-01 20:19 - 00103888 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-12-01 20:19 - 2015-12-01 20:19 - 00125512 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2015-12-02 10:30 - 2015-12-02 10:30 - 02813440 _____ () C:\Program Files\Alwil Software\Avast5\defs\15120201\algo.dll
2015-12-01 20:19 - 2015-12-01 20:19 - 00469008 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
2015-12-03 15:26 - 2015-12-03 15:26 - 02802176 _____ () C:\Program Files\Alwil Software\Avast5\defs\15120301\algo.dll
2010-08-11 20:01 - 2010-07-21 09:33 - 00058688 _____ () C:\Program Files (x86)\AlienRespawn\STCoreXml.dll
2010-08-11 20:01 - 2010-07-21 09:33 - 00116032 _____ () C:\Program Files (x86)\AlienRespawn\PSTVdsDisk.dll
2010-08-11 20:01 - 2010-07-21 09:33 - 00128320 _____ () C:\Program Files (x86)\AlienRespawn\STLog.dll
2010-08-11 20:01 - 2010-07-21 09:33 - 01123648 _____ () C:\Program Files (x86)\AlienRespawn\LibXml2.dll
2010-08-11 20:01 - 2010-07-21 09:34 - 00079168 _____ () C:\Program Files (x86)\AlienRespawn\zlib1.dll
2010-08-11 20:01 - 2010-07-21 09:33 - 00234816 _____ () C:\Program Files (x86)\AlienRespawn\STFiles.dll
2010-08-11 20:01 - 2010-07-21 09:34 - 00075072 _____ () C:\Program Files (x86)\AlienRespawn\STRegistry.dll
2010-08-11 20:01 - 2010-07-21 09:33 - 00111936 _____ () C:\Program Files (x86)\AlienRespawn\STPE.dll
2010-08-11 20:01 - 2010-07-21 09:33 - 00121152 _____ () C:\Program Files (x86)\AlienRespawn\STNLS.dll
2010-08-11 20:01 - 2010-07-23 15:36 - 00025920 _____ () C:\Program Files (x86)\AlienRespawn\SftBRCCPiped.dll
2010-08-11 20:01 - 2010-07-21 09:33 - 00025920 _____ () C:\Program Files (x86)\AlienRespawn\STBRCCServCLR.dll
2010-08-11 19:52 - 2010-08-11 19:52 - 00024896 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.90.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
2010-08-11 19:52 - 2010-08-11 19:52 - 00011584 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.90.0__bebb3c8816410241\AlienFX.Communication.dll
2010-08-11 19:52 - 2010-08-11 19:52 - 00024904 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.90.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
2010-08-11 19:52 - 2010-08-11 19:52 - 00028496 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
2010-08-11 19:52 - 2010-08-11 19:52 - 00027984 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
2010-08-11 19:52 - 2010-08-11 19:52 - 00036688 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
2010-08-11 19:52 - 2010-08-11 19:52 - 00019792 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
2010-08-11 19:52 - 2010-08-11 19:52 - 00036688 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
2010-08-11 19:52 - 2010-08-11 19:52 - 00037200 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.90.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
2010-08-11 19:52 - 2010-08-11 19:52 - 00017224 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.90.0__bebb3c8816410241\AlienFX.Communication.Core.dll
2010-08-11 19:57 - 2009-12-29 15:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2010-08-11 19:57 - 2010-01-12 14:36 - 00177664 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2010-08-11 19:57 - 2009-07-27 00:50 - 00148992 _____ () C:\Windows\SysWOW64\OemSpiE.dll
2015-12-01 20:19 - 2015-12-01 20:19 - 40539648 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2015-11-30 20:30 - 2015-11-06 22:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-30 20:30 - 2015-11-06 22:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2010-08-20 13:13 - 2010-08-20 13:13 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\be6fde9e4dbe4483b2d9882741988b89\IsdiInterop.ni.dll
2010-08-11 19:54 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-11-30 20:30 - 2015-11-06 22:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31029774.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\50946220.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31029774.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\50946220.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1858993863-788333597-1892198121-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Rocket Live! Central 2 => "C:\Program Files (x86)\Rocketfish HD Webcam Lite\Live! Central\RFLVCentral2.exe" /mode2
