Solved failed to connect to a windows service

August 3, 2015 at 07:05:07
Specs: Windows 7
Every startup of my Win7 I have the "failed to connect to a windows service" notice.
I followed the instructions of JOHNW using the Farbar tool and now I have the resulting text files (FRST.txt and Addition.txt). Please let me know to what mail address should I send the links of these files to analyse and give me hints how can I get rid of the annoying notice.
Thanks in advance
aveitan

edited by moderator: Added missing link


See More: failed to connect to a windows service

Report •

✔ Best Answer
August 8, 2015 at 15:21:18
Your AV ( antivirus ) programs are fighting each other, I would uninstall Norton/Symantic. You must use their tool.
That will leave you with MSE, which is what I use.
https://support.norton.com/sp/en/us...


#1
August 3, 2015 at 08:12:04
We don't use email on here. What you do is ask your question on this board then helpers will suggest the best approach for your own particular query.

Johnw is a regular helper on here so you could post those files on a website for him or someone else to download. This one does not require an account:
http://www.zippyshare.com/
Put the URL's they give you as a reply to this post and await a response.

Johnw is in Australia so he won't be around for some hours. I'll let him know.

Always pop back and let us know the outcome - thanks


Report •

#2
August 3, 2015 at 10:57:12
Thank you DEREK for your help.
here are the links for the spoken files:
http://www41.zippyshare.com/v/nSS0J...
http://www41.zippyshare.com/v/OLBHx...
I'll appreciate if JOHNW or anybody else can analyse and advise me how to get rid of this sticky message.
have a nice day/evening/morning or night,
aveitan

Report •

#3
August 3, 2015 at 14:18:39
Johnw is the man for these but while you are waiting run these too, in the order given:

AdwCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button.

Junkware Removal Tool (JRT)
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

MalwareBytes:
http://filehippo.com/download_malwa...
(green Download button top right - not anything else on the page)
Install and Run the program but before doing its Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

Please copy/paste the logs on here.

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
August 3, 2015 at 16:22:09
Got your logs aveitan. Will be offline for about 9 hrs.

Shall go through the 3 other logs as per Derek's post, when I return.

I'm here.
http://www.timeanddate.com/worldclo...


Report •

#5
August 3, 2015 at 18:50:00
In the event-log there should be an (critical?!) entry about the error you see hopefully with more info what service is involved.

Did you install/uninstall something before this error appear?


Report •

#6
August 5, 2015 at 05:51:55
ican't remember since this trouble happened months ago. I'll check again the event log to look for "critical" entry.

Report •

#7
August 5, 2015 at 05:53:43
Thanks in advance Johnw

Report •

#8
August 5, 2015 at 06:54:44
"Thanks in advance Johnw"
Just waiting on those 3 logs aveitan.

Report •

#9
Report •

#10
August 5, 2015 at 17:00:07
Next step.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
My ESET product detected a threat—what should I do?
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on theDesktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#11
August 6, 2015 at 01:24:30
Here is the link to eset scan results:
http://www23.zippyshare.com/v/ap6AB...

Report •

#12
August 6, 2015 at 03:23:45
Could you Copy & Paste the contents of the log please.

17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt"

Next step.

