1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] Bogus MS Support ?

Discussion in 'Malware Removal Help' started by bettydee, Sep 24, 2015.

  1. bettydee

    bettydee

    Joined:
    Sep 24, 2015
    Messages:
    5
    Operating System:
    Windows 7
    My computer locked up with flashing msg to call a toll free MS # because of hacker/virus. Gentleman took control of PC and breezed thru several items. Said there were potential hacker/damaged files/corruption. I told him I could get help elsewhere and left the call.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/24/2015
    Scan Time: 4:11 PM
    Logfile:
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.09.24.04
    Rootkit Database: v2015.09.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Betty

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 316408
    Time Elapsed: 25 min, 5 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    PUP.Optional.ResultsHub, C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_resultshub-a.akamaihd.net_0.localstorage, , [654fad863f4c3600b07f18a02dd751af],
    PUP.Optional.ResultsHub, C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_resultshub-a.akamaihd.net_0.localstorage-journal, , [8331161ded9e38febc7305b331d3c937],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
    Ran by Betty (administrator) on BETTY-PC (24-09-2015 17:05:16)
    Running from C:\Users\Betty\Desktop
    Loaded Profiles: Betty (Available Profiles: Betty)
    Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\stacsv.exe
    (Stardock Corporation) C:\Program Files\Stardock\MyColors\VistaSrv.exe
    () C:\Program Files\Stardock\MyColors\WBVista.exe
    (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\AEstSrv.exe
    (DeviceVM, Inc.) C:\SPLASH.SYS\config\DVMExportService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
    () C:\Program Files\HP\HPBTWD.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
    (Sun Microsystems, Inc.) C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533224 2009-06-12] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-06-29] (IDT, Inc.)
    HKLM\...\Run: [HP BTW Detect Program] => C:\Program Files\HP\HPBTWD.exe [319488 2009-03-30] ()
    HKLM\...\Run: [HP] => C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [589104 2009-07-14] (Hewlett-Packard)
    HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
    HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4939800 2015-08-20] (Emsisoft Ltd)
    HKU\S-1-5-21-141951686-3695902509-2952561558-1000\...\Run: [Desktop Software] => C:\Program Files\Common Files\SupportSoft\bin\bcont.exe [1025320 2009-04-24] (SupportSoft, Inc.)
    HKU\S-1-5-21-141951686-3695902509-2952561558-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-10] (Google Inc.)
    HKU\S-1-5-21-141951686-3695902509-2952561558-1000\...\Run: [EPSON Stylus CX7400 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE [179200 2007-02-15] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-141951686-3695902509-2952561558-1000\...\Policies\system: [WallpaperStyle] 2
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-29] (Microsoft Corporation)
    HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stardock MyColors.lnk [2010-02-03]
    ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files\Stardock\MyColors\SDDelayedLaunch.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{0B159908-31F0-4A49-A828-8F1CE0DD299F}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{8AF1CDBA-2944-43A6-B4CE-14FCCE6096E8}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {9014C526-1F39-4EEC-98DC-F4A13261949A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-141951686-3695902509-2952561558-1000 -> DefaultScope {9014C526-1F39-4EEC-98DC-F4A13261949A} URL =
    SearchScopes: HKU\S-1-5-21-141951686-3695902509-2952561558-1000 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
    Toolbar: HKU\S-1-5-21-141951686-3695902509-2952561558-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    FireFox:
    ========
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-03-20] (Adobe Systems, Inc.)
    FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-12] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_51\bin\new_plugin\npjp2.dll [No File]
    FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-12] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxps://www.google.com/"
    CHR Profile: C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-17]
    CHR Extension: (Google Docs) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17]
    CHR Extension: (Google Drive) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17]
    CHR Extension: (YouTube) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17]
    CHR Extension: (Google Search) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17]
    CHR Extension: (Google Sheets) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-17]
    CHR Extension: (Google Docs Offline) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR Extension: (Gmail) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5531008 2015-08-20] (Emsisoft Ltd)
    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
    R2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.) [File not signed]
    S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
    R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-03-24] (Hewlett-Packard) [File not signed]
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exe [221266 2009-06-29] (IDT, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
    R2 WindowBlinds; C:\Program Files\Stardock\MyColors\VistaSrv.exe [230704 2009-06-09] (Stardock Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [16984 2009-07-27] (DeviceVM, Inc.)
    R1 epp32; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp32.sys [114072 2015-08-07] (Emsisoft GmbH)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
    S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-24 17:05 - 2015-09-24 17:05 - 00013392 _____ C:\Users\Betty\Desktop\FRST.txt
    2015-09-24 17:03 - 2015-09-24 17:05 - 00000000 ____D C:\FRST
    2015-09-24 16:59 - 2015-09-24 16:59 - 01695744 _____ (Farbar) C:\Users\Betty\Desktop\FRST.exe
    2015-09-24 14:57 - 2015-09-24 14:57 - 00000000 ____D C:\Users\Betty\AppData\Roaming\TeamViewer
    2015-09-22 15:33 - 2015-09-22 15:33 - 00849721 _____ C:\Users\Betty\Downloads\Andy's Friends Cat Rescue & Adoption.html
    2015-09-22 15:33 - 2015-09-22 15:33 - 00000000 ____D C:\Users\Betty\Downloads\Andy's Friends Cat Rescue & Adoption_files
    2015-09-22 15:28 - 2015-09-22 15:29 - 00000000 ____D C:\Users\Betty\Downloads\4th Annual _Dine out at Duffer's_ Fundraiser_files
    2015-09-22 15:28 - 2015-09-22 15:28 - 00520162 _____ C:\Users\Betty\Downloads\4th Annual _Dine out at Duffer's_ Fundraiser.html
    2015-09-14 18:58 - 2015-09-24 16:07 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-09-14 18:58 - 2015-09-14 18:58 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-09-14 18:58 - 2015-09-14 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-09-14 18:58 - 2015-09-14 18:58 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-09-14 18:58 - 2015-09-14 18:58 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-09-14 18:58 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-09-14 18:58 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-09-14 18:58 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-09-14 18:55 - 2015-09-14 18:55 - 00003090 _____ C:\Users\Betty\Desktop\JRT.txt
    2015-09-14 18:38 - 2015-09-09 14:11 - 01800104 _____ (Malwarebytes Corporation) C:\Users\Betty\Desktop\JRT_NEW.exe
    2015-09-14 11:08 - 2015-09-14 11:09 - 00003989 _____ C:\Users\Betty\Downloads\ContractExcelServlet
    2015-09-13 08:57 - 2015-09-13 08:57 - 00347816 _____ (Microsoft Corporation) C:\Users\Betty\Downloads\MicrosoftFixit.Printing.Run.exe
    2015-09-10 17:58 - 2015-09-10 17:58 - 00173354 _____ C:\Users\Betty\Downloads\Easy Hot Pizza Dip Recipe _ Taste of Home.html
    2015-09-10 17:58 - 2015-09-10 17:58 - 00000000 ____D C:\Users\Betty\Downloads\Easy Hot Pizza Dip Recipe _ Taste of Home_files

