Jump to content

when i shutdown it says waiting for background programs to close.


Recommended Posts

hi when i shut down pc it says waiting for background programs to close but i did not open any programs.sometimes i see something written in yellow words " svchost program runnning " i couldnt fully read that . 

 

and another problem is that my pc screen blinks . it turns black and comes back . 

Link to post
Share on other sites

Lets get some logs to see if we can tell what's going on...

STEP 1

NOTE: If you have Win8/8.1 Skip Step 1 and go to Step 2 as DDS does not work on Win8/8.1

Please run the DDS scanner and send back both logs as attachments to your next reply.

Download DDS from one of the locations below and save it to your Desktop:

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include both of the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.
STEP 2

Please run mbam-check and send back the log as an attachment to your next reply.

  • Download mbam-check.exe from HERE and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post; instead please attach to your next reply the CheckResults.txt log file which should now be located on your desktop.
STEP 3

Please run the FRST tool and send back both logs as attachments to your next reply.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system - that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your next reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your next reply.
Link to post
Share on other sites

hi firefox , thanks for your assistance.  heres the logs,

 

dds:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7601.17514
Run by archer at 21:37:03 on 2014-05-27
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2036.1019 [GMT 5.5:30]
.
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Disabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
uRun: [bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
uRun: [bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
uRun: [bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
dRun: [bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
StartupFolder: c:\users\archer\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{718F1497-2389-43D3-A92F-456B4DC3ADE6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{81E319DB-35A7-4063-8BB6-64FDDAB4D11A} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2008.2\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2014-4-6 778032]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2014-4-17 165744]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2014-4-18 77632]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2014-4-17 90704]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2014-4-6 72704]
R2 hmip;hmip;c:\windows\system32\drivers\hmip.sys [2014-5-18 25448]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]
R2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-5-7 74456]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-7 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-7 860472]
R2 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2014-4-6 81704]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2014-4-17 54424]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2014-4-6 242504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-5-7 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-7 110296]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-1-10 322664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2014-4-6 516936]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf_pc.sys [2014-4-18 108008]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2014-4-6 66832]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-5-7 51928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-11-4 15872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-4 52224]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2014-4-18 69880]
.
=============== Created Last 30 ================
.
2014-05-25 04:14:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-05-25 04:14:45 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-05-18 11:09:04 -------- d-----w- c:\windows\system32\catroot2
2014-05-18 11:00:30 -------- d-----w- c:\windows\system32\wbem\repository
2014-05-18 10:41:32 -------- d-----w- c:\windows\system32\wbem\repository.005
2014-05-18 08:34:36 25448 ----a-w- c:\windows\system32\drivers\hmip.sys
2014-05-14 17:12:28 -------- d-----w- c:\users\archer\appdata\roaming\Autodesk
2014-05-07 14:47:20 -------- d-----w- c:\program files\Speccy
2014-05-07 14:05:45 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-07 14:05:30 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-07 14:05:30 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-07 14:05:28 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-07 14:05:28 -------- d-----w- c:\programdata\Malwarebytes
2014-05-07 14:05:28 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-03 16:06:26 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-02 16:06:49 -------- d-----w- c:\windows\system32\wbem\repository.004
2014-05-02 15:37:50 -------- d-----w- c:\windows\system32\wbem\repository.003
.
==================== Find3M  ====================
.
2014-04-17 17:07:48 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-17 17:07:48 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 21:37:24.80 ===============
 
 
 
FRST:  
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by archer (administrator) on ARCHER-PC on 27-05-2014 21:38:53
Running from C:\Users\archer\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8419872 2010-01-05] (Realtek Semiconductor)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1835288 2014-05-22] (Bitdefender)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482904 2014-05-22] (Bitdefender)
HKU\.DEFAULT\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-05-22] (Bitdefender)
HKU\.DEFAULT\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [614744 2014-05-22] (Bitdefender)
HKU\S-1-5-21-791766065-433915511-1414143919-1000\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482904 2014-05-22] (Bitdefender)
HKU\S-1-5-21-791766065-433915511-1414143919-1000\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [614744 2014-05-22] (Bitdefender)
HKU\S-1-5-21-791766065-433915511-1414143919-1000\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-05-22] (Bitdefender)
Startup: C:\Users\archer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42ABA7D44318CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-in
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman\ []
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-04-18]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\archer\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\archer\AppData\Roaming\IDM\idmmzcc5 [2013-11-04]
 