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: V0710Mon.exe => C:\Windows\V0710Mon.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{31CAFC77-00CC-48AE-8FB4-AC853019AE1D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{CBF18C4D-29B1-4F5F-83D6-642B81441112}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{1E92753D-CB8A-4FA6-8A9C-BD19EA7E1BF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{42893600-A03D-43B0-8334-A3DC5C7528F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6AD08172-716D-4AD3-81B8-D4C18548854B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{7A4614B4-53CA-4347-A271-96321A271E5A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{2EBFE445-3C33-4F8D-952F-D4B6A762F08E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{A628730F-1CB3-4F2D-9B6C-5837B11FB25C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E6B87876-DCA9-4DD6-9FE2-8A0B59DE8915}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{CE8A4455-D304-4F3F-825C-540FB50913D4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{556C26FE-6C36-4244-8A80-0FA11E83500B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{9381C595-2BEA-4BA5-9E47-A89331BD1B71}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{89B1A078-7CA7-4EC5-9317-5FC6BC0A7618}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{0C563318-D22B-4684-AAD4-58A72FD167BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{92E1D821-EF6F-45A4-BA8F-1F50CE478B69}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{38F363E7-C1C3-43FA-B1B9-7B65B3786243}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{244BC210-BB8D-41B1-B7C3-016B68A175BB}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{F097D673-691D-48E4-B064-F92A4B90C720}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{CB57CCBF-9634-4985-8D8D-2D1CD98513BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{B8798169-D0D4-49E2-BDF9-8E50B35319DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{518CCDD5-59CD-46A1-97EC-A1505FCAF157}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{D7DF00D8-14C9-49B4-A9F5-7CE9F80C49CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{A8D1CA89-5D6E-4E73-BA22-D31CAC4DFE46}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{7595CBFE-6884-4A39-B0A2-E943FB98BEAA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{85B98C59-6229-4CA3-9691-73DB5091C58F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{8AECF51F-5DCA-4A41-813E-A004022D11BE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{13B1E87E-DA7F-46D0-B8E9-39E19EA646D2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{D77FC8A7-9DE5-4CA2-AA88-824D73E1E5D1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{E530A2D9-06DC-482F-86AF-E48499481D53}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{15F88393-3129-491F-BFF6-281FDF131C41}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{73A95248-1D2F-4071-9697-EBD44F68C14E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8F4AA901-C7A6-4CA7-9CF0-8FE7EDDAA33F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E32928D-2A15-47B8-94DF-AB563B71EC79}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{9BCB381E-46F7-42AE-85D7-638509394B0E}C:\users\brian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BD681B69-5833-4DDB-852F-0A75DDEFE494}C:\users\brian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6F62B093-DB58-4BDC-AB32-8305F5FA0AEF}C:\users\brian\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6464C5EE-FA32-4C11-8A6B-73153C71CBAE}C:\users\brian\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\brian\appdata\roaming\spotify\spotify.exe
FirewallRules: [{87965AFD-1C8A-49C4-8411-6BFB4622642A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E7CFAD2F-B0BF-4841-BA90-A90FDAC089B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart C4380 series
Description: Photosmart C4380 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart C4380 series
Description: Photosmart C4380 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart C4380 series
Description: Photosmart C4380 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart C4380 series
Description: Photosmart C4380 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart C5100 series
Description: Photosmart C5100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1102w
Description: HP LaserJet Professional P1102w
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Photosmart C5100 series
Description: Photosmart C5100 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart C4380 series
Description: Photosmart C4380 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet 3000 J310 series
Description: Deskjet 3000 J310 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP LaserJet Professional P1102w
Description: HP LaserJet Professional P1102w
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2015 05:46:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary D3F1744D.