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
Ask Toolbar (HKLM\...\{4F524A2D-5637-006A-76A7-A758B70C1D00}) (Version: 12.29.0.226 - APN, LLC) <==== ATTENTION
File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION
Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Task: {12D8D9A0-61CE-4D98-A417-2C4E64C6C654} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files\File Type Assistant\tsasetup.exe [2014-05-07] ( ) <==== ATTENTION
Task: {7116E19F-4017-45B2-B713-948E0085B2E8} - \DTReg No Task File <==== ATTENTION
Task: {A8439A27-2E1B-48BA-9A22-86E62F9A2199} - \DTChk No Task File <==== ATTENTION
Task: {BC7F40AD-8031-4C4C-9182-9FCD595E60D9} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN)
Task: {E6586F75-BFDD-460A-98D2-038BC050B57D} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\TSAssist.exe [2014-03-25] (Trusted Software ApS) <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Avram\AppData\Roaming\Microsoft\Windows\Start Menu\ynet.website:DESTICON_favicon-452516185
IE trusted site: HKU\S-1-5-21-2915705848-958432216-3229325390-1000\...\google.com -> hxxps://mail.google.com
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll [X]
GroupPolicyScripts: Group Policy detected <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2915705848-958432216-3229325390-1000 -> {1E57FC20-FC91-4E25-AEF2-D7A2B4E97B2D} URL = http://www.mysearchresults.com/sear...
BHO: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files\PDF Architect 2\creator-ie-helper.dll No File
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll No File
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-03-14]
CHR Extension: (Ask Toolbar) - C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2013-10-21]
CHR Extension: (Ask Toolbar) - C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2015-03-16]
CHR Extension: (Ask Toolbar) - C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2015-06-16]
CHR HKLM\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx [2015-06-04]
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.)
S3 PDF Architect 2; "C:\Program Files\PDF Architect 2\ws.exe" [X]
S3 pdfforge CrashHandler; "C:\Program Files\PDF Architect 2\crash-handler-ws.exe" [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#13
August 6, 2015 at 05:06:56
as you'll notice the eset log file is empty:
http://www84.zippyshare.com/v/LoYUX...
but hn the eset quarantine contain about 20 NDF or NQF files, some of them are above 15 mega. do you want me to send all those quarantined files?

Report •

#14
August 6, 2015 at 05:18:10
"as you'll notice the eset log file is empty:"
Not quite, that is the log I needed.

# found=11
# cleaned=11
Then it shows what was quarantined.

" do you want me to send all those quarantined files?"
No thanks.

I shall wait now for the next log.

message edited by Johnw


Report •

#15
August 6, 2015 at 05:33:58
PDF Architect 2 => service removed successfully.
pdfforge CrashHandler => service removed successfully.
dgderdrv => service removed successfully.
LMIRfsClientNP => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VGPU => service removed successfully.
EmptyTemp: => 680.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:21:36 ====


Report •

#16
August 6, 2015 at 05:35:53
Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://i.imgur.com/r3PoAEG.gif

message edited by Johnw


Report •

#17
August 6, 2015 at 06:33:35
I think the problem is solved (hopefully). After restart I didn't have the note "failed to connect to a windows service".

Report •

#18
August 6, 2015 at 06:41:33
"I think the problem is solved (hopefully)"
yep, I thought it would be.

Just some cleaning up to do now, suspect there are still a few remnants there.

Shall wait for the AdwCleaner log.


Report •

#19
August 6, 2015 at 07:00:45
Sorry, I was wrong. The problem still exist and appears after each reboot.!!!

Report •

#20
August 6, 2015 at 07:06:12
here is the AdwCleaner log:
# AdwCleaner v4.208 - Logfile created 06/08/2015 at 17:01:47
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Avram - AVRAM-WIN7
# Running from : C:\Users\Avram\Downloads\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Google Chrome v44.0.2403.130

[C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[{"chrome_settings_overrides":false}]},"content_settings":[],"creation_flags":9,"events":[],"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13051134006939204","lastpingday":"13051090761355204","location":6,"manifest":{"background":{"scripts":["common/apnAPI.js","settings/redirect.js"]},"chrome_settings_overrides":{"homepage":"hxxp://www.search.ask.com/?gct=hp

*************************

AdwCleaner[R0].txt - [7206 bytes] - [04/08/2015 20:24:03]
AdwCleaner[R2].txt - [6236 bytes] - [04/08/2015 21:04:32]
AdwCleaner[R3].txt - [1667 bytes] - [06/08/2015 16:44:58]
AdwCleaner[R4].txt - [1529 bytes] - [06/08/2015 17:01:47]
AdwCleaner[S0].txt - [6387 bytes] - [04/08/2015 21:05:13]
AdwCleaner[S1].txt - [1733 bytes] - [06/08/2015 16:47:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1706 bytes] ##########


Report •

#21
August 6, 2015 at 15:41:38
"here is the AdwCleaner log"
Thanks.

"# Option : Scan"
Can I see the log after cleaning, please.