Chrome: 
=======
CHR StartupUrls: "https://www.google.co.in/"
CHR Extension: (Google Docs) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-04]
CHR Extension: (Google Drive) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-04]
CHR Extension: (Google Search) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-04]
CHR Extension: (Google Wallet) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02]
CHR Extension: (Gmail) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-04]
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2014-04-17]
CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-04-17]
 
========================== Services (Whitelisted) =================
 
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-03-15] (Bitdefender)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-05] (Malwarebytes Corporation)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-03-15] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1251296 2014-05-22] (Bitdefender)
 
==================== Drivers (Whitelisted) ====================
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [778032 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [516936 2013-12-02] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-05-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-04] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
R2 hmip; C:\Windows\system32\Drivers\hmip.sys [25448 2013-06-19] (Hide My IP)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [74456 2014-05-05] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-05] (Malwarebytes Corporation)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-08-07] (BitDefender S.R.L.)
S3 catchme; \??\C:\Users\archer\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 TEAM; system32\DRIVERS\RtTeam60.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\archer\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-27 21:38 - 2014-05-27 21:39 - 00011017 _____ () C:\Users\archer\Desktop\FRST.txt
2014-05-27 21:38 - 2014-05-27 21:38 - 00000000 ____D () C:\FRST
2014-05-27 21:37 - 2014-05-27 21:37 - 00045143 _____ () C:\Users\archer\Desktop\CheckResults.txt
2014-05-27 21:37 - 2014-05-27 21:37 - 00010765 _____ () C:\Users\archer\Desktop\dds.txt
2014-05-27 21:37 - 2014-05-27 21:37 - 00004712 _____ () C:\Users\archer\Desktop\attach.txt
2014-05-27 21:33 - 2014-05-27 21:33 - 01056256 _____ (Farbar) C:\Users\archer\Desktop\FRST.exe
2014-05-27 21:32 - 2014-05-27 21:32 - 01673896 _____ (Malwarebytes Corporation) C:\Users\archer\Desktop\mbam-check-2.1.0.0002.exe
2014-05-27 21:30 - 2014-05-27 21:30 - 00688992 ____R (Swearware) C:\Users\archer\Desktop\dds.scr
2014-05-27 20:57 - 2014-05-27 20:57 - 00000056 _____ () C:\Windows\setupact.log
2014-05-27 20:57 - 2014-05-27 20:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-25 12:23 - 2014-05-25 12:23 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-25 12:23 - 2014-05-25 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-25 12:08 - 2014-05-25 12:08 - 00918672 _____ (Google Inc.) C:\Users\archer\Downloads\ChromeSetup.exe
2014-05-25 11:59 - 2014-05-25 11:59 - 00000079 _____ () C:\Windows\wininit.ini
2014-05-25 10:49 - 2014-05-18 16:33 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts.20140525-104946.backup
2014-05-25 09:44 - 2014-05-25 12:00 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-25 09:44 - 2014-05-25 11:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-18 14:04 - 2014-05-18 16:48 - 00006728 _____ () C:\Windows\system32\HideMyIpSRV.ini
2014-05-18 14:04 - 2014-05-18 16:48 - 00003512 _____ () C:\Windows\system32\HideMyIpSRVOff.ini
2014-05-18 14:04 - 2013-06-19 17:26 - 00025448 _____ (Hide My IP) C:\Windows\system32\Drivers\hmip.sys
2014-05-18 12:12 - 2014-05-18 12:25 - 00000000 ____D () C:\Users\archer\Downloads\civil question papers
2014-05-14 22:42 - 2014-05-14 22:42 - 00000000 ____D () C:\Users\archer\AppData\Roaming\Autodesk
2014-05-14 22:42 - 2014-05-14 22:42 - 00000000 ____D () C:\ProgramData\Autodesk
2014-05-07 20:17 - 2014-05-07 20:17 - 00000937 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-05-07 20:17 - 2014-05-07 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-05-07 20:17 - 2014-05-07 20:17 - 00000000 ____D () C:\Program Files\Speccy
2014-05-07 19:35 - 2014-05-27 21:06 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-07 19:35 - 2014-05-07 19:35 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-07 19:35 - 2014-05-07 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-07 19:35 - 2014-05-07 19:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-07 19:35 - 2014-05-07 19:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-07 19:35 - 2014-05-05 13:23 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-07 19:35 - 2014-05-05 13:23 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-07 19:35 - 2014-05-05 13:23 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-02 22:01 - 2014-05-02 22:16 - 00015314 _____ () C:\Users\archer\Downloads\26 apr to 2 may.xlsx
2014-05-02 20:34 - 2014-05-02 20:34 - 00002117 _____ () C:\Users\archer\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-05-02 20:33 - 2014-05-02 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
 