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-24 17:04 - 2014-03-01 17:33 - 00000177 ____H C:\dvmexp.idx
    2015-09-24 16:52 - 2015-08-24 15:45 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
    2015-09-24 16:51 - 2012-08-10 12:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-09-24 16:27 - 2012-08-10 12:20 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-24 16:23 - 2010-02-03 16:15 - 01459919 _____ C:\Windows\WindowsUpdate.log
    2015-09-24 16:22 - 2009-07-14 00:34 - 00016480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-09-24 16:22 - 2009-07-14 00:34 - 00016480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-09-24 15:27 - 2012-08-10 12:20 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-24 15:22 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-09-24 15:21 - 2009-07-14 00:39 - 00375241 _____ C:\Windows\setupact.log
    2015-09-23 15:27 - 2014-12-20 16:17 - 00000617 _____ C:\Users\Betty\Documents\Epson Stylus CX7450, Documents & Manuals - Technical Support - Epson America, Inc..website
    2015-09-21 19:17 - 2012-08-10 12:19 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-09-21 19:17 - 2012-08-10 12:19 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-09-19 17:18 - 2009-07-24 12:11 - 00788496 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-09-19 17:10 - 2010-07-16 22:19 - 00000052 _____ C:\Windows\system32\DOErrors.log
    2015-09-15 09:22 - 2010-07-02 21:11 - 00904752 _____ C:\Windows\PFRO.log
    2015-09-14 19:28 - 2009-07-14 00:52 - 00000000 ____D C:\Windows\Performance
    2015-09-13 12:09 - 2011-11-10 10:18 - 00000000 ____D C:\Users\Betty\AppData\Local\CrashDumps
    2015-09-13 08:08 - 2012-08-10 12:20 - 00000000 ____D C:\Users\Betty\AppData\Local\Google
    2015-08-26 19:36 - 2009-07-14 00:53 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT

    ==================== Files in the root of some directories =======

    2011-01-04 20:30 - 2011-01-06 12:07 - 0001940 _____ () C:\Users\Betty\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    2010-06-23 07:37 - 2015-09-24 16:14 - 0000284 _____ () C:\ProgramData\HPWALog.txt
    2010-02-03 16:31 - 2010-02-03 16:31 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2009-09-08 17:08 - 2009-09-08 17:09 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-02-03 16:30 - 2010-02-03 16:30 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2009-09-08 17:03 - 2009-09-08 17:07 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

    Some files in TEMP:
    ====================
    C:\Users\Betty\AppData\Local\Temp\jre-8u60-windows-au.exe
    C:\Users\Betty\AppData\Local\Temp\SetupAC.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-07-19 14:29

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-09-2015
    Ran by Betty (2015-09-24 17:06:50)
    Running from C:\Users\Betty\Desktop
    Microsoft Windows 7 Starter Service Pack 1 (X86) (2010-06-23 11:22:50)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-141951686-3695902509-2952561558-500 - Administrator - Disabled)
    Betty (S-1-5-21-141951686-3695902509-2952561558-1000 - Administrator - Enabled) => C:\Users\Betty
    Guest (S-1-5-21-141951686-3695902509-2952561558-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
    AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    ActiveCheck component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.)
    Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
    Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
    ArcSoft WebCam Companion 3 (HKLM\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.5 - Atheros Communications Inc.)
    Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
    Comcast Desktop Software (v1.2.1) (HKLM\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
    CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
    Homepage Protection (HKLM\...\Homepage Protection) (Version: - AOL Products)
    HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    HP Instant Web (HKLM\...\{53F08287-443D-4FC0-B74D-1169B6B9A71C}) (Version: 1.0.5.3 - DeviceVM, Inc.)
    HP QuickSync (HKLM\...\{EEA95E6C-6847-49BE-83C9-ED92D8E18983}) (Version: 5.1.234.4788 - Hewlett-Packard)
    HP Setup (HKLM\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
    HP Support Assistant (HKLM\...\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}) (Version: 4.4.6.3 - Hewlett-Packard)
    HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
    HP User Guides 0166 (HKLM\...\{11B7161D-3461-40CD-B31F-84065AC84A4E}) (Version: 1.00.0000 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
    IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6217.0 - IDT)
    Install Converter (HKLM\...\Install Converter) (Version: 1.0 - Install Converter)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    LogonStudio (HKLM\...\{5C46518A-F797-4973-A257-F3F60F2FC61E}) (Version: 1.51.12 - Stardock)
    Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Live Search Toolbar (HKLM\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
    Power2Go (Version: 6.0.3101 - CyberLink Corp.) Hidden
    PowerRecover (Version: 5.5.1923 - CyberLink Corp.) Hidden
    Pro PC Cleaner (HKLM\...\Pro PC Cleaner) (Version: 2.9.6 - Pro PC Cleaner) <==== ATTENTION
    Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
    Results Hub (HKLM\...\Results Hub) (Version: 2.0.5714.21003 - Results Hub)
    Seesmic Social Networking (HKLM\...\{11AF93E6-F019-700D-DB09-E60896F44BD9}) (Version: 0.4 - Seesmic, Inc,)
    Stardock MyColors (HKLM\...\Stardock MyColors) (Version: 2.7 - Stardock Corporation)
    Stardock MyColors (Version: 2.7 - Stardock Corporation) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.1.0 - Synaptics Incorporated)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    12-08-2015 17:33:58 Windows Update
    19-08-2015 11:09:37 Windows Update
    14-09-2015 18:39:12 JRT Pre-Junkware Removal

