Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

DeBug Malware Error 895 - system 32.exe failure

Started by jerrypowell , Jul 20 2015 04:50 PM

Please log in to reply

#1
jerrypowell

Posted 20 July 2015 - 04:50 PM

New Member

Member
8 posts

Got the topic title message. Researched and it is said to be malware.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Jerry (administrator) on NETBOOK on 20-07-2015 17:41:02
Running from C:\Users\Jerry\Desktop
Loaded Profiles: Jerry (Available Profiles: Jerry)
Platform: Microsoft Windows 7 Starter (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\AEstSrv.exe
(DeviceVM, Inc.) C:\SPLASH.SYS\config\DVMExportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\HP\HPBTWD.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533224 2009-06-12] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [HP BTW Detect Program] => C:\Program Files\HP\HPBTWD.exe [319488 2009-03-30] ()
HKLM\...\Run: [HP] => C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [589104 2009-07-14] (Hewlett-Packard)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-08-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKU\S-1-5-21-726285506-2730714665-1725698905-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
HKU\S-1-5-21-726285506-2730714665-1725698905-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-726285506-2730714665-1725698905-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
SearchScopes: HKLM -> DefaultScope {89022F4C-44A1-4FDE-A12D-C4835266CC16} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {89022F4C-44A1-4FDE-A12D-C4835266CC16} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {8B31050B-FBEC-48A3-A4A2-383DD49998BB} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-726285506-2730714665-1725698905-1000 -> DefaultScope {89022F4C-44A1-4FDE-A12D-C4835266CC16} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-726285506-2730714665-1725698905-1000 -> {89022F4C-44A1-4FDE-A12D-C4835266CC16} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-726285506-2730714665-1725698905-1000 -> {8B31050B-FBEC-48A3-A4A2-383DD49998BB} URL = http://www.ask.com/w...}&l=dis&o=ushpl
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files\Common Files\Homepage Protection\HomepageProtection.dll [2009-06-08] (AOL Products)
BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-28] (Sun Microsystems, Inc.)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-726285506-2730714665-1725698905-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{15282BC9-16C7-4973-A340-1A028C6CA4DB}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\3qcdoozm.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://news.google.com/
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-03-19] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll [2008-10-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.) [File not signed]
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exe [221266 2009-06-29] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [16984 2009-07-27] (DeviceVM, Inc.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 17:41 - 2015-07-20 17:41 - 00009955 _____ C:\Users\Jerry\Desktop\FRST.txt
2015-07-20 17:39 - 2015-07-20 17:37 - 01638912 _____ (Farbar) C:\Users\Jerry\Desktop\FRST.exe
2015-07-20 17:38 - 2015-07-20 17:41 - 00000000 ____D C:\FRST
2015-07-20 17:37 - 2015-07-20 17:37 - 01638912 _____ (Farbar) C:\Users\Jerry\Downloads\FRST.exe
2015-07-20 12:11 - 2015-07-20 12:11 - 00000000 ____D C:\Users\Jerry\AppData\Local\LogMeIn Rescue Applet
2015-07-09 08:00 - 2015-07-20 17:32 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 17:41 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 17:41 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 17:39 - 2009-07-24 11:11 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-20 17:37 - 2015-03-26 09:38 - 01413356 _____ C:\Windows\WindowsUpdate.log
2015-07-20 17:33 - 2015-03-28 08:28 - 00000000 ____D C:\Users\Jerry\Tracing
2015-07-20 17:32 - 2015-04-10 09:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-20 17:32 - 2015-03-28 09:01 - 00175136 _____ C:\Windows\PFRO.log
2015-07-20 17:32 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 17:32 - 2009-07-13 23:39 - 00030578 _____ C:\Windows\setupact.log
2015-07-20 12:22 - 2015-03-26 10:05 - 00000177 ____H C:\dvmexp.idx
2015-07-18 08:33 - 2015-04-02 08:35 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleForJerry.job
2015-07-16 09:09 - 2015-04-02 08:34 - 00000052 _____ C:\Windows\system32\DOErrors.log
2015-07-16 09:07 - 2015-04-02 08:32 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\HpUpdate

==================== Files in the root of some directories =======

2015-03-26 08:39 - 2015-07-20 17:33 - 0000185 _____ () C:\ProgramData\HPWALog.txt
2015-03-26 09:51 - 2015-03-26 09:51 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-28 16:53 - 2009-08-28 16:54 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2015-03-26 09:50 - 2015-03-26 09:50 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-28 16:48 - 2009-08-28 16:52 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-18 08:59

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Jerry at 2015-07-20 17:42:12
Running from C:\Users\Jerry\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-726285506-2730714665-1725698905-500 - Administrator - Disabled)
Guest (S-1-5-21-726285506-2730714665-1725698905-501 - Limited - Disabled)
Jerry (S-1-5-21-726285506-2730714665-1725698905-1000 - Administrator - Enabled) => C:\Users\Jerry

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
ArcSoft WebCam Companion 3 (HKLM\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.5 - Atheros Communications Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.30.21.0 - Broadcom Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Homepage Protection (HKLM\...\Homepage Protection) (Version: - AOL Products)
HP Customer Experience Enhancements (HKLM\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Instant Web (HKLM\...\{53F08287-443D-4FC0-B74D-1169B6B9A71C}) (Version: 1.0.5.0 - DeviceVM, Inc.)
HP QuickSync (HKLM\...\{EEA95E6C-6847-49BE-83C9-ED92D8E18983}) (Version: 5.1.234.4788 - Hewlett-Packard)
HP Setup (HKLM\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0166 (HKLM\...\{11B7161D-3461-40CD-B31F-84065AC84A4E}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6217.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1867 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java™ 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-726285506-2730714665-1725698905-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.31005.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerRecover (Version: 5.5.1923 - CyberLink Corp.) Hidden
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.1.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points =========================