==================== One Month Modified Files and Folders =======
 
2014-05-27 21:39 - 2014-05-27 21:38 - 00011017 _____ () C:\Users\archer\Desktop\FRST.txt
2014-05-27 21:38 - 2014-05-27 21:38 - 00000000 ____D () C:\FRST
2014-05-27 21:37 - 2014-05-27 21:37 - 00045143 _____ () C:\Users\archer\Desktop\CheckResults.txt
2014-05-27 21:37 - 2014-05-27 21:37 - 00010765 _____ () C:\Users\archer\Desktop\dds.txt
2014-05-27 21:37 - 2014-05-27 21:37 - 00004712 _____ () C:\Users\archer\Desktop\attach.txt
2014-05-27 21:34 - 2014-03-28 17:48 - 00523631 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 21:33 - 2014-05-27 21:33 - 01056256 _____ (Farbar) C:\Users\archer\Desktop\FRST.exe
2014-05-27 21:32 - 2014-05-27 21:32 - 01673896 _____ (Malwarebytes Corporation) C:\Users\archer\Desktop\mbam-check-2.1.0.0002.exe
2014-05-27 21:32 - 2013-11-04 13:54 - 00000000 ____D () C:\Users\archer\AppData\Roaming\IDM
2014-05-27 21:31 - 2013-11-04 13:54 - 00000000 ____D () C:\Users\archer\AppData\Roaming\DMCache
2014-05-27 21:30 - 2014-05-27 21:30 - 00688992 ____R (Swearware) C:\Users\archer\Desktop\dds.scr
2014-05-27 21:08 - 2013-11-04 14:08 - 00000000 ____D () C:\Users\archer\AppData\Local\Adobe
2014-05-27 21:06 - 2014-05-07 19:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 21:05 - 2009-07-14 10:04 - 00023088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 21:05 - 2009-07-14 10:04 - 00023088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 21:02 - 2013-11-04 11:42 - 00005148 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 20:58 - 2014-03-28 18:34 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 20:57 - 2014-05-27 20:57 - 00000056 _____ () C:\Windows\setupact.log
2014-05-27 20:57 - 2014-05-27 20:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-27 20:57 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 22:46 - 2014-03-28 18:34 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-25 19:49 - 2013-11-04 12:38 - 00000000 ____D () C:\Users\archer\AppData\Roaming\vlc
2014-05-25 12:23 - 2014-05-25 12:23 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-25 12:23 - 2014-05-25 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-25 12:23 - 2013-11-04 12:33 - 00000000 ____D () C:\Program Files\Google
2014-05-25 12:10 - 2013-11-04 12:33 - 00000000 ____D () C:\Users\archer\AppData\Local\Google
2014-05-25 12:08 - 2014-05-25 12:08 - 00918672 _____ (Google Inc.) C:\Users\archer\Downloads\ChromeSetup.exe
2014-05-25 12:01 - 2013-12-12 10:38 - 00000000 ____D () C:\Windows\Minidump
2014-05-25 12:00 - 2014-05-25 09:44 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-25 11:59 - 2014-05-25 11:59 - 00000079 _____ () C:\Windows\wininit.ini
2014-05-25 11:59 - 2014-05-25 09:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-24 22:55 - 2013-11-04 12:36 - 00000000 ____D () C:\Users\archer\AppData\Roaming\Media Player Classic
2014-05-22 22:52 - 2013-11-04 13:54 - 00000000 ____D () C:\Users\archer\Downloads\Video
2014-05-19 21:42 - 2013-11-04 12:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-18 16:48 - 2014-05-18 14:04 - 00006728 _____ () C:\Windows\system32\HideMyIpSRV.ini
2014-05-18 16:48 - 2014-05-18 14:04 - 00003512 _____ () C:\Windows\system32\HideMyIpSRVOff.ini
2014-05-18 16:42 - 2013-11-04 12:46 - 00108824 _____ () C:\Users\archer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-18 16:38 - 2009-07-14 10:03 - 03807200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-18 16:36 - 2014-01-10 19:52 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-05-18 16:33 - 2014-05-25 10:49 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts.20140525-104946.backup
2014-05-18 16:15 - 2009-07-14 07:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_783
2014-05-18 14:07 - 2014-01-24 20:38 - 00000076 _____ () C:\Users\archer\Desktop\New Text Document (3).txt
2014-05-18 12:25 - 2014-05-18 12:12 - 00000000 ____D () C:\Users\archer\Downloads\civil question papers
2014-05-18 09:31 - 2009-07-14 10:23 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-16 21:36 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-14 22:42 - 2014-05-14 22:42 - 00000000 ____D () C:\Users\archer\AppData\Roaming\Autodesk
2014-05-14 22:42 - 2014-05-14 22:42 - 00000000 ____D () C:\ProgramData\Autodesk
2014-05-07 20:17 - 2014-05-07 20:17 - 00000937 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-05-07 20:17 - 2014-05-07 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-05-07 20:17 - 2014-05-07 20:17 - 00000000 ____D () C:\Program Files\Speccy
2014-05-07 20:16 - 2013-11-04 12:40 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-07 20:16 - 2013-11-04 12:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-07 19:35 - 2014-05-07 19:35 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-07 19:35 - 2014-05-07 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-07 19:35 - 2014-05-07 19:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-07 19:35 - 2014-05-07 19:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-05 13:23 - 2014-05-07 19:35 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-05 13:23 - 2014-05-07 19:35 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-05 13:23 - 2014-05-07 19:35 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-03 21:35 - 2009-07-14 07:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-02 22:16 - 2014-05-02 22:01 - 00015314 _____ () C:\Users\archer\Downloads\26 apr to 2 may.xlsx
2014-05-02 21:39 - 2009-07-14 07:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_258
2014-05-02 21:12 - 2009-07-14 07:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_712
2014-05-02 20:34 - 2014-05-02 20:34 - 00002117 _____ () C:\Users\archer\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-05-02 20:33 - 2014-05-02 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 22:07
 
==================== End Of Log ============================
 
 

CheckResults.txt

Addition.txt

attach.txt

Link to post
Share on other sites

hi when i shut down pc it says waiting for background programs to close but i did not open any programs.sometimes i see something written in yellow words " svchost program runnning " i couldnt fully read that . 

 

and another problem is that my pc screen blinks . it turns black and comes back . 

 

"waiting for background programs to close"

 

Pretty much normal based upon what is running as Daemons, NT Services or applications on the PC

 

"and another problem is that my pc screen blinks . it turns black and comes back ."

 

That needs context of WHEN that happens and what you are doing when it happens.

Link to post
Share on other sites

no it doesnt show any list of programs when shutting down.just it says waiting for background programs to c lose. bitdefender services are running which shows established in cmd.is that good to run services for bit defender.

 

 

just when im online it blinks like that . when im browsing. even now it happened three to four times.

Link to post
Share on other sites

Yes, the OS will not list.  Occasionally though it may state one program/process that is holding up the shutdown process.  Just be patient.

 

As for the screen black-out issue...

Verify good video connections...

* Cable to Monitor. 

* Cable to PC.

If there are thumb-screws... do not torque them down.  Apply just enough twist-force to keep the cable from disconnecting and no more.

Link to post
Share on other sites

Also when you shut down, does it give you a list of the programs needed to be shut down?

Hi,,, The same problem occured in my computer also... As most of the time my laptop says some programs are running in the background and it also ask to force shut down the computer. I am not able to understand the reason behind this. Then Click4Support people told me that I can configure the settings for the programs running in the background. I can go to start and type msconfig. Then click on Startup tab and their uncheck those programs that one need not to startup. And then just apply those settings. This is an easy way to sort out this problem.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.