Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
I definitely need help with this
Options
Comments
-
found your problem
run FRST and post the log it gives you
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/The text that you have entered is too long (138850 characters). Please shorten it to 100000 characters long.0 -
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by user (2016-07-05 20:25:59)
Running from C:\Users\user\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-03-01 17:22:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3684883250-502440045-1445226648-500 - Administrator - Disabled)
Guest (S-1-5-21-3684883250-502440045-1445226648-501 - Limited - Disabled)
user (S-1-5-21-3684883250-502440045-1445226648-1000 - Administrator - Enabled) => C:\Users\user
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3d9e0476-943f-4962-99dc-b9c937a43840}) (Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.2.0.20046 - Avira Operations GmbH & Co. KG)
Brother MFL-Pro Suite MFC-6490CW (HKLM-x32\...\{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Host Service (HKU\S-1-5-21-3684883250-502440045-1445226648-1000\...\Host Service) (Version: - ) <==== ATTENTION
Host Service (HKU\S-1-5-21-3684883250-502440045-1445226648-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Host Service) (Version: - ) <==== ATTENTION
IncrediMail (x32 Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.161 - MediatekWiFi)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Micro (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.20.0 - UpdatePack.nl)
NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA Update 17.12.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 17.12.8 - NVIDIA Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDFill FREE PDF Writer (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
ScanSoft PaperPort 11 (HKLM-x32\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {30F17558-2158-4072-8E8B-8C107F5679BE} - System32\Tasks\0216pitUpdateInfo => C:\ProgramData\Avg_Update_0216pit\0216pit_AVG-Secure-Search-Update.exe [2016-02-16] ()
Task: {84AC6CF8-B2B1-4443-9BEC-53E04A6E16C6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-03-01] ()
Task: {CBB28305-5640-4920-906A-178A66411C1F} - System32\Tasks\{5E2AA1F3-42EF-4B9D-AB51-C42A601CA68A} => pcalua.exe -a \install\mfc-6490cw\InstallManager.exe
Task: {F8FD89A6-8F9B-4018-B1F1-757426B26992} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\0216pitUpdateInfo.job => C:\ProgramData\Avg_Update_0216pit\0216pit_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\user\Documents\Personal\My Videos\DivX Movies\DivX Author – Create DivX Movies.lnk -> hxxp://go.divx.com/divx/windows/author/moviesfolder/en (No File)
Shortcut: C:\Users\user\Documents\Personal\My Videos\DivX Movies\DivX.com.lnk -> hxxp://go.divx.com/en (No File)
Shortcut: C:\Users\user\Documents\Personal\My Videos\DivX Movies\Enhance your video soundtracks.lnk -> hxxp://go.divx.com/divx/windows/player/dfx/en (No File)
Shortcut: C:\Users\user\Documents\Personal\My Videos\DivX Movies\Post DivX® video to your website.lnk -> hxxp://go.divx.com/publishvideo/en (No File)
==================== Loaded Modules (Whitelisted) ==============
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:38 - 2010-03-24 22:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-31 16:34 - 2014-08-31 16:34 - 00294912 _____ () C:\Users\user\AppData\Local\Host Service\nssm.exe
2016-05-17 13:44 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:17 - 2010-03-24 22:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-01-22 05:45 - 2016-01-22 05:45 - 00086528 _____ () C:\Users\user\AppData\Local\Host Service\mgwz.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [150]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3684883250-502440045-1445226648-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3684883250-502440045-1445226648-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mediatek Wireless Utility.lnk => C:\Windows\pss\Mediatek Wireless Utility.lnk.CommonStartup
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: Avira SystrayStartTrigger => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: HOST SERVICE => wscript "C:\Users\user\AppData\Local\Host Service\launchall.js"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IncrediMail => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{01713616-9A3F-4D73-967E-0DE745EA2D25}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe
FirewallRules: [{8A394C2F-A35B-4378-9A3D-4F084A6F00E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{423F2217-CA0A-49BB-9C15-F94FBC6D2C39}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E711EC73-DC79-4DD2-8809-3D551976276F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{37D4F0F6-5F7F-487E-8BC2-1230BA572F25}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{1C022F2C-751B-405A-BC07-CFDD57480506}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{4E0A830A-52E2-434E-9E84-07BC9D84B9C0}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{E0FB7FB1-4567-4AB9-9164-23D0C9525CA2}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{33293A5F-C086-400A-AF8B-A466AF0FA69D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{BA99FDB0-7E2C-4CB3-822F-BC5FF61C68DA}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{F6368F72-7480-4635-B88F-911A54D14905}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{F4A75DCF-B8A6-4BE3-B759-CC4250FC72E2}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{D1BAA2CB-5597-47A7-89FF-57CA3346967D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{AAEB411D-95FC-4F37-80A2-61B75F6EBF6E}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{9FE11BB4-B64D-49F3-985E-55FF0F92532F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{9ADA7186-B68D-417D-B52E-F526E0F6B4A2}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08g\FAXRX.exe
FirewallRules: [{7083977A-66C1-4FB3-B1AC-3266C3EDE912}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08g\FAXRX.exe
FirewallRules: [{1A1FD677-8730-4C91-B827-155E9BEF8BF7}] => (Allow) LPort=54925
FirewallRules: [{415F6D5D-9699-4B69-B483-40516B9BF44A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C198A7FF-66A1-4D4D-8728-7024A7B85549}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
==================== Restore Points =========================
01-07-2016 16:28:11 Windows Update
02-07-2016 12:41:32 Removed AVG
02-07-2016 12:47:26 Removed AVG 2016
02-07-2016 12:49:53 Windows Update
02-07-2016 13:12:24 Installed AVG 2016
02-07-2016 13:13:20 Installed AVG
02-07-2016 13:13:50 Windows Update
04-07-2016 16:25:39 Windows Update
04-07-2016 23:51:08 Removed AVG
04-07-2016 23:53:09 Removed AVG 2016
==================== Faulty Device Manager Devices =============
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/05/2016 11:10:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/04/2016 10:58:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/04/2016 04:04:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2016 01:50:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2016 12:58:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2016 12:39:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2016 12:38:28 PM) (Source: MediatekRegistryWriter64) (EventID: 0) (User: )
Description: MediatekRegistryWriter64 error: 1063StartServiceCtrlDispatcher failed.