Report •

#22
August 7, 2015 at 02:58:00
The last log found after scan and cleaning. is the following:

# AdwCleaner v4.208 - Logfile created 06/08/2015 at 17:08:03
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Avram - AVRAM-WIN7
# Running from : C:\Users\Avram\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Google Chrome v44.0.2403.130

[C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[{"chrome_settings_overrides":false}]},"content_settings":[],"creation_flags":9,"events":[],"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13051134006939204","lastpingday":"13051090761355204","location":6,"manifest":{"background":{"scripts":["common/apnAPI.js","settings/redirect.js"]},"chrome_settings_overrides":{"homepage":"hxxp://www.search.ask.com/?gct=hp

*************************

AdwCleaner[R0].txt - [7206 bytes] - [04/08/2015 20:24:03]
AdwCleaner[R2].txt - [6236 bytes] - [04/08/2015 21:04:32]
AdwCleaner[R3].txt - [1667 bytes] - [06/08/2015 16:44:58]
AdwCleaner[R4].txt - [1785 bytes] - [06/08/2015 17:01:47]
AdwCleaner[S0].txt - [6387 bytes] - [04/08/2015 21:05:13]
AdwCleaner[S1].txt - [1733 bytes] - [06/08/2015 16:47:47]
AdwCleaner[S2].txt - [1712 bytes] - [06/08/2015 17:08:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1771 bytes] ##########

I run the program again about 30 minutes ago but this time there wasn't an option to repair or to clean, and I didn't find any newer log file..The only newer files are located in the following path:
programdata\malwarebytes\malwarebytes anti-malware\logs
and their links are as follows:
http://www99.zippyshare.com/v/EyQSf...
http://www41.zippyshare.com/v/T12ZT...

I hope this info may help to analyse my problems.
Thanks again
aveitan

message edited by aveitan


Report •

#23
August 7, 2015 at 03:21:13
Here is to scan.with Malwarebytes & get the correct log.

Update & Run Malwarebytes Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Under Non-Malware Protection sub tab, make sure PUP and PUM entries to Treat detections as Malware are checked.
http://i.imgur.com/MKxr2K1.gif
Click on the Scan tab, then click on Scan Now >>. If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may see this message box.
'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Copy and Paste the contents of the log, in your reply please.
Log locations
http://i.imgur.com/s05hsP9.gif
http://i.imgur.com/qZ5dybV.gif
http://i.imgur.com/wOHlluy.gif
http://i.imgur.com/pYQQLah.gif

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.


Report •

#24
August 7, 2015 at 07:27:21
I followed your instructions carefully and repeated the process few times. Along each scan it is noted "no detected object" and the summary of each scan ends with "Threats identified = 0". The last scan which identified threats was 3 days ago (04/08/2015) and then there was a repair process followed with restart. "Failed to connect Windows Service" occurs after each restart. It seems that Malwarebytes can't solve this problem in my PC.
The threats that were found and quarantined on 4/8/15 are:
- PUP.Optional.Babylon.A (File)
- Hijack.Regedit (Registry Value)
- PUP.Optional.AskAPN.Gen (Registry Key)
- PUP.Optional.AskAPN.Gen (Registry Value)

Report •

#25
August 7, 2015 at 11:58:51
The most common suggestion for "Failed to connect Windows Service" is to open command prompt as administrator then type:
netsh
Hit Enter key then on the next line type:
winsock reset
Hit Enter key again and it should tell you it successfully reset.
Restart computer.

Did you try this at any stage (sorry if I missed it somewhere)?

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#26
August 7, 2015 at 16:40:08
After post #25.

Remove/delete Farbar & download the latest version.
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...

Run Farbar again & upload the logs.
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif

message edited by Johnw


Report •

#27
August 8, 2015 at 00:28:40
I've tried it again and it didn't do the job
This is in response to #25 (DEREK)

message edited by aveitan


Report •

#28
August 8, 2015 at 00:49:25
In response to #26 ((JOHNW):
No need to run it twice. The links to the resulted files:
FRST.txt = http://www66.zippyshare.com/v/MhvnT...
Addition.txt = http://www69.zippyshare.com/v/9SQbW...
Hope you'll find something helpful

message edited by aveitan


Report •

#29
August 8, 2015 at 04:23:49
Whilst we are trying to fix your problems, please do not install any programs other than those we recommend.

After running fixlist, what problems do you have?