System Error:
The system cannot find the file specified.
.

Error: (12/01/2015 08:16:39 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: Brian-PC)
Description: errorFailed unregistering service.

Error: (11/30/2015 09:50:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.
.

Error: (11/30/2015 09:50:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.
.

Error: (11/30/2015 09:50:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.
.

Error: (11/30/2015 09:49:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: The specified server cannot perform the requested operation.
.

Error: (11/30/2015 09:49:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.

Error: (11/30/2015 09:49:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: The specified server cannot perform the requested operation.
.

Error: (11/30/2015 09:49:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.

Error: (11/30/2015 09:49:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.
.


System errors:
=============
Error: (12/03/2015 03:42:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BITS service terminated with the following error:
%%126

Error: (12/03/2015 03:42:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BITS service terminated with the following error:
%%126

Error: (12/03/2015 03:41:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BITS service terminated with the following error:
%%126

Error: (12/03/2015 03:41:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BITS service terminated with the following error:
%%126

Error: (12/03/2015 03:40:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BITS service terminated with the following error:
%%126

Error: (12/03/2015 03:40:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BITS service terminated with the following error:
%%126

Error: (12/03/2015 03:39:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BITS service terminated with the following error:
%%126

Error: (12/03/2015 03:39:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BITS service terminated with the following error:
%%126

Error: (12/03/2015 03:38:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BITS service terminated with the following error:
%%126

Error: (12/03/2015 03:38:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BITS service terminated with the following error:
%%126


CodeIntegrity:
===================================
Date: 2015-12-02 13:40:41.628
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-02 13:40:41.604
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 27%
Total physical RAM: 9206.93 MB
Available physical RAM: 6634.56 MB
Total Virtual: 18412 MB
Available Virtual: 15138.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:923.45 GB) (Free:135.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C796C701)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=923.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 06 December 2015 - 09:54 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:26 AM

Posted 06 December 2015 - 10:05 PM

Greetings huntsin2 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Sometimes Windows Update issues are difficult to resolve and it is necessary to go directly to Microsoft for assistance. However, we will see what we can do.

Please run the following for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll => No File
S3 BITS; %SystemRoot%\System32\qmgr.dll [X]
2015-12-01 20:34 - 2015-12-01 20:34 - 00000000 _____ C:\Windows\SysWOW64\RENA6B9.tmp
2015-12-01 20:31 - 2015-12-01 20:31 - 00003230 _____ C:\Windows\System32\Tasks\{3E0A0AD6-418C-47D0-AE35-8D1C4F7738CF}
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
qmgr.dll
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Search log
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 07 December 2015 - 03:07 PM

 
Hi Gary, my name is Mark. Thank you for offering to help.
 
---------------------------------------------------------------------------------------
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Brian (2015-12-07 13:57:36) Run:1
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian (Available Profiles: Brian & Mcx1-BRIAN-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll => No File
S3 BITS; %SystemRoot%\System32\qmgr.dll [X]
2015-12-01 20:34 - 2015-12-01 20:34 - 00000000 _____ C:\Windows\SysWOW64\RENA6B9.tmp
2015-12-01 20:31 - 2015-12-01 20:31 - 00003230 _____ C:\Windows\System32\Tasks\{3E0A0AD6-418C-47D0-AE35-8D1C4F7738CF}
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll => not found.
BITS => service removed successfully
C:\Windows\SysWOW64\RENA6B9.tmp => moved successfully
C:\Windows\System32\Tasks\{3E0A0AD6-418C-47D0-AE35-8D1C4F7738CF} => moved successfully
 
==== End of Fixlog 13:57:36 ====
 
---------------------------------------------------------------------------------------------------------------------------------------
 
Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Brian (2015-12-07 14:00:38)
Running from C:\Users\Brian\Desktop
Boot Mode: Normal
 