07-04-2015 12:06:59 Windows Live Essentials
07-04-2015 12:08:25 Windows Update
07-04-2015 12:09:20 Windows Update
07-04-2015 12:13:06 Windows Update
07-04-2015 12:16:06 Installed DirectX
07-04-2015 12:16:42 Installed DirectX
07-04-2015 12:17:15 Installed DirectX
07-04-2015 12:19:10 WLSetup
14-04-2015 17:06:13 Windows Update
14-04-2015 17:14:21 Windows Update
14-04-2015 17:18:28 Windows Update
14-04-2015 17:24:56 Windows Update
16-04-2015 07:51:22 Windows Update
17-04-2015 08:35:06 Windows Update
17-04-2015 08:51:33 Restore Operation
18-04-2015 08:45:12 Windows Update
12-05-2015 08:17:15 Windows Update
16-05-2015 08:24:22 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0492DB6A-934D-4805-A537-8BFE4390DD14} - System32\Tasks\HPCeeScheduleForJerry => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {0564D5CC-33C1-41DE-83FD-0D2BE5C96F54} - System32\Tasks\RMCreator => C:\Program Files\Hewlett-Packard\Recovery\Reminder.exe [2009-07-23] (CyberLink)
Task: {6943A436-F5BE-442D-A35C-09A17BABE3CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-07-15] (Microsoft)
Task: {C428398B-6682-4891-B086-ABD962EC66A1} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {CCC427C9-E415-4C1C-B5E8-A458E4E0D1F6} - System32\Tasks\RecoveryCDWin7 => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {D1A91A7F-30A8-496A-A415-CFD482EF79D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-07-15] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForJerry.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2009-08-28 15:04 - 2009-03-30 18:02 - 00319488 _____ () C:\Program Files\HP\HPBTWD.exe
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-726285506-2730714665-1725698905-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A6690AC8-C5C3-44FF-93CA-A029AF259B49}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D95343FA-3605-4AF8-8291-7BD511EA18EE}] => (Allow) svchost.exe
FirewallRules: [TCP Query User{00937FBC-BCE3-4577-99CC-22EF5CD8D27C}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [UDP Query User{71312F49-E994-4245-9F66-96420ECDF4F9}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [{2E552370-0C5F-4AA4-AFCC-2AF2E923C94C}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{19F3C54F-AAB0-49DB-8F53-F70FF2CF7D99}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7929FF89-7289-472D-ABB9-D6ACD86A31BA}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [{AD8F6E8F-FF23-42F1-8D9D-1FD00BA324B7}] => (Allow) C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{15EE0A24-C748-4EDF-9B56-AA78FC8ACBF1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1F982A56-7206-457F-AA76-84D3AC1D9B99}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BD77C1F6-3EE9-42E8-A5F9-25800B8A0FAF}] => (Allow) LPort=2869
FirewallRules: [{218CE8A8-39C9-4AE6-99AE-8AD96F5A4AFC}] => (Allow) LPort=1900
FirewallRules: [{3B747ED0-90CE-41DE-82AF-CBC143543A2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BD38B643-A13B-4E89-8647-A2AC4F2E33E3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2015 10:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hphc_service.exe, version: 3.1.7.1, time stamp: 0x4a564c5d
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdaae
Exception code: 0xe053534f
Fault offset: 0x00009617
Faulting process id: 0x%9
Faulting application start time: 0xhphc_service.exe0
Faulting application path: hphc_service.exe1
Faulting module path: hphc_service.exe2
Report Id: hphc_service.exe3

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (06/18/2015 08:59:48 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/15/2015 06:26:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV.exe, version: 1.0.6217.0, time stamp: 0x4a490222
Faulting module name: stapi32.dll, version: 1.0.6217.0, time stamp: 0x4a490151
Exception code: 0xc0000005
Fault offset: 0x0003e635
Faulting process id: 0x400
Faulting application start time: 0xSTacSV.exe0
Faulting application path: STacSV.exe1
Faulting module path: STacSV.exe2
Report Id: STacSV.exe3

Error: (04/07/2015 12:18:29 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: Application or service 'Internet Explorer' could not be shut down.

Error: (04/07/2015 12:08:05 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: Application or service 'Windows Live Messenger' could not be shut down.

Error: (04/03/2015 12:07:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17d8

Start Time: 01d06e2dba53d277

Termination Time: 31

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (04/03/2015 09:42:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 114c

Start Time: 01d06e1a5fe186e6

Termination Time: 62

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: b503f01a-da0f-11e4-9618-002655c8dc8a

System errors:
=============
Error: (07/20/2015 05:32:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:03:26 PM on ‎7/‎20/‎2015 was unexpected.

Error: (07/20/2015 11:10:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/12/2015 08:57:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (07/08/2015 10:31:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/09/2015 08:02:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:43:29 AM on ‎6/‎8/‎2015 was unexpected.

Error: (06/06/2015 07:58:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:25:43 AM on ‎6/‎4/‎2015 was unexpected.

Error: (06/03/2015 08:22:14 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000008e (0xc0000005, 0x818b6c50, 0xa6387888, 0x00000000)C:\Windows\MEMORY.DMP060315-20186-01

Error: (06/03/2015 08:22:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:20:53 AM on ‎6/‎3/‎2015 was unexpected.