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Task: {7116E19F-4017-45B2-B713-948E0085B2E8} - \DTReg No Task File <==== ATTENTION
Task: {A8439A27-2E1B-48BA-9A22-86E62F9A2199} - \DTChk No Task File <==== ATTENTION
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll No File
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll [No File]
CHR Extension: (No Name) - C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2015-03-16]
CHR Extension: (No Name) - C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-16]
CHR Extension: (No Name) - C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2015-06-16]
S3 PDF Architect 2; "C:\Program Files\PDF Architect 2\ws.exe" [X]
S3 pdfforge CrashHandler; "C:\Program Files\PDF Architect 2\crash-handler-ws.exe" [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#30
August 8, 2015 at 11:21:22
Fix result of Farbar Recovery Scan Tool (x86) Version:08-08-2015 01
Ran by Avram (2015-08-08 19:00:09) Run:2
Running from C:\Users\Avram\Desktop
Loaded Profiles: Avram (Available Profiles: Avram)
Boot Mode: Normal

==============================================

fixlist content:
*****************
closeprocesses:
emptytemp:
Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Task: {7116E19F-4017-45B2-B713-948E0085B2E8} - \DTReg No Task File <==== ATTENTION
Task: {A8439A27-2E1B-48BA-9A22-86E62F9A2199} - \DTChk No Task File <==== ATTENTION
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll No File
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll [No File]
CHR Extension: (No Name) - C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2015-03-16]
CHR Extension: (No Name) - C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-03-16]
CHR Extension: (No Name) - C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2015-06-16]
S3 PDF Architect 2; "C:\Program Files\PDF Architect 2\ws.exe" [X]
S3 pdfforge CrashHandler; "C:\Program Files\PDF Architect 2\crash-handler-ws.exe" [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
*****************

Processes closed successfully.
Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7116E19F-4017-45B2-B713-948E0085B2E8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7116E19F-4017-45B2-B713-948E0085B2E8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8439A27-2E1B-48BA-9A22-86E62F9A2199}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8439A27-2E1B-48BA-9A22-86E62F9A2199}" => key removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DEEB13D7-CEA9-45FB-B77C-E039BEC85221} => value removed successfully.
"HKCR\CLSID\{DEEB13D7-CEA9-45FB-B77C-E039BEC85221}" => key removed successfully.
"HKLM\Software\MozillaPlugins\PDF Architect 2" => key removed successfully.
C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk => moved successfully.
C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd => moved successfully.
C:\Users\Avram\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk => moved successfully.
PDF Architect 2 => service removed successfully.
pdfforge CrashHandler => service removed successfully.
dgderdrv => service removed successfully.
LMIRfsClientNP => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VGPU => service removed successfully.
EmptyTemp: => 61.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:00:57 ====


Report •

#31
August 8, 2015 at 15:21:18
✔ Best Answer
Your AV ( antivirus ) programs are fighting each other, I would uninstall Norton/Symantic. You must use their tool.
That will leave you with MSE, which is what I use.
https://support.norton.com/sp/en/us...

Report •

#32
August 9, 2015 at 00:24:30
Ive successfully uninstalled norton and will report results later.

Report •

#33
August 9, 2015 at 02:46:13
"Ive successfully uninstalled norton"
Process of elimination, that is one less problem.

"will report results later"
Fingers crossed.


Report •

#34
August 9, 2015 at 02:48:48
Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#35
August 9, 2015 at 04:37:47
JohnW, Success is your name!
I removed Norton totally from my PC and the trouble is gone. Previously Norton caused me lot of troubles with DWH Trojan. I'll never use again this AV any more!!!

Report •

#36
August 9, 2015 at 10:19:53
You were not alone it seems:
http://www.cnet.com/forums/discussi...

Always pop back and let us know the outcome - thanks


Report •

#37
August 9, 2015 at 10:44:21
Re #34 to jOHNw:

Results of screen317's Security Check version 1.006
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
CCleaner
Java 7 Update 67
[color=red][b]Java version 32-bit out of Date![/b][/color]
Adobe Flash Player 18.0.0.209
Google Chrome (44.0.2403.125)
Google Chrome (44.0.2403.130)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 0%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


ANY COMMENTS ON THIS REPORT?

message edited by aveitan


Report •

#38
August 9, 2015 at 15:19:58
"I removed Norton totally from my PC and the trouble is gone"
Good news aveitan.