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0C7DD80D-EE2D-46C4-AFDC-ED83F4F227C8} - \ProPCCleaner_Start -> No File <==== ATTENTION
    Task: {0E7B91DF-1510-4DE0-BD7C-EB7471C280D8} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
    Task: {269D52DA-0DF8-49AB-9020-A218C942B77C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-09-08] (Microsoft)
    Task: {562A2061-017D-4C1B-BE94-8EAC69ED5957} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {584071E0-BC93-4104-986F-F1F966EE0351} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
    Task: {A8490A57-FB28-4E11-9AA3-EEB5BACE5E79} - \ProPCCleaner_Popup -> No File <==== ATTENTION
    Task: {B01AE497-82F0-4BB2-BDEA-6C64457F61D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {C6A0CD01-7F0C-4881-A01B-31DACF580CEB} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
    Task: {FB5CDE61-2ABE-409B-AE14-28CC2450648D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-09-08] (Microsoft)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2009-06-09 13:56 - 2009-06-09 13:56 - 00099632 _____ () C:\Program Files\Stardock\MyColors\WBVista.exe
    2009-09-08 15:22 - 2009-03-30 19:02 - 00319488 _____ () C:\Program Files\HP\HPBTWD.exe
    2009-07-01 18:44 - 2009-07-01 18:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    2014-04-12 10:24 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Betty\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
    2014-04-12 10:24 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Betty\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-141951686-3695902509-2952561558-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{69F61CD1-567D-4DEB-8640-082AE3CDF019}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{390D7346-ABA6-41E7-958E-1EB127D2A678}] => (Allow) svchost.exe
    FirewallRules: [TCP Query User{362B3AF8-CB05-404A-B46B-08A7C28E5F0A}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
    FirewallRules: [UDP Query User{5BC1464B-36B9-4D6D-97B3-8F127CFEA31B}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
    FirewallRules: [{7DDD0C0D-1F8D-4953-B03F-11CAC2D86636}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{3EAC80FF-0222-4636-AEED-6C852AAD4134}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{A1C67ED7-B99E-498F-B050-1D0973C0CEE7}] => (Allow) LPort=2869
    FirewallRules: [{1BDAB6DA-2036-4540-AD9A-AF8244AB321F}] => (Allow) LPort=1900
    FirewallRules: [TCP Query User{ACFEBCF5-33C4-4FF8-8114-D269EB228997}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
    FirewallRules: [UDP Query User{C34BA603-B5DF-411A-BF8C-C1D95BCB1653}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
    FirewallRules: [{0B03EF27-61D3-4992-900B-386FB577C805}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{DBB904CB-A154-48A5-BC80-50658BD8610E}] => (Allow) C:\Users\Betty\AppData\Local\Temp\7zS5E74.tmp\SymNRT.exe
    FirewallRules: [{5DB9A5BA-7EEE-4323-905A-EB33C12D50D5}] => (Allow) C:\Users\Betty\AppData\Local\Temp\7zS5E74.tmp\SymNRT.exe
    FirewallRules: [{F1DFEB5B-17EC-4C5E-9A7B-3A88D6AB252B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/14/2015 06:27:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1f10

    Start Time: 01d0ef3c71fb5a03

    Termination Time: 10

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (09/13/2015 12:04:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: E_FARNCDA.EXE, version: 5.0.1.0, time stamp: 0x45f4fd2c
    Faulting module name: E_FAPRCDA.DLL, version: 6.0.0.0, time stamp: 0x45f502ce
    Exception code: 0xc0000005
    Fault offset: 0x00034765
    Faulting process id: 0x1094
    Faulting application start time: 0xE_FARNCDA.EXE0
    Faulting application path: E_FARNCDA.EXE1
    Faulting module path: E_FARNCDA.EXE2
    Report Id: E_FARNCDA.EXE3