Error: (06/03/2015 08:15:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:26:52 AM on ‎6/‎2/‎2015 was unexpected.

Error: (05/16/2015 08:21:04 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xc0000005, 0x87ffa291, 0x88e44894, 0x88e44470)C:\Windows\MEMORY.DMP051615-15272-01

Microsoft Office:
=========================
Error: (07/08/2015 10:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hphc_service.exe3.1.7.14a564c5dKERNELBASE.dll6.1.7600.163854a5bdaaee053534f00009617

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

Error: (06/18/2015 08:59:48 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/15/2015 06:26:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV.exe1.0.6217.04a490222stapi32.dll1.0.6217.04a490151c00000050003e63540001d077d39dc796bbC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exeC:\Windows\system32\stapi32.dlle6dcda0b-e3c6-11e4-b7f3-002655c8dc8a

Error: (04/07/2015 12:18:29 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: 1C:\Program Files\Internet Explorer\iexplore.exeInternet Explorer0211723880

Error: (04/07/2015 12:08:05 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: 1C:\Program Files\Windows Live\Messenger\msnmsgr.exeWindows Live Messenger0211722000

Error: (04/03/2015 12:07:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.7600.1638517d801d06e2dba53d27731C:\Program Files\Internet Explorer\iexplore.exe

Error: (04/03/2015 09:42:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.7600.16385114c01d06e1a5fe186e662C:\Program Files\Internet Explorer\iexplore.exeb503f01a-da0f-11e4-9618-002655c8dc8a

==================== Memory info ===========================

Processor: Intel® Atom™ CPU N270 @ 1.60GHz
Percentage of memory in use: 41%
Total physical RAM: 2039.3 MB
Available physical RAM: 1190.18 MB
Total Virtual: 4078.61 MB
Available Virtual: 3035.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:137.47 GB) (Free:108.48 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.38 GB) (Free:1.91 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: CD68444D)
Partition 1: (Not Active) - (Size=137.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.4 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=201 MB) - (Type=07 NTFS)

==================== End of log ============================

#2
RKinner

Posted 21 July 2015 - 02:03 PM

Malware Expert

Expert
24,625 posts

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

#3
jerrypowell

Posted 22 July 2015 - 09:05 AM

New Member

Topic Starter
Member
8 posts

# AdwCleaner v4.208 - Logfile created 22/07/2015 at 09:44:01
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Starter (x86)
# Username : Jerry - NETBOOK
# Running from : C:\Users\Jerry\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8B31050B-FBEC-48A3-A4A2-383DD49998BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B31050B-FBEC-48A3-A4A2-383DD49998BB}
Key Deleted : HKLM\SOFTWARE\DeviceVM

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

-\\ Mozilla Firefox v39.0 (x86 en-US)