================== Search Files: "qmgr.dll" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
[2009-07-13 17:46][2009-07-13 19:41] 0848384 ____A (Microsoft Corporation) 7F0C323FE3DA28AA4AA1BDA3F575707F [File is digitally signed]
 
====== End of Search ======
 
-----------------------------------------------------------------------------------------------------------------------------------------
 
Farbar Service Scanner Version: 10-06-2014
Ran by Brian (administrator) on 07-12-2015 at 14:04:05
Running from "C:\Users\Brian\Desktop"
Microsoft Windows 7 Ultimate   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
 
ATTENTION!=====> C:\Windows\System32\qmgr.dll FILE IS MISSING AND SHOULD BE RESTORED.
 
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:26 AM

Posted 07 December 2015 - 03:13 PM

Hi Mark,

Nice to meet you. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
cmd: copy C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll C:\Windows\System32
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Manually Importing an Attached Registry Key (.reg) File

-------------------
  • Download bits.reg to your desktop
  • Right click on the file and select Merge
  • Once you receive confirmation the information was successfully merged reboot your computer
  • Attempt to launch Windows Update
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does Windows Update work properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 07 December 2015 - 04:48 PM

 
Hi Gary, 
 
--------------------------------------------------------------------------------------
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Brian (2015-12-07 15:06:37) Run:2
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian (Available Profiles: Brian & Mcx1-BRIAN-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
cmd: copy C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll C:\Windows\System32
*****************
 
 
=========  copy C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll C:\Windows\System32 =========
 
        1 file(s) copied.
 
========= End of CMD: =========
 
 
==== End of Fixlog 15:06:38 ====
 
-------------------------------------------------------------------------------------------------------------------------------------------
Part way through attempting to install updates I had a blue screen error. Below is a copy of the error message.
 
Problem signature:
  Problem Event Name: BlueScreen
  OS Version: 6.1.7600.2.0.0.256.1
  Locale ID: 1033
 
Additional information about the problem:
  BCCode: 116
  BCP1: FFFFFA800AC74010
  BCP2: FFFFF88006E4445C
  BCP3: 0000000000000000
  BCP4: 0000000000000002
  OS Version: 6_1_7600
  Service Pack: 0_0
  Product: 256_1
 
Files that help describe the problem:
  C:\Windows\Minidump\120715-29967-01.dmp
  C:\Users\Brian\AppData\Local\Temp\WER-120775-0.sysdata.xml
 
Read our privacy statement online:
 
If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt
 
---------------------------------------------------------------------------------------------------------------------
 
I also have another message that won't go away.
 
Toaster.exe Bad Image
C:\Windows\system32\aticfx32.dll is either not designed to run on Windows or it contains an error.
Try intsalling the program again using the original installation media or contact your system
administrator or the software vendor for support.
 
I have tried closing it in task manager but it just keeps popping up.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:26 AM

Posted 07 December 2015 - 06:11 PM

Is the message on a pop up screen and you can't close either one?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 07 December 2015 - 06:36 PM

The message about Toaster.exe finally closed, after I closed it around 20 times or more. The other message about the blue screen just came up after I rebooted the machine from having it shut down from the blue screen. It went away just fine.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:26 AM

Posted 07 December 2015 - 06:39 PM

OK, thanks for the detailed posts, it really helps.

Do you use Dell Data Safe Local Backup?

Please do this.

===================================================

Uploading Minidump File

--------------------
  • Using Windows Explorer please navigate to the following location(s):

C:\Windows\Minidump\120715-29967-01.dmp

  • Upload the file(s) here
  • I will be automatically notified when the file has been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Use Dell Backup?
  • Uploaded Minidump file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 07 December 2015 - 07:05 PM

I had to change the permissions but was able to finally upload it. The user of this computer does not use Dell Backup.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:26 AM

Posted 07 December 2015 - 07:34 PM

Thanks, the error is related to your video card. I would like to look at some additional computer information. Please do this.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 07 December 2015 - 08:53 PM

Hi Gary,

 

Thanks again for your continued help. Attached is the summary.