    Error: (09/05/2015 05:13:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Detect_AfterUpgradingToWindows10.exe, version: 1.0.0.1, time stamp: 0x55b04538
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0038031c
    Faulting process id: 0x1224
    Faulting application start time: 0xDetect_AfterUpgradingToWindows10.exe0
    Faulting application path: Detect_AfterUpgradingToWindows10.exe1
    Faulting module path: Detect_AfterUpgradingToWindows10.exe2
    Report Id: Detect_AfterUpgradingToWindows10.exe3

    Error: (09/05/2015 05:13:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Detect_AntiVirusDefenderB.exe, version: 1.0.1.6, time stamp: 0x553a6ea4
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00710343
    Faulting process id: 0x17ec
    Faulting application start time: 0xDetect_AntiVirusDefenderB.exe0
    Faulting application path: Detect_AntiVirusDefenderB.exe1
    Faulting module path: Detect_AntiVirusDefenderB.exe2
    Report Id: Detect_AntiVirusDefenderB.exe3

    Error: (09/05/2015 05:13:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Detect_AntiVirusDefenderA.exe, version: 1.0.1.6, time stamp: 0x553a6e15
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00640343
    Faulting process id: 0xd18
    Faulting application start time: 0xDetect_AntiVirusDefenderA.exe0
    Faulting application path: Detect_AntiVirusDefenderA.exe1
    Faulting module path: Detect_AntiVirusDefenderA.exe2
    Report Id: Detect_AntiVirusDefenderA.exe3

    Error: (09/05/2015 05:13:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Detect_AntiVirusNoAV_B.exe, version: 1.0.1.7, time stamp: 0x55ae6a2b
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00440343
    Faulting process id: 0x1030
    Faulting application start time: 0xDetect_AntiVirusNoAV_B.exe0
    Faulting application path: Detect_AntiVirusNoAV_B.exe1
    Faulting module path: Detect_AntiVirusNoAV_B.exe2
    Report Id: Detect_AntiVirusNoAV_B.exe3

    Error: (09/05/2015 05:13:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Detect_RecoveryDiscReminder_V2.exe, version: 1.0.0.4, time stamp: 0x55b8d7e0
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0047031c
    Faulting process id: 0x1264
    Faulting application start time: 0xDetect_RecoveryDiscReminder_V2.exe0
    Faulting application path: Detect_RecoveryDiscReminder_V2.exe1
    Faulting module path: Detect_RecoveryDiscReminder_V2.exe2
    Report Id: Detect_RecoveryDiscReminder_V2.exe3

    Error: (09/05/2015 05:13:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Detect_AntiVirusNoAV_A.exe, version: 1.0.1.7, time stamp: 0x55ae69f2
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x005f0343
    Faulting process id: 0xc64
    Faulting application start time: 0xDetect_AntiVirusNoAV_A.exe0
    Faulting application path: Detect_AntiVirusNoAV_A.exe1
    Faulting module path: Detect_AntiVirusNoAV_A.exe2
    Report Id: Detect_AntiVirusNoAV_A.exe3

    Error: (09/05/2015 05:13:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Detect_AntiVirusDefenderB.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.NullReferenceException
    Stack:
    at Detect_AntiVirusDefenderB.Program.Main(System.String[])

    Error: (09/05/2015 05:13:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Detect_AfterUpgradingToWindows10.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.NullReferenceException
    Stack:
    at Detect_AfterUpgradingToWindows10.Program.Main(System.String[])


    System errors:
    =============
    Error: (09/24/2015 03:24:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024894.

    Error: (09/24/2015 03:24:21 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
    Description: The BITS service failed to start. Error 2147942402.

    Error: (09/24/2015 02:51:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024894.

    Error: (09/24/2015 02:51:54 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
    Description: The BITS service failed to start. Error 2147942402.

    Error: (09/24/2015 02:49:22 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 2:47:19 PM on ‎9/‎24/‎2015 was unexpected.

    Error: (09/24/2015 02:30:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024894.

    Error: (09/24/2015 02:30:59 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
    Description: The BITS service failed to start. Error 2147942402.

    Error: (09/24/2015 09:55:03 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024894.

    Error: (09/24/2015 09:55:03 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
    Description: The BITS service failed to start. Error 2147942402.