*************************

AdwCleaner[R0].txt - [1104 bytes] - [22/07/2015 09:41:11]
AdwCleaner[S0].txt - [1040 bytes] - [22/07/2015 09:44:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1099 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Starter x86
Ran by Jerry on Wed 07/22/2015 at 9:49:03.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{ABD3B5E1-B268-407B-A150-2641DAB8D898}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Program Files\Common Files\homepage protection

~~~ FireFox

Emptied folder: C:\Users\Jerry\AppData\Roaming\mozilla\firefox\profiles\3qcdoozm.default\minidumps [2 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/22/2015 at 9:56:04.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Jerry (administrator) on NETBOOK on 22-07-2015 09:56:53
Running from C:\Users\Jerry\Desktop
Loaded Profiles: Jerry (Available Profiles: Jerry)
Platform: Microsoft Windows 7 Starter (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533224 2009-06-12] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [HP BTW Detect Program] => C:\Program Files\HP\HPBTWD.exe [319488 2009-03-30] ()
HKLM\...\Run: [HP] => C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [589104 2009-07-14] (Hewlett-Packard)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-08-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKU\S-1-5-21-726285506-2730714665-1725698905-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-726285506-2730714665-1725698905-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {89022F4C-44A1-4FDE-A12D-C4835266CC16} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-726285506-2730714665-1725698905-1000 -> {89022F4C-44A1-4FDE-A12D-C4835266CC16} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-28] (Sun Microsystems, Inc.)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{15282BC9-16C7-4973-A340-1A028C6CA4DB}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\3qcdoozm.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://news.google.com/
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-03-19] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll [2008-10-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.) [File not signed]
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exe [221266 2009-06-29] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [16984 2009-07-27] (DeviceVM, Inc.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 09:56 - 2015-07-22 09:56 - 00001605 _____ C:\Users\Jerry\Desktop\JRT.txt
2015-07-22 09:48 - 2015-07-22 09:47 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Jerry\Desktop\JRT.exe
2015-07-22 09:47 - 2015-07-22 09:47 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Jerry\Downloads\JRT.exe
2015-07-22 09:40 - 2015-07-22 09:44 - 00000000 ____D C:\AdwCleaner
2015-07-22 09:33 - 2015-07-22 09:32 - 02248704 _____ C:\Users\Jerry\Desktop\AdwCleaner.exe
2015-07-22 09:32 - 2015-07-22 09:32 - 02248704 _____ C:\Users\Jerry\Downloads\AdwCleaner.exe
2015-07-20 17:42 - 2015-07-20 17:44 - 00022699 _____ C:\Users\Jerry\Desktop\Addition.txt
2015-07-20 17:41 - 2015-07-22 09:57 - 00007490 _____ C:\Users\Jerry\Desktop\FRST.txt
2015-07-20 17:39 - 2015-07-20 17:37 - 01638912 _____ (Farbar) C:\Users\Jerry\Desktop\FRST.exe
2015-07-20 17:38 - 2015-07-22 09:56 - 00000000 ____D C:\FRST
2015-07-20 17:37 - 2015-07-20 17:37 - 01638912 _____ (Farbar) C:\Users\Jerry\Downloads\FRST.exe
2015-07-20 12:11 - 2015-07-20 12:11 - 00000000 ____D C:\Users\Jerry\AppData\Local\LogMeIn Rescue Applet
2015-07-09 08:00 - 2015-07-20 17:32 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 09:57 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 09:57 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 09:50 - 2015-03-26 09:38 - 01461136 _____ C:\Windows\WindowsUpdate.log
2015-07-22 09:45 - 2015-03-28 08:28 - 00000000 ____D C:\Users\Jerry\Tracing
2015-07-22 09:45 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 09:45 - 2009-07-13 23:39 - 00030634 _____ C:\Windows\setupact.log
2015-07-22 09:33 - 2015-03-26 10:05 - 00000177 ____H C:\dvmexp.idx
2015-07-22 09:05 - 2015-04-02 08:35 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleForJerry.job
2015-07-20 17:39 - 2009-07-24 11:11 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-20 17:32 - 2015-04-10 09:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-20 17:32 - 2015-03-28 09:01 - 00175136 _____ C:\Windows\PFRO.log
2015-07-16 09:09 - 2015-04-02 08:34 - 00000052 _____ C:\Windows\system32\DOErrors.log
2015-07-16 09:07 - 2015-04-02 08:32 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\HpUpdate

==================== Files in the root of some directories =======

2015-03-26 08:39 - 2015-07-22 09:45 - 0000188 _____ () C:\ProgramData\HPWALog.txt
2015-03-26 09:51 - 2015-03-26 09:51 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-28 16:53 - 2009-08-28 16:54 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2015-03-26 09:50 - 2015-03-26 09:50 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-28 16:48 - 2009-08-28 16:52 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

Some files in TEMP:
====================
C:\Users\Jerry\AppData\Local\Temp\Quarantine.exe
C:\Users\Jerry\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-18 08:59

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Jerry at 2015-07-22 09:57:58
Running from C:\Users\Jerry\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-726285506-2730714665-1725698905-500 - Administrator - Disabled)
Guest (S-1-5-21-726285506-2730714665-1725698905-501 - Limited - Disabled)
Jerry (S-1-5-21-726285506-2730714665-1725698905-1000 - Administrator - Enabled) => C:\Users\Jerry

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
ArcSoft WebCam Companion 3 (HKLM\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.5 - Atheros Communications Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.30.21.0 - Broadcom Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Homepage Protection (HKLM\...\Homepage Protection) (Version: - AOL Products)
HP Customer Experience Enhancements (HKLM\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Instant Web (HKLM\...\{53F08287-443D-4FC0-B74D-1169B6B9A71C}) (Version: 1.0.5.0 - DeviceVM, Inc.)
HP QuickSync (HKLM\...\{EEA95E6C-6847-49BE-83C9-ED92D8E18983}) (Version: 5.1.234.4788 - Hewlett-Packard)
HP Setup (HKLM\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0166 (HKLM\...\{11B7161D-3461-40CD-B31F-84065AC84A4E}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6217.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1867 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java™ 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-726285506-2730714665-1725698905-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.31005.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerRecover (Version: 5.5.1923 - CyberLink Corp.) Hidden
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.1.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points =========================

07-04-2015 12:06:59 Windows Live Essentials
07-04-2015 12:08:25 Windows Update
07-04-2015 12:09:20 Windows Update
07-04-2015 12:13:06 Windows Update
07-04-2015 12:16:06 Installed DirectX
07-04-2015 12:16:42 Installed DirectX
