Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I fix non-working Explorer.exe on Startup?


  • This topic is locked This topic is locked
19 replies to this topic

#1 dmeret

dmeret

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 13 February 2015 - 04:41 PM

Hi,

 

I don't know the cause, however, recently my HP ProBook laptop will only show a black screen on startup. I have to open the Task Manager, end Explorer.exe, and run Explorer.exe from the Task Manager before anything will happen.

 

Another issue that I assume is related because of their proximity of their first occurrence is that every 30 minutes or so 3 files will open in a text editor from file location C:/Windows/System32/. These files start with a "{" and then many numbers and end with another "}". There is no text in the files.

 

Can anyone tell me why this is happening and how to fix it?

 

Thanks,

Dan



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:15 AM

Posted 13 February 2015 - 06:30 PM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#3 dmeret

dmeret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 February 2015 - 01:25 PM

Hi,

 

I have attached the MiniToolBox results, Speccy snapshot, and an image of the files that automatically open in Notepad++.

 

Does this explain anything?

 

Thanks so much!

 

Pasted MTB log content into post - Hamluis.

MiniToolBox by Farbar  Version: 30-11-2014
Ran by HP (administrator) on 19-02-2015 at 10:18:27
Running from "C:\Users\HP\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

 

========================= Event log errors: ===============================

 

Application errors:
==================
Error: (02/18/2015 10:03:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5788

 

Error: (02/18/2015 10:03:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5788

 

Error: (02/18/2015 10:03:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/18/2015 10:03:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995

 

Error: (02/18/2015 10:03:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2995

 

Error: (02/18/2015 10:03:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/18/2015 10:03:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

 

Error: (02/18/2015 10:03:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

 

Error: (02/18/2015 10:03:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/18/2015 10:03:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

System errors:
=============
Error: (02/14/2015 01:58:53 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Error: (02/13/2015 08:07:59 AM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/13/2015 08:07:59 AM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Monitor Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/13/2015 06:58:56 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

 

Error: (02/13/2015 06:58:51 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

 

Error: (02/13/2015 06:58:33 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

 

Error: (02/13/2015 06:45:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Visual C++ 2012 Update 4 Redistributable Package (KB3032622).

 

Error: (02/13/2015 06:45:05 AM) (Source: DCOM) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

 

Error: (02/13/2015 06:44:41 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Error: (02/13/2015 06:44:32 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Microsoft Office Sessions:
=========================
Error: (02/18/2015 10:03:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5788

 

Error: (02/18/2015 10:03:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5788

 

Error: (02/18/2015 10:03:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/18/2015 10:03:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995

 

Error: (02/18/2015 10:03:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2995

 

Error: (02/18/2015 10:03:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/18/2015 10:03:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

 

Error: (02/18/2015 10:03:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

 

Error: (02/18/2015 10:03:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/18/2015 10:03:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

 

=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
AMD Accelerated Video Transcoding (Version: 13.10.100.30802 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0802.345.4821 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{C4CB2534-82F4-F4AF-5767-9EE64EF9EB64}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.80802.0343 - Advanced Micro Devices, Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4284 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.6.10 - AVG Technologies)
Axure RP Pro 7.0 (HKLM-x32\...\Axure RP Pro 7.0) (Version: 7.0.0.3174 - Axure Software Solutions, Inc.)
Axure RP Pro 7.0 (x32 Version: 7.0.0.3174 - Axure Software Solutions, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{474DFABF-E55B-4905-ABAA-40791A6AC77F}) (Version: 8.4.4.1859 - TechSmith Corporation)
Canon iP4300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0802.345.4821 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0802.345.4821 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0802.345.4821 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0802.345.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0802.0344.4821 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0802.345.4821 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Electric Sheep 2.7b34 (HKLM-x32\...\Electric Sheep) (Version: 2.7b34 - Electricsheep)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Greenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot)
Hewlett-Packard ACLM.NET v1.2.2.2 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.2.0.1663 - Hewlett-Packard Company)
HP Client Security Manager (Version: 8.2.0.1663 - Hewlett-Packard Company) Hidden
HP Connection Manager (HKLM-x32\...\{7ED7BF91-D145-480A-B206-6891576F6935}) (Version: 4.6.12.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Device Access Manager (HKLM\...\{9F7FF800-8C11-4741-8D20-92E43CA02FD6}) (Version: 8.2.0.10 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{7940DAB9-AC72-4422-8908-DCF58C2C1D21}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.1.160 - Hewlett-Packard Company)
HP Drive Encryption (Version: 8.6.1.160 - Hewlett-Packard Company) Hidden
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.11.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{708ABF62-5D7A-4550-823A-1F9EFA63645A}) (Version: 1.0.11.1 - Hewlett-Packard Company)
HP Postscript Converter (Version: 4.5.12120 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{5C2D96B7-0468-4450-8BD9-63AB796D72CF}) (Version: 3.4.11.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7EF08127-4C30-4C05-8CEB-544F8A71C080}) (Version: 8.7.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{A3B64280-DE4C-40F0-86BB-CCB2A6056BA2}) (Version: 7.3.32.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.2.0.9 - Hewlett-Packard Company)
HP Theft Recovery (x32 Version: 8.2.0.9 - Hewlett-Packard Company) Hidden
HP Trust Circles (HKLM-x32\...\HP Trust Circles) (Version: 8.2.15.16418 - CryptoMill Technologies)
HP Trust Circles (Version: 8.2.15.16418 - CryptoMill Technologies Ltd.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.7.3.1001 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Interlude Uploader (HKLM-x32\...\{3301F640-EC91-4496-8F1D-42046331D7A3}) (Version: 1.1.0.8 - Interlude)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Client (Version: 4.7.0205.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mount Your Friends (HKLM-x32\...\Steam App 296470) (Version:  - Stegersaurus Software Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{CCBD6679-C7CF-2030-2A1F-3640781DF4F4}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Portal 1 version 1.0 (HKLM-x32\...\{BDF90AE9-C455-49B8-AEC6-D2B9737A4E54}_is1) (Version: 1.0 - Valve)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.18 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0.3) (Version: 2.0.3 - Sparkol)
Sparkol VideoScribe (x32 Version: 2.0.3 - Sparkol) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.3 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