    Error: (09/24/2015 09:54:33 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024894.


    ==================== Memory info ===========================

    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
    Percentage of memory in use: 58%
    Total physical RAM: 2039.3 MB
    Available physical RAM: 837.58 MB
    Total Virtual: 4078.61 MB
    Available Virtual: 2375.94 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:137.98 GB) (Free:98.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:10.87 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: 1A7D43FC)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=138 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    ==================== End of FRST.txt ============================

    # AdwCleaner v5.008 - Logfile created 24/09/2015 at 17:15:04
    # Updated 18/09/2015 by Xplode
    # Database : 2015-09-23.1 [Server]
    # Operating system : Windows 7 Starter Service Pack 1 (x86)
    # Username : Betty - BETTY-PC
    # Running from : C:\Users\Betty\Desktop\AdwCleaner.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    Folder Found : C:\ProgramData\Ascentive
    Folder Found : C:\ProgramData\{507FE354-739F-4BBE-9F9F-4DA4538EDEA3}
    Folder Found : C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}

    ***** [ Files ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\DeviceVM

    ***** [ Web browsers ] *****

    [C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
    [C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
    [C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.search
    [C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.conduit.com

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1213 bytes] ##########
     
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Betty

    Well done.... that's the right thing to do. :)

    Step 1

    You have only run a scan with AdwCleaner.... let's finish the process.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer.
    • After the scan has finished...
    • Click on the Cleaning button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[C*].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    Step 2
    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


    Step 3
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) 8 Update 60 and save it to your desktop.
    • Scroll down to where it says "Java SE 8 Update 60".
    • Click the "Download JRE " button.
    • Accept the license agreement.
    • select 'Windows x86'offline from the list.
    • Save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on downloaded icon to install the newest version.


    In your next reply, please submit:
    AdwCleaner[C*].txt
    fixlog.txt


    Thanks.
     

    Attached Files:

  3. bettydee

    bettydee

    Joined:
    Sep 24, 2015
    Messages:
    5
    Operating System:
    Windows 7
    Thanks

    # AdwCleaner v5.008 - Logfile created 26/09/2015 at 09:22:50
    # Updated 18/09/2015 by Xplode
    # Database : 2015-09-23.1 [Server]
    # Operating system : Windows 7 Starter Service Pack 1 (x86)
    # Username : Betty - BETTY-PC
    # Running from : C:\Users\Betty\Desktop\AdwCleaner.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\DeviceVM

    ***** [ Web browsers ] *****


    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [658 bytes] ##########


    Fix result of Farbar Recovery Scan Tool (x86) Version:23-09-2015
    Ran by Betty (2015-09-26 15:23:42) Run:1
    Running from C:\Users\Betty\Desktop
    Loaded Profiles: Betty (Available Profiles: Betty)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    HKLM\...\Run: [] => [X]
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-141951686-3695902509-2952561558-1000 -> DefaultScope {9014C526-1F39-4EEC-98DC-F4A13261949A} URL =
    S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
    C:\Users\Betty\AppData\Local\Temp\jre-8u60-windows-au.exe
    C:\Users\Betty\AppData\Local\Temp\SetupAC.exe
    Task: {0C7DD80D-EE2D-46C4-AFDC-ED83F4F227C8} - \ProPCCleaner_Start -> No File <==== ATTENTION
    Task: {A8490A57-FB28-4E11-9AA3-EEB5BACE5E79} - \ProPCCleaner_Popup -> No File <==== ATTENTION
    FirewallRules: [{DBB904CB-A154-48A5-BC80-50658BD8610E}] => (Allow) C:\Users\Betty\AppData\Local\Temp\7zS5E74.tmp\SymNRT.exe
    FirewallRules: [{5DB9A5BA-7EEE-4323-905A-EB33C12D50D5}] => (Allow) C:\Users\Betty\AppData\Local\Temp\7zS5E74.tmp\SymNRT.exe
    CMD: ipconfig /flushdns
    EmptyTemp:
    Hosts:
    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKU\S-1-5-21-141951686-3695902509-2952561558-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    RSUSBSTOR => service removed successfully.
    RtsUIR => service removed successfully.
    USBCCID => service removed successfully.
    C:\Users\Betty\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
    C:\Users\Betty\AppData\Local\Temp\SetupAC.exe => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C7DD80D-EE2D-46C4-AFDC-ED83F4F227C8}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C7DD80D-EE2D-46C4-AFDC-ED83F4F227C8}" => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8490A57-FB28-4E11-9AA3-EEB5BACE5E79}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8490A57-FB28-4E11-9AA3-EEB5BACE5E79}" => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup => key not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBB904CB-A154-48A5-BC80-50658BD8610E} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5DB9A5BA-7EEE-4323-905A-EB33C12D50D5} => value removed successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 532.9 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 15:24:43 ====
     