07-04-2015 12:17:15 Installed DirectX
07-04-2015 12:19:10 WLSetup
14-04-2015 17:06:13 Windows Update
14-04-2015 17:14:21 Windows Update
14-04-2015 17:18:28 Windows Update
14-04-2015 17:24:56 Windows Update
16-04-2015 07:51:22 Windows Update
17-04-2015 08:35:06 Windows Update
17-04-2015 08:51:33 Restore Operation
18-04-2015 08:45:12 Windows Update
12-05-2015 08:17:15 Windows Update
16-05-2015 08:24:22 Windows Update
22-07-2015 09:49:08 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0492DB6A-934D-4805-A537-8BFE4390DD14} - System32\Tasks\HPCeeScheduleForJerry => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {0564D5CC-33C1-41DE-83FD-0D2BE5C96F54} - System32\Tasks\RMCreator => C:\Program Files\Hewlett-Packard\Recovery\Reminder.exe [2009-07-23] (CyberLink)
Task: {6943A436-F5BE-442D-A35C-09A17BABE3CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-07-15] (Microsoft)
Task: {C428398B-6682-4891-B086-ABD962EC66A1} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {CCC427C9-E415-4C1C-B5E8-A458E4E0D1F6} - System32\Tasks\RecoveryCDWin7 => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {D1A91A7F-30A8-496A-A415-CFD482EF79D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-07-15] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForJerry.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2011-01-16 17:40 - 2009-11-20 14:42 - 02359296 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\hpm1210su.dll
2011-01-16 17:40 - 2009-11-20 15:06 - 00794624 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HPM1210GC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-726285506-2730714665-1725698905-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A6690AC8-C5C3-44FF-93CA-A029AF259B49}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D95343FA-3605-4AF8-8291-7BD511EA18EE}] => (Allow) svchost.exe
FirewallRules: [TCP Query User{00937FBC-BCE3-4577-99CC-22EF5CD8D27C}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [UDP Query User{71312F49-E994-4245-9F66-96420ECDF4F9}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [{2E552370-0C5F-4AA4-AFCC-2AF2E923C94C}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{19F3C54F-AAB0-49DB-8F53-F70FF2CF7D99}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7929FF89-7289-472D-ABB9-D6ACD86A31BA}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [{AD8F6E8F-FF23-42F1-8D9D-1FD00BA324B7}] => (Allow) C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{15EE0A24-C748-4EDF-9B56-AA78FC8ACBF1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1F982A56-7206-457F-AA76-84D3AC1D9B99}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BD77C1F6-3EE9-42E8-A5F9-25800B8A0FAF}] => (Allow) LPort=2869
FirewallRules: [{218CE8A8-39C9-4AE6-99AE-8AD96F5A4AFC}] => (Allow) LPort=1900
FirewallRules: [{3B747ED0-90CE-41DE-82AF-CBC143543A2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BD38B643-A13B-4E89-8647-A2AC4F2E33E3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2015 10:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hphc_service.exe, version: 3.1.7.1, time stamp: 0x4a564c5d
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdaae
Exception code: 0xe053534f
Fault offset: 0x00009617
Faulting process id: 0x%9
Faulting application start time: 0xhphc_service.exe0
Faulting application path: hphc_service.exe1
Faulting module path: hphc_service.exe2
Report Id: hphc_service.exe3

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (06/18/2015 08:59:48 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/15/2015 06:26:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV.exe, version: 1.0.6217.0, time stamp: 0x4a490222
Faulting module name: stapi32.dll, version: 1.0.6217.0, time stamp: 0x4a490151
Exception code: 0xc0000005
Fault offset: 0x0003e635
Faulting process id: 0x400
Faulting application start time: 0xSTacSV.exe0
Faulting application path: STacSV.exe1
Faulting module path: STacSV.exe2
Report Id: STacSV.exe3

Error: (04/07/2015 12:18:29 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: Application or service 'Internet Explorer' could not be shut down.

Error: (04/07/2015 12:08:05 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: Application or service 'Windows Live Messenger' could not be shut down.

Error: (04/03/2015 12:07:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17d8

Start Time: 01d06e2dba53d277

Termination Time: 31

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (04/03/2015 09:42:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 114c

Start Time: 01d06e1a5fe186e6

Termination Time: 62

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: b503f01a-da0f-11e4-9618-002655c8dc8a

System errors:
=============
Error: (07/22/2015 09:50:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/22/2015 09:50:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/22/2015 09:50:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/22/2015 09:50:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).

Error: (07/22/2015 09:50:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/22/2015 09:50:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DeviceVM Meta Data Export Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/22/2015 09:50:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea ST Filters Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/22/2015 09:50:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Audio Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/22/2015 09:44:32 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (07/22/2015 09:44:32 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Microsoft Office:
=========================
Error: (07/08/2015 10:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hphc_service.exe3.1.7.14a564c5dKERNELBASE.dll6.1.7600.163854a5bdaaee053534f00009617

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

Error: (06/18/2015 08:59:48 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/15/2015 06:26:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV.exe1.0.6217.04a490222stapi32.dll1.0.6217.04a490151c00000050003e63540001d077d39dc796bbC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exeC:\Windows\system32\stapi32.dlle6dcda0b-e3c6-11e4-b7f3-002655c8dc8a

Error: (04/07/2015 12:18:29 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: 1C:\Program Files\Internet Explorer\iexplore.exeInternet Explorer0211723880

Error: (04/07/2015 12:08:05 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: 1C:\Program Files\Windows Live\Messenger\msnmsgr.exeWindows Live Messenger0211722000

Error: (04/03/2015 12:07:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.7600.1638517d801d06e2dba53d27731C:\Program Files\Internet Explorer\iexplore.exe

Error: (04/03/2015 09:42:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.7600.16385114c01d06e1a5fe186e662C:\Program Files\Internet Explorer\iexplore.exeb503f01a-da0f-11e4-9618-002655c8dc8a

==================== Memory info ===========================

Processor: Intel® Atom™ CPU N270 @ 1.60GHz
Percentage of memory in use: 30%
Total physical RAM: 2039.3 MB
Available physical RAM: 1412.2 MB
Total Virtual: 4078.61 MB