Error: (07/02/2016 12:08:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2016 12:08:00 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
Error: (07/01/2016 04:21:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.1.7.0, time stamp: 0x56aac2ef
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x89c
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
System errors:
=============
Error: (07/04/2016 10:58:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
Error: (07/04/2016 10:58:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
Error: (07/04/2016 10:56:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\system32\RAIHV.dll
Error: (07/04/2016 10:56:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\system32\RAIHV.dll
Error: (07/04/2016 10:56:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\system32\RAIHV.dll
Error: (07/04/2016 10:56:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
Error: (07/04/2016 10:56:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
Error: (07/04/2016 10:56:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (07/04/2016 10:56:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (07/04/2016 10:56:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 45%
Total physical RAM: 3956.61 MB
Available physical RAM: 2161.81 MB
Total Virtual: 7911.4 MB
Available Virtual: 5259.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.76 GB) (Free:415.43 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3B2B3B2B)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================0 -
found your problem
run FRST and post the log it gives you
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/0 -
In relation to the first log that is too big/long to post here I was having a look at it and the bulk is taken up with what appears to be details of a bucket load of Windows updates from a week ago. I could delete the details of those first and post the remainder of the log here if thats any help.
Attach it as a text file, rather than post it.0 -
yeah attach it, need to see that file0
-
Advertisement
-
Here goes0
-
copy this into notepad, save it at fixlist.txt
CloseProcesses: CreateRestorePoint: C:\Users\user\AppData\Local\Host Service\nssm.exe () C:\Users\user\AppData\Local\Host Service\nssm.exe R2 dofilter; C:\Users\user\AppData\Local\Host Service\nssm.exe [294912 2014-08-31] () [File not signed] RemoveProxy: hosts: Emptytemp:
Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.
The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.0 -
copy this into notepad, save it at fixlist.txtRun FRST and click on the Fix button. Wait until finished.
Sorry about the stupid questions but Im not great at these things0 -
save it as fixlist.txt
you can use the frst you first downloaded, no need to re-download it. basically you are just re-opening it and running that fix i gave you0 -
save it as fixlist.txt
you can use the frst you first downloaded, no need to re-download it. basically you are just re-opening it and running that fix i gave you0 -
Advertisement
-
straight to fix0
-
I hope this worked as Avira blocked something or other and FRST was then showing as "not responding" but started to work again after a minute or so.
The generated log is reasonable short this time so I'll just copy it to here.
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Users\user\AppData\Local\Host Service\nssm.exe
() C:\Users\user\AppData\Local\Host Service\nssm.exe
R2 dofilter; C:\Users\user\AppData\Local\Host Service\nssm.exe [294912 2014-08-31] () [File not signed]
RemoveProxy:
hosts:
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
C:\Users\user\AppData\Local\Host Service\nssm.exe => moved successfully
C:\Users\user\AppData\Local\Host Service\nssm.exe => No running process found
dofilter => service removed successfully
========= RemoveProxy: =========
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3684883250-502440045-1445226648-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3684883250-502440045-1445226648-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14475486 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 4411588050 B
Edge => 0 B
Chrome => 0 B
Firefox => 302340129 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83391 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 91696 B
user => 869436575 B
RecycleBin => 679180343 B
EmptyTemp: => 5.8 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:59:59 ====0 -
you having the same problems now?0
-
you having the same problems now?
So taking all into account I'd say thats my problem sorted. What can I say other than a big thank you to yourself (and everyone here) for all the help and advice. It is very much appreciated
So in conclusion was it this dofilter thing that was responsible? Was it a virus or adware or what and how would it have got into the PC to start with? Just curious!0 -
this thing was responsible
C:\Users\user\AppData\Local\Host Service\nssm.exe
was actually some new virus and particularly tough. usually mbam can remove everything.
probably got in with torrenting/streaming, hard to say really0 -
Just one final question on a related matter. After one of the scans a couple of nights ago a couple of details were left on the desktop as shown by screen grab below. I was going to move them to a folder but got a message saying if they were moved windows or another programme may not work. I've opened and copied the content below. Will I need to leave these on the desktop?[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-217990 -
they are windows files that are usually hidden, want me to try find quick guide on how to re-hide them?0
-
-
go to Windows Explorer; click on Desktop. Go to Tools/Folder Options. Click View, and check "Hide protected operating system files" click apply and ok
have a look here if your stuck
http://www.digitalcitizen.life/why-are-there-two-desktopini-files-my-desktop-what-do-they-do0 -
go to Windows Explorer; click on Desktop. Go to Tools/Folder Options. Click View, and check "Hide protected operating system files" click apply and ok
have a look here if your stuck
http://www.digitalcitizen.life/why-are-there-two-desktopini-files-my-desktop-what-do-they-do
Once again, thanks a million for all the help.0 -
Advertisement
Advertisement