  4. bettydee

    bettydee

    Joined:
    Sep 24, 2015
    Messages:
    5
    Operating System:
    Windows 7
    Also updated Java successfully. Thanks,
     
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Betty,

    Sorry I couldn't reply lastnight.
    England v Wales is a big occasion in our house ( I'm English, The Wife is Welsh lol ) so everything stops for that. :)

    Fix report looks good..... everything ran ok.

    It's interesting that AdwCleaner didn't find the same things when the last scan and clean was performed.
    Did you run any other security cleaning program in between the 2 AdwCleaner scans?

    Emsisoft can be set to guard against PuP's.... can you check your settings to make sure that the settings are correct for PuP detection.

    Right click on the Emsisoft Icon ( it'll be in the hidden icons section of the Taskbar) and select Security Overview

    e4916ccf74dc79521b02a9b4869e0cf6.png

    Now select Protection >> File Guard.
    Make sure that your settings are the same as mine for the PuP's.

    e39ccb80d2ef692f8cc4f988fdc0ac53.jpg


    Let's double check everything now:

    I'd like you to do an ESET OnlineScan

    You may find it beneficial to close your resident AV program before running the scan.

    It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
    To prevent this happening:
    When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

    Enable Anti-Stealth technology

    9be2a7734ccc4d2fa4b41730731e62da.png

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the 46f7f10744e13506f4483b26b7c0b744.png button.
    • If asked, allow the activex control to install
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on [​IMG] to download the ESET Smart Installer.
        Save it to your desktop.
      • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Click [​IMG], and save the file to your desktop using a unique name, such as ESETScan.
      Include the contents of this report in your next reply.
    • Click the [​IMG] button.
    • Click [​IMG]
    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


    In your next reply, please submit:
    Eset scan report if anything is found.
    Also let me know how the system is running.... any problems?


    Thanks.
     
  6. bettydee

    bettydee

    Joined:
    Sep 24, 2015
    Messages:
    5
    Operating System:
    Windows 7
    Hello again and thank you.

    Here are the results of the final scan. Thanks again !

    C:\Users\Betty\Downloads\debutpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted - quarantined
    C:\Users\Betty\Downloads\debutsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted - quarantined
    C:\Users\Betty\Downloads\WeatherBugSetup.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
     
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Betty,

    Those items are not malicious ... they have been quarantined because they contain adware.

    If the system is running ok, we can finish the cleaning process and remove the tools we have used.
    We'll also set you a fresh restore point.

    Step 1
    Restart MBAM.
    Click on the History tab >> Quarantine
    Tick to select all items (if any there ) and then click the Delete button.
    Close MBAM.


    Step 2
    Download Delfix and save it to your desktop.
    • Ensure Remove disinfection tools is checked.
    • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore

      e784dacb6998c919c2f136ca95e82545.png
      .
    • Click the Run button.
    When the tool has finished, a log will open in notepad.... but i don't actually need this report


    Step 3

    Eset can be removed using the Remove Programs feature in Control Panel.

    Glad I was able to help.

    Safe surfing. 200636f9a90a19cb85ecf0ba93831af6.gif
     
  8. bettydee

    bettydee

    Joined:
    Sep 24, 2015
    Messages:
    5
    Operating System:
    Windows 7
    Hi Starbuck. Just wanted to stop by and drop a final 'Thank you very much' for all your help. I'm happily safe surfing !
     
  9. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    You are more than welcome.

    :thmbup:
     
    IceMan37 likes this.

Share This Page