Available Virtual: 3360.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:137.47 GB) (Free:108.4 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.38 GB) (Free:1.91 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: CD68444D)
Partition 1: (Not Active) - (Size=137.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.4 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=201 MB) - (Type=07 NTFS)

==================== End of log ============================

#4
RKinner

Posted 22 July 2015 - 09:22 AM

Malware Expert

Expert
24,625 posts

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 14
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

Your adobe flash and adobe reader also need to be up dated. Make sure you uncheck the Optional stuff. I think they are foisting McAfee Security Scam this week.

You really need an anti-virus. Avast, Avira, AVG, or even Microsoft Security Essentials. All have free versions.

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that. Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

Are you still seeing your popup?

#5
jerrypowell

Posted 22 July 2015 - 03:46 PM

New Member

Topic Starter
Member
8 posts

Haven't seen the popup during these sessions or since we began.

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Jerry at 2015-07-22 16:24:47 Run:1
Running from C:\Users\Jerry\Desktop
Loaded Profiles: Jerry (Available Profiles: Jerry)
Boot Mode: Normal

==============================================

fixlist content:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
EmptyTemp:

*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
RSUSBSTOR => Service removed successfully.
RtsUIR => Service removed successfully.
USBCCID => Service removed successfully.
EmptyTemp: => 800 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 16:30:40 ====

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Jerry at 2015-07-22 16:37:46
Running from C:\Users\Jerry\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-726285506-2730714665-1725698905-500 - Administrator - Disabled)
Guest (S-1-5-21-726285506-2730714665-1725698905-501 - Limited - Disabled)
Jerry (S-1-5-21-726285506-2730714665-1725698905-1000 - Administrator - Enabled) => C:\Users\Jerry

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
ArcSoft WebCam Companion 3 (HKLM\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.5 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2223 - AVAST Software)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.30.21.0 - Broadcom Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Homepage Protection (HKLM\...\Homepage Protection) (Version: - AOL Products)
HP Customer Experience Enhancements (HKLM\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Instant Web (HKLM\...\{53F08287-443D-4FC0-B74D-1169B6B9A71C}) (Version: 1.0.5.0 - DeviceVM, Inc.)
HP QuickSync (HKLM\...\{EEA95E6C-6847-49BE-83C9-ED92D8E18983}) (Version: 5.1.234.4788 - Hewlett-Packard)
HP Setup (HKLM\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0166 (HKLM\...\{11B7161D-3461-40CD-B31F-84065AC84A4E}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6217.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1867 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-726285506-2730714665-1725698905-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.31005.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerRecover (Version: 5.5.1923 - CyberLink Corp.) Hidden
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.1.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-726285506-2730714665-1725698905-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0492DB6A-934D-4805-A537-8BFE4390DD14} - System32\Tasks\HPCeeScheduleForJerry => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {0564D5CC-33C1-41DE-83FD-0D2BE5C96F54} - System32\Tasks\RMCreator => C:\Program Files\Hewlett-Packard\Recovery\Reminder.exe [2009-07-23] (CyberLink)
Task: {6943A436-F5BE-442D-A35C-09A17BABE3CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-07-15] (Microsoft)
Task: {751F66E9-F90E-42C9-9E29-04F1F2662A8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-22] (Google Inc.)
Task: {9F9671FB-220B-46A8-ADA4-B241CFB73D64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {C428398B-6682-4891-B086-ABD962EC66A1} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {CCC427C9-E415-4C1C-B5E8-A458E4E0D1F6} - System32\Tasks\RecoveryCDWin7 => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {D1A91A7F-30A8-496A-A415-CFD482EF79D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-07-15] (Microsoft)
Task: {D22258A8-DAE3-408A-8D94-5B94A638004E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-22] (Google Inc.)
Task: {FFF77892-BC51-4812-9BCF-E9972573984E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-22] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJerry.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-22 16:15 - 2015-07-22 16:15 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-22 16:15 - 2015-07-22 16:15 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-22 16:15 - 2015-07-22 16:15 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072201\algo.dll
2009-08-28 15:04 - 2009-03-30 18:02 - 00319488 _____ () C:\Program Files\HP\HPBTWD.exe
2015-07-22 16:15 - 2015-07-22 16:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-726285506-2730714665-1725698905-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A6690AC8-C5C3-44FF-93CA-A029AF259B49}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D95343FA-3605-4AF8-8291-7BD511EA18EE}] => (Allow) svchost.exe
FirewallRules: [TCP Query User{00937FBC-BCE3-4577-99CC-22EF5CD8D27C}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [UDP Query User{71312F49-E994-4245-9F66-96420ECDF4F9}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [{2E552370-0C5F-4AA4-AFCC-2AF2E923C94C}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{19F3C54F-AAB0-49DB-8F53-F70FF2CF7D99}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7929FF89-7289-472D-ABB9-D6ACD86A31BA}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [{AD8F6E8F-FF23-42F1-8D9D-1FD00BA324B7}] => (Allow) C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{15EE0A24-C748-4EDF-9B56-AA78FC8ACBF1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1F982A56-7206-457F-AA76-84D3AC1D9B99}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BD77C1F6-3EE9-42E8-A5F9-25800B8A0FAF}] => (Allow) LPort=2869
FirewallRules: [{218CE8A8-39C9-4AE6-99AE-8AD96F5A4AFC}] => (Allow) LPort=1900
FirewallRules: [{3B747ED0-90CE-41DE-82AF-CBC143543A2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BD38B643-A13B-4E89-8647-A2AC4F2E33E3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{18647292-BB43-4808-8AC5-CA042FBC6AC3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{8C032F08-9159-476B-A283-32A7F31BB585}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C7CDF9F0-C233-4C9A-95A0-2A95A2BBE85D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2015 10:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hphc_service.exe, version: 3.1.7.1, time stamp: 0x4a564c5d
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdaae
Exception code: 0xe053534f
Fault offset: 0x00009617
Faulting process id: 0x%9
Faulting application start time: 0xhphc_service.exe0
Faulting application path: hphc_service.exe1