"ANY COMMENTS ON THIS REPORT?"
Step 1: If you don't need Java ( most people don't ) uninstall it.
If you want to keep it, update it, to make sure it is secure.
Set your Java cache/temps to 100mb.

Step 2: Run CCleaner Registry clean.
Follow these SS (screenshot) steps.
http://i.imgur.com/UUecMp3.gif
http://i.imgur.com/715LOZY.gif
http://i.imgur.com/oWJFPUA.gif
http://i.imgur.com/CFRA6GW.gif
http://i.imgur.com/r0c6HFr.gif
http://i.imgur.com/Htjr1Mj.gif

Step 3: Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
Tool will create an report for you (C:\DelFix.txt)


Report •

#39
August 9, 2015 at 15:36:25
Another option with Java if you only need it online at odd times, is to disable it in browsers via "Control Panel > Java > Security tab". It can then be temporarily invoked online when needed. You still need to keep it updated of-course, as already given.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#40
August 9, 2015 at 23:01:28
Thanks for all. with JohnW (and al the others) I got the feeling that a PC expert is sitting by my desk and doing the Job for me. You are great.!
(By the way, I am usijg CCleaner regularly)

Report •

#41
August 10, 2015 at 06:17:13
I have a major problem now. My note-pad does not recognize TXT files anymore. I had to rename files into RTF in order to be able to see the written text or to "copy and past", and I can't make a Restore because all earlier restore points were deleted by DelFix. Do you have any idea how to repair this problem?.
P.S. Please note that "פעולת שחזור" (items #723 & #725) means in English "restore action"

# DelFix v1.010 - Logfile created 10/08/2015 at 08:44:38
# Updated 26/04/2015 by Xplode
# Username : Avram - AVRAM-WIN7
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Avram\Desktop\SecurityCheck.exe
Deleted : C:\Users\Avram\Downloads\AdwCleaner.exe
Deleted : C:\Users\Avram\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Avram\Downloads\FRST (1).exe
Deleted : C:\Users\Avram\Downloads\FRST.exe
Deleted : C:\Users\Avram\Downloads\JRT.exe
Deleted : C:\Users\Avram\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #721 [JRT Pre-Junkware Removal | 08/04/2015 17:30:13]
Deleted : RP #722 [Windows Update | 08/06/2015 12:00:14]
Deleted : RP #723 [פעולת שחזור | 08/08/2015 07:10:33]
Deleted : RP #724 [Windows Update | 08/08/2015 07:30:03]
Deleted : RP #725 [פעולת שחזור | 08/08/2015 18:26:54]
Deleted : RP #726 [Windows Update | 08/08/2015 18:37:53]
Deleted : RP #727 [Removed Symantec Endpoint Protection. | 08/09/2015 06:41:33]
Deleted : RP #728 [Removed Symantec Endpoint Protection. | 08/09/2015 07:01:56]
Deleted : RP #729 [Windows Backup | 08/09/2015 16:00:13]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


message edited by aveitan


Report •

#42
August 10, 2015 at 07:14:39
What happens when you double click a txt file?

Always pop back and let us know the outcome - thanks


Report •

#43
August 10, 2015 at 12:15:49
Thank you Derek, I just solved the problem of the notepad by restoring its default definitions.

Report •

#44
August 10, 2015 at 14:46:03
Good to hear - looks like Johnw and yourself did a grand job.

Always pop back and let us know the outcome - thanks


Report •

#45
August 10, 2015 at 17:11:08
"I just solved the problem of the notepad by restoring its default definitions"
Nice work aveitan.

"I can't make a Restore because all earlier restore points were deleted by DelFix"
We do that, because ALL your old problems were still in those restore points & you would have been back where you started.


Report •

#46
August 10, 2015 at 17:15:23
Here is how a USER got a lot of these problems, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#47
August 11, 2015 at 08:01:17
Thanks for your wise ideas. I normally pay attention to avoid as much as I can unwanted and unnecessary software. To stay on the safe side I've installed right now your recommended Uncheky. I hopel not to waist your time too much hereafter.
Aveitan

Report •

#48
August 11, 2015 at 18:03:45
"I hopel not to waist your time too much hereafter"
No problem, computers are my hobby, always got something on the go, really enjoy the challenge.

Report •

Ask Question