 

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 8073.11 MB
Available physical RAM: 4469.61 MB
Total Pagefile: 16144.41 MB
Available Pagefile: 10427.13 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.93 MB

 

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:683.66 GB) (Free:527.13 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.97 GB) (Free:0.02 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32

 

========================= Users: ========================================

User accounts for \\HP-HP

Administrator            Guest                    HP                      

**** End of log ****


Edited by hamluis, 20 February 2015 - 10:38 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:15 AM

Posted 19 February 2015 - 05:48 PM

Please...reread the Speccy instructions.  That graphic you posted is of no value, IMO.

 

Louis



#5 dmeret

dmeret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 February 2015 - 06:36 PM

Sorry, is this better?

 

http://speccy.piriform.com/results/6NNEobFImvxXloTjb8hEu0I



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:15 AM

Posted 20 February 2015 - 09:31 AM

:thumbup2: , thanks.  It will take me a few minutes to review the data...if I have any ideas, I will edit this post and add them here.

 

Louis

 

Running: AVG WatchDog
Running: AVGIDSAgent
You also have MSE installed and running.
 
Running: vToolbarUpdater18.3.0
 
Scheduled Item:  Jamenize
 
Having 2 AV programs installed/running at same time is known to cause system problems, generally.  I suggest removing both (since each may be damaged) and then reinstalling/updating/running a full scan with one.
 
vToobarUpdater is noted as malware by some.
 
Jamenize is noted as adware/malware by some.
 
Moving topic to Am I Infected forum.

Edited by hamluis, 20 February 2015 - 11:01 AM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 20 February 2015 - 10:41 AM

It seems that you are infected, from what I can see in your second screenshot. Also, it seems that one of your Reg Loading Point was infected by a malware, which causes explorer.exe to not open correctly when you boot Windows. I would asked to get checked for malware here on BleepingComputer, that would be the best thing to do right now.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 dmeret

dmeret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 20 February 2015 - 12:50 PM

Thanks Louis.

 

Aura, can you point me in the right direction to get these issues resolved?



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 20 February 2015 - 01:08 PM

I could try to diagnose the root of the issue, but I can't really ask for advanced logs in this section. I'll do what I can and if I see that I cannot get the information I want, I'll send you in the malware removal section, alright? :)

Start-up Entries - Autoruns
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible;
  • Go on ge.tt and upload the Autoruns file you saved;
  • Once done, post the download URL of your uploaded file in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 dmeret

dmeret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 20 February 2015 - 01:41 PM

Thanks Aura, here it is: http://ge.tt/7NVv2rA2/v/0?c

 

I hope this helps!



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 20 February 2015 - 01:53 PM

It did thank you :) I managed to identify what opens your Notepad on start-up, we'll remove it. What you're going to do right now is to re-open Autoruns with Admin Rights like you did and do two things. You're going to delete every single lines that have Jamenize in their name, in the Autorun Entry column. All these lines are in pink/red so you won't miss them. Simply-right click on them and select Delete. You're going to do the same for a line called C:/ProgramData/{9C487~1/191~1.1/diso.dll and another called C:\Windows\es.scr.

Once this is done, I want you to go in your Folder Options, then check Show hidden files and folders, and uncheck Hide protected operating system files (recommended). After that, I want to find the following folders/files and delete them.

C:\Users\HP\AppData\Roaming\Jamenize
C:\ProgramData\{9c48748b-ccca-a50d-7d4c-d58fadce0601}
C:\Windows\es.scr


When you're done, let me know. If you're not sure of something, or you get an error when following my instructions, please let me know and I'll help you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 dmeret

dmeret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 21 February 2015 - 06:35 PM

I have deleted everything except -- C:\ProgramData\{9c48748b-ccca-a50d-7d4c-d58fadce0601} -- because it gives me an error message saying that it is in use somewhere else.



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 21 February 2015 - 06:39 PM

Boot in Safe Mode with Networking, then delete the folder directly from there.

http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/#windows7

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 dmeret

dmeret
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 21 February 2015 - 07:38 PM

OK, all gone. It looks like my issues are resolved as well!

 

Thanks so much!



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 22 February 2015 - 01:42 AM

No problem :) I still think that there's malware remnants on your system, I'll see if I can get this thread transfered in the Malware Removal section so a helper can assist you in cleaning these, is that good with you?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users