Faulting module path: hphc_service.exe2
Report Id: hphc_service.exe3

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (06/18/2015 08:59:48 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/15/2015 06:26:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV.exe, version: 1.0.6217.0, time stamp: 0x4a490222
Faulting module name: stapi32.dll, version: 1.0.6217.0, time stamp: 0x4a490151
Exception code: 0xc0000005
Fault offset: 0x0003e635
Faulting process id: 0x400
Faulting application start time: 0xSTacSV.exe0
Faulting application path: STacSV.exe1
Faulting module path: STacSV.exe2
Report Id: STacSV.exe3

Error: (04/07/2015 12:18:29 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: Application or service 'Internet Explorer' could not be shut down.

Error: (04/07/2015 12:08:05 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: Application or service 'Windows Live Messenger' could not be shut down.

Error: (04/03/2015 12:07:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17d8

Start Time: 01d06e2dba53d277

Termination Time: 31

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (04/03/2015 09:42:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 114c

Start Time: 01d06e1a5fe186e6

Termination Time: 62

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: b503f01a-da0f-11e4-9618-002655c8dc8a

System errors:
=============
Error: (07/22/2015 04:31:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (07/22/2015 04:31:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (07/22/2015 04:31:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (07/22/2015 04:31:11 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/22/2015 04:31:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (07/22/2015 04:31:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (07/22/2015 03:56:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (07/22/2015 10:06:53 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (07/22/2015 09:50:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/22/2015 09:50:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Microsoft Office:
=========================
Error: (07/08/2015 10:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hphc_service.exe3.1.7.14a564c5dKERNELBASE.dll6.1.7600.163854a5bdaaee053534f00009617

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101

Error: (06/19/2015 08:03:38 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

Error: (06/18/2015 08:59:48 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/15/2015 06:26:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV.exe1.0.6217.04a490222stapi32.dll1.0.6217.04a490151c00000050003e63540001d077d39dc796bbC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exeC:\Windows\system32\stapi32.dlle6dcda0b-e3c6-11e4-b7f3-002655c8dc8a

Error: (04/07/2015 12:18:29 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: 1C:\Program Files\Internet Explorer\iexplore.exeInternet Explorer0211723880

Error: (04/07/2015 12:08:05 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Netbook)
Description: 1C:\Program Files\Windows Live\Messenger\msnmsgr.exeWindows Live Messenger0211722000

Error: (04/03/2015 12:07:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.7600.1638517d801d06e2dba53d27731C:\Program Files\Internet Explorer\iexplore.exe

Error: (04/03/2015 09:42:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.7600.16385114c01d06e1a5fe186e662C:\Program Files\Internet Explorer\iexplore.exeb503f01a-da0f-11e4-9618-002655c8dc8a

==================== Memory info ===========================

Processor: Intel® Atom™ CPU N270 @ 1.60GHz
Percentage of memory in use: 35%
Total physical RAM: 2039.3 MB
Available physical RAM: 1322.52 MB
Total Virtual: 4078.61 MB
Available Virtual: 3060.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:137.47 GB) (Free:114.87 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.38 GB) (Free:1.91 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: CD68444D)
Partition 1: (Not Active) - (Size=137.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.4 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=201 MB) - (Type=07 NTFS)

==================== End of log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Jerry (administrator) on NETBOOK on 22-07-2015 16:35:33
Running from C:\Users\Jerry\Desktop
Loaded Profiles: Jerry (Available Profiles: Jerry)
Platform: Microsoft Windows 7 Starter (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\AEstSrv.exe
(DeviceVM, Inc.) C:\SPLASH.SYS\config\DVMExportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\HP\HPBTWD.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Sun Microsystems, Inc.) C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533224 2009-06-12] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [HP BTW Detect Program] => C:\Program Files\HP\HPBTWD.exe [319488 2009-03-30] ()
HKLM\...\Run: [HP] => C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [589104 2009-07-14] (Hewlett-Packard)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-22] (AVAST Software)
HKU\S-1-5-21-726285506-2730714665-1725698905-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-22] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-726285506-2730714665-1725698905-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {89022F4C-44A1-4FDE-A12D-C4835266CC16} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-726285506-2730714665-1725698905-1000 -> {89022F4C-44A1-4FDE-A12D-C4835266CC16} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-22] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{15282BC9-16C7-4973-A340-1A028C6CA4DB}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\3qcdoozm.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://news.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-03-19] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll [2008-10-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-22]

Chrome:
=======
CHR Profile: C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-22]
CHR Extension: (Docs) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-22]
CHR Extension: (Google Drive) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-22]
CHR Extension: (YouTube) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-22]
CHR Extension: (Google Search) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-22]
CHR Extension: (Avast Online Security) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-22]
CHR Extension: (Gmail) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-22] (Avast Software)
R2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.) [File not signed]
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exe [221266 2009-06-29] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-07-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-22] (AVAST Software)
R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [16984 2009-07-27] (DeviceVM, Inc.)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-07-22] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-22] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 16:17 - 2015-07-22 16:18 - 00000000 ____D C:\Windows\system32\vbox