 

Sincerely,

 

Mark

Attached Files



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:26 AM

Posted 07 December 2015 - 09:04 PM

It is a team effort my friend. Unfortunately I can't open the file. That happens on occasion and I'm not sure why.

I really don't want to try the Windows Update again until we resolve this current issue. Windows Update problems can be a nightmare and there is no sense in risking even greater potential problems by having your computer crash in the middle of an update.

What is the manufacturer and model number of your computer?

Please do this. Since I don't have the computer information I can't list the exact video device but there should only be one entry under Display Adapters.

===================================================

Uninstalling/Reinstalling a Device Driver

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Display Adapters section by clicking + sign
  • Right click on the Dispaly entry, select Uninstall, then OK
  • Reboot your computer and your video drivers will be automatically reinstalled
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Computer information
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 07 December 2015 - 10:45 PM

Hi Gary,

 

Just a couple of things. I didn't see the display adapter driver installing so I went to shut down the computer thinking that installing the updates would help. As soon as I went to shut down I noticed that it said ATI graphics driver installed successfully. So the computer has been installing updates for about an hour now. I will send you the information about the computer in the next post. However, I probably won't be able to read or respond until about 4:30 central time tomorrow afternoon. 

 

How did you know that it would install after rebooting? 

 

and

 

I was looking at the services in the management console and I didn't see the BITS service in there anymore. Should that be the case?

 

Thanks again for your help thus far.

 

Sincerely,

 

Mark



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:26 AM

Posted 07 December 2015 - 11:00 PM

Hi Mark,

When the computer boots it looks for the necessary drivers to run the hardware. If they aren't installed the computer will install them automatically. That is the easiest first step to see if the issue is a corrupted driver.

BITS (Background Intelligent Transfer Service) should be running. If you run this it should tell you the status.

===================================================

Query Service Start State

-------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type cmd and press Enter
  • Type sc query bits and press Enter
  • The service state should be reported
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 huntsin2

huntsin2
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 08 December 2015 - 03:02 PM

 
Hi Gary,
 
Here is the summary page from msinfo32. Dell is the manufacturer. I have barely used the computer. Right now it is backing up some of the files to an external hard drive. But it seems about the same as far as speed. Maybe if I use it a little more I will be able to notice a speeed difference. Is uninstalling a driver like that only something a person should do if Windows update is working? Because before when Windows Update wasn't working the computer was having trouble installing drivers for a wireless usb device and external hard drive.
 
OS Name Microsoft Windows 7 Ultimate
Version 6.1.7600 Build 7600
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name BRIAN-PC
System Manufacturer Alienware
System Model Aurora
System Type x64-based PC
Processor Intel® Core™ i7 CPU         930  @ 2.80GHz, 2801 Mhz, 4 Core(s), 8 Logical Processor(s)
BIOS Version/Date Alienware A09, 4/27/2010
SMBIOS Version 2.5
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "6.1.7600.16385"
User Name Brian-PC\Brian
Time Zone Central Standard Time
Installed Physical Memory (RAM) 9.00 GB
Total Physical Memory 8.99 GB
Available Physical Memory 6.33 GB
Total Virtual Memory 18.0 GB
Available Virtual Memory 15.3 GB
Page File Space 8.99 GB
Page File C:\pagefile.sys
 
 
 
----------------------------------------------------------------------------------------------------------------
 
below are the results of the command prompt. I'm guessing bits is on a delayed start which from what I read it should be. Which is possibly why it didn't show up as running right away. But I still don't see it in the services section of computer management.
 
Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation.  All rights reserved.
 
C:\Users\Brian>sc query bits
 
SERVICE_NAME: bits
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
 
C:\Users\Brian>sc query bits
 
SERVICE_NAME: bits
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
 
C:\Users\Brian>sc query bits
 
SERVICE_NAME: bits
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
 
C:\Users\Brian>





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users