2015-07-22 16:17 - 2015-07-22 16:17 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-22 16:17 - 2015-07-22 16:17 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\AVAST Software
2015-07-22 16:17 - 2015-07-22 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-22 16:16 - 2015-07-22 16:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 16:16 - 2015-07-22 16:28 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 16:16 - 2015-07-22 16:16 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-22 16:16 - 2015-07-22 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-22 16:15 - 2015-07-22 16:18 - 00000000 ____D C:\Users\Jerry\AppData\Local\Google
2015-07-22 16:15 - 2015-07-22 16:16 - 00000000 ____D C:\Program Files\Google
2015-07-22 16:15 - 2015-07-22 16:15 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-22 16:15 - 2015-07-22 16:15 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-22 16:15 - 2015-07-22 16:15 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-22 16:15 - 2015-07-22 16:15 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-22 16:15 - 2015-07-22 16:15 - 00113592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-22 16:15 - 2015-07-22 16:15 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-22 16:15 - 2015-07-22 16:15 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-22 16:15 - 2015-07-22 16:15 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-22 16:15 - 2015-07-22 16:15 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-22 16:15 - 2015-07-22 16:15 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-22 16:15 - 2015-07-22 16:15 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-22 16:12 - 2015-07-22 16:12 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-22 16:11 - 2015-07-22 16:11 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-22 16:10 - 2015-07-22 16:11 - 05500000 _____ (Avast Software s.r.o.) C:\Users\Jerry\Downloads\avast_free_antivirus_setup_online.exe
2015-07-22 16:09 - 2015-07-22 16:09 - 00000000 ____D C:\Users\Jerry\AppData\Local\Macromedia
2015-07-22 16:08 - 2015-07-22 16:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-22 16:08 - 2015-07-22 16:08 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-07-22 16:08 - 2015-07-22 16:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-22 16:04 - 2015-07-22 16:04 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-22 16:04 - 2015-07-22 16:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-22 09:56 - 2015-07-22 09:56 - 00001605 _____ C:\Users\Jerry\Desktop\JRT.txt
2015-07-22 09:48 - 2015-07-22 09:47 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Jerry\Desktop\JRT.exe
2015-07-22 09:47 - 2015-07-22 09:47 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Jerry\Downloads\JRT.exe
2015-07-22 09:40 - 2015-07-22 09:44 - 00000000 ____D C:\AdwCleaner
2015-07-22 09:33 - 2015-07-22 09:32 - 02248704 _____ C:\Users\Jerry\Desktop\AdwCleaner.exe
2015-07-22 09:32 - 2015-07-22 09:32 - 02248704 _____ C:\Users\Jerry\Downloads\AdwCleaner.exe
2015-07-20 17:42 - 2015-07-22 09:59 - 00023224 _____ C:\Users\Jerry\Desktop\Addition.txt
2015-07-20 17:41 - 2015-07-22 16:35 - 00011502 _____ C:\Users\Jerry\Desktop\FRST.txt
2015-07-20 17:39 - 2015-07-20 17:37 - 01638912 _____ (Farbar) C:\Users\Jerry\Desktop\FRST.exe
2015-07-20 17:38 - 2015-07-22 16:35 - 00000000 ____D C:\FRST
2015-07-20 17:37 - 2015-07-20 17:37 - 01638912 _____ (Farbar) C:\Users\Jerry\Downloads\FRST.exe
2015-07-20 12:11 - 2015-07-20 12:11 - 00000000 ____D C:\Users\Jerry\AppData\Local\LogMeIn Rescue Applet
2015-07-09 08:00 - 2015-07-22 15:59 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 16:35 - 2015-03-26 09:38 - 01469898 _____ C:\Windows\WindowsUpdate.log
2015-07-22 16:33 - 2015-03-28 08:28 - 00000000 ____D C:\Users\Jerry\Tracing
2015-07-22 16:32 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 16:32 - 2009-07-13 23:39 - 00030690 _____ C:\Windows\setupact.log
2015-07-22 16:31 - 2015-03-28 09:01 - 00176390 _____ C:\Windows\PFRO.log
2015-07-22 16:19 - 2015-03-26 08:26 - 00000000 ____D C:\Users\Jerry\AppData\Local\VirtualStore
2015-07-22 16:09 - 2015-04-03 11:55 - 00000000 ____D C:\Users\Jerry\AppData\Local\Adobe
2015-07-22 16:08 - 2009-08-28 16:35 - 00000000 ____D C:\Program Files\Adobe
2015-07-22 16:07 - 2009-08-28 16:36 - 00000000 ____D C:\ProgramData\Adobe
2015-07-22 15:57 - 2015-04-02 08:32 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\HpUpdate
2015-07-22 09:57 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 09:57 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 09:33 - 2015-03-26 10:05 - 00000177 ____H C:\dvmexp.idx
2015-07-22 09:05 - 2015-04-02 08:35 - 00000322 _____ C:\Windows\Tasks\HPCeeScheduleForJerry.job
2015-07-20 17:39 - 2009-07-24 11:11 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-20 17:32 - 2015-04-10 09:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-16 09:09 - 2015-04-02 08:34 - 00000052 _____ C:\Windows\system32\DOErrors.log

==================== Files in the root of some directories =======

2015-03-26 08:39 - 2015-07-22 16:33 - 0000188 _____ () C:\ProgramData\HPWALog.txt
2015-03-26 09:51 - 2015-03-26 09:51 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-28 16:53 - 2009-08-28 16:54 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2015-03-26 09:50 - 2015-03-26 09:50 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-28 16:48 - 2009-08-28 16:52 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-18 08:59

==================== End of log ============================

#6
jerrypowell

Posted 26 July 2015 - 06:29 PM

New Member

Topic Starter
Member
8 posts

Does it look like my problem is solved? If so, thank you very much.

#7
RKinner

Posted 26 July 2015 - 08:28 PM

Malware Expert

Expert
24,625 posts

Your logs look clean. If you are not seeing the problem then I guess you are good to go.

You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

Remove all but the last restore point:

    Open Disk Cleanup by clicking the Start button Picture of the Start button. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

    If prompted, select the drive that you want to clean up, and then click OK.

    In the Disk Cleanup for (drive letter) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    If prompted, select the drive that you want to clean up, and then click OK.

    Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

    In the Disk Cleanup dialog box, click Delete.

    Click Delete Files, and then click OK.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/vulnerability_scanning/personal/download_psi/ Same kind of info. You don't need both.
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on. Go to adblockplus.org with each browser and get the add-on.

If Chrome/Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.combefore you open them.

Due to a recent rise in the number of Crytolocker infections I am recommending you consider installing:

CryptoPrevent

http://www.foolishIT.../cryptoprevent/

The free version does not update on its own so you should check for updated versions once in a while. If you have problems after installing it you can just uninstall it the usual way.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.htmland http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron