Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help removing unwanted Chromium/Bing program [Solved]

Started by emaan9301 , Feb 08 2019 04:46 PM

  • This topic is locked This topic is locked

#1
emaan9301
Posted 08 February 2019 - 04:46 PM

emaan9301

    Member

  • Member
  • PipPipPip
  • 115 posts
Hi, my mom updated her java and then couldn't play her games on pogo because the newer version didn't work on her desktop, Windows 7 Home Premium SP 1, 64 bit.  We were able to unistall that and she reinstalled the previous version from download.com.  Apparently it also installed Chromium which has since taken over her computer by changing her things around.  I tried to remove it via add/remove programs to no avail.  I have been able to remove all of the things it pulled into itself and give her some peace of mind that it no longer has her few saved passwords.  I have also reset her search engines and bookmarks.  
 
I followed instructions from a webpage to remove the program but nothing has seemed to do the trick since everything starts with add/remove and that doesn't work.  We have downloaded and used Malwarebytes, Hitman Pro and rkill and it is still on here.  Today however she was surprised to have it pop up and update for bing that we can't close without installing the update by clicking ok and even trying the 'click here to cancel' wants to install it.
 
Can you please help us to get this off her computer.
 
Thank you in advance.
 
Jennifer
 

 

 

Attached Thumbnails

  • chromium-bing.png
  • 64bit.png

  • 0

Advertisements

#2
emaan9301
Posted 08 February 2019 - 04:48 PM

emaan9301

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts
I was unable to post this in the first post.  Here are the FRST results.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 8.02.2019
Ran by Cliff (administrator) on CLIFF-PC (08-02-2019 16:35:47)
Running from C:\Users\Cliff\Desktop
Loaded Profiles: Cliff &  (Available Profiles: Cliff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
(Facebook) C:\Users\Cliff\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(The CefSharp Authors) C:\Users\Cliff\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Users\Cliff\AppData\Roaming\Rahosoleboc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153940095\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-05-19]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-09-24]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Cliff\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{123328CA-34DB-4459-9810-C05E85BF971E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{68E0E2FA-013C-4444-B5C0-85773DEA4C53}: [DhcpNameServer] 192.168.0.1 205.171.3.65
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
URLSearchHook: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> DefaultScope {BDE0AB9D-F217-4738-8BAC-5C2853054AD1} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {BDE0AB9D-F217-4738-8BAC-5C2853054AD1} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {7533AE27-277B-4A5D-B7B0-CE504A91C310} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {BDE0AB9D-F217-4738-8BAC-5C2853054AD1} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}394038
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {2DF0F6B9-0055-471B-B06A-C38F564E21D0} URL = hxxp://www.bing.com/search?FORM=SL5GDF&PC=SL5G&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = 
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {CCE505CE-69F9-42AA-A2CB-CA7BB1E1BFD0} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}394038
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}394038
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> {2DF0F6B9-0055-471B-B06A-C38F564E21D0} URL = hxxp://www.bing.com/search?FORM=SL5GDF&PC=SL5G&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = 
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> {CCE505CE-69F9-42AA-A2CB-CA7BB1E1BFD0} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}394038
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2019-01-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2019-01-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: ShopAtHomeIEHelper Class -> {E8DAAA30-6CAA-4b58-9603-8E54238219E2} -> C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll => No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corporation -> Microsoft Corp.)
Toolbar: HKLM-x32 - ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF DefaultProfile: dhajm7rv.default-1469742683247-1527433105574
FF ProfilePath: C:\Users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\dhajm7rv.default-1469742683247-1527433105574 [2019-02-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-13] [Legacy] [not signed]
FF HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2019-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2019-01-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2090084819-1613995479-3893764942-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Cliff\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin HKU\S-1-5-21-2090084819-1613995479-3893764942-1001: @yahoo.com/BrowserPlus,version=2.4.21 -> C:\Users\Cliff\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll [2009-11-12] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Cliff\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174: @yahoo.com/BrowserPlus,version=2.4.21 -> C:\Users\Cliff\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll [2009-11-12] (Yahoo! Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default [2019-02-08]
CHR Extension: (Slides) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-30]
CHR Extension: (Google Search) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
CHR Extension: (Sheets) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-04]
CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-03-27] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2019-01-30] (SurfRight B.V. -> SurfRight B.V.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc. -> McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1208320 2009-07-09] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1021440 2007-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-01-31] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-01-31] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [126624 2019-02-04] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [72536 2019-02-04] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-02-04] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [103760 2019-02-08] (Malwarebytes Corporation -> Malwarebytes)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc. -> McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-11-04] (McAfee, Inc. -> McAfee, Inc.)
S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [676864 2010-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Apple, Inc.) [File not signed]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S1 mfehidk; system32\drivers\mfehidk.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-08 16:35 - 2019-02-08 16:41 - 000022911 _____ C:\Users\Cliff\Desktop\FRST.txt
2019-02-08 16:32 - 2019-02-08 16:35 - 000000000 ____D C:\FRST
2019-02-08 16:31 - 2019-02-08 16:32 - 002434048 _____ (Farbar) C:\Users\Cliff\Desktop\FRST64.exe
2019-02-08 16:03 - 2019-02-08 16:03 - 000378880 _____ C:\Users\Cliff\AppData\Roaming\Rahosoleboc.exe
2019-02-08 16:03 - 2019-02-08 16:03 - 000279269 _____ C:\Users\Cliff\AppData\Roaming\Rahosoleboc
2019-02-04 19:59 - 2019-02-08 15:44 - 000103760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-02-04 19:59 - 2019-02-04 19:59 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-04 19:59 - 2019-02-04 19:59 - 000126624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-02-04 19:59 - 2019-02-04 19:59 - 000072536 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-01-31 18:38 - 2019-01-31 18:38 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-01-30 09:04 - 2019-01-30 09:04 - 000000000 ____D C:\Windows\pss
2019-01-30 08:57 - 2019-01-30 08:57 - 000004174 _____ C:\Windows\system32\.crusader
2019-01-30 08:40 - 2019-01-30 08:40 - 000001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-01-30 08:39 - 2019-01-30 08:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-01-30 08:39 - 2019-01-30 08:40 - 000000000 ____D C:\Program Files\HitmanPro
2019-01-30 08:37 - 2019-01-30 08:58 - 000000000 ____D C:\ProgramData\HitmanPro
2019-01-30 08:35 - 2019-01-30 08:39 - 011576808 _____ (SurfRight B.V.) C:\Users\Cliff\Downloads\HitmanPro_x64.exe
2019-01-30 08:19 - 2019-01-30 08:26 - 000000000 ____D C:\AdwCleaner
2019-01-30 08:15 - 2019-01-30 08:17 - 007320272 _____ (Malwarebytes) C:\Users\Cliff\Downloads\AdwCleaner.exe
2019-01-30 07:34 - 2019-01-30 07:34 - 000000000 ____D C:\Users\Cliff\AppData\Local\mbamtray
2019-01-30 07:34 - 2019-01-30 07:34 - 000000000 ____D C:\Users\Cliff\AppData\Local\mbam
2019-01-30 07:33 - 2019-01-31 18:35 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-01-30 07:33 - 2019-01-30 07:33 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-30 07:33 - 2019-01-30 07:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-30 07:33 - 2019-01-30 07:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-30 07:33 - 2019-01-30 07:33 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-30 07:20 - 2019-01-30 07:32 - 080262528 _____ (Malwarebytes ) C:\Users\Cliff\Downloads\mb3-setup-1878.1878-3.6.1.2711.exe
2019-01-30 07:03 - 2019-02-08 16:03 - 000000317 _____ C:\Users\Cliff\AppData\Roaming\WB.CFG
2019-01-29 12:12 - 2019-01-29 12:12 - 000002257 _____ C:\Users\Cliff\Desktop\Chromium.lnk
2019-01-29 12:11 - 2019-01-29 12:12 - 000000000 ____D C:\Users\Cliff\AppData\Local\chromium
2019-01-29 12:07 - 2019-01-29 12:06 - 000319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2019-01-29 12:06 - 2019-01-29 12:06 - 000189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2019-01-29 12:06 - 2019-01-29 12:06 - 000189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2019-01-29 12:06 - 2019-01-29 12:06 - 000111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-01-29 12:06 - 2019-01-29 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-29 12:03 - 2019-02-08 16:03 - 000000272 _____ C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job
2019-01-29 12:03 - 2019-01-29 12:03 - 000003212 _____ C:\Windows\System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}
2019-01-29 12:03 - 2019-01-29 12:03 - 000000000 ____D C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec
2019-01-29 11:19 - 2019-01-29 11:20 - 001211216 _____ (Oracle Corporation) C:\Users\Cliff\Downloads\JavaUninstallTool.exe
2019-01-22 20:29 - 2019-01-22 20:42 - 000000000 ____D C:\Users\Cliff\AppData\Roaming\Apple Computer
2019-01-22 20:29 - 2019-01-22 20:29 - 000000000 ____D C:\Users\Cliff\AppData\Local\Apple Computer
2019-01-22 20:24 - 2019-01-22 20:24 - 000000000 ____D C:\ProgramData\Apple Computer
2019-01-22 20:20 - 2019-01-22 20:20 - 000000000 ____D C:\Users\Cliff\AppData\Local\Apple
2019-01-22 20:17 - 2019-01-29 13:48 - 000000000 ____D C:\ProgramData\Apple
2019-01-22 14:24 - 2019-01-22 15:05 - 269393736 _____ (Apple Inc.) C:\Users\Cliff\Downloads\iTunes64Setup.exe
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-08 16:39 - 2009-07-13 23:45 - 000015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-08 16:39 - 2009-07-13 23:45 - 000015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-05 09:25 - 2018-12-11 22:30 - 000003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCliff
2019-02-05 09:25 - 2018-12-11 22:30 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForCliff.job
2019-02-05 09:04 - 2017-09-27 12:46 - 000000000 ____D C:\Users\Cliff\AppData\LocalLow\Mozilla
2019-02-04 19:58 - 2017-09-18 15:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-04 19:58 - 2012-04-25 20:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-04 19:58 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-01 18:04 - 2009-08-20 10:31 - 000000000 ____D C:\ProgramData\Temp
2019-01-31 10:29 - 2009-11-29 07:23 - 000000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2019-01-30 17:14 - 2012-04-25 20:57 - 000000000 ____D C:\ProgramData\Mozilla
2019-01-30 09:33 - 2009-11-29 09:45 - 000000000 ____D C:\Windows\System32\Tasks\Games
2019-01-30 08:26 - 2009-12-30 21:02 - 000000000 ____D C:\Users\Cliff\AppData\LocalLow\Yahoo!
2019-01-30 08:01 - 2011-05-15 17:30 - 000000000 ____D C:\Program Files (x86)\Coupons.com
2019-01-30 07:13 - 2010-08-29 09:48 - 000000000 ____D C:\Users\Cliff\AppData\Local\CrashDumps
2019-01-30 06:54 - 2009-07-14 00:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-30 06:54 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-01-30 06:46 - 2018-12-23 01:14 - 000000000 ____D C:\Program Files\Java
2019-01-30 06:46 - 2015-09-19 01:09 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-30 06:46 - 2015-09-19 01:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-29 12:04 - 2010-04-18 13:59 - 000000000 ____D C:\Users\Cliff\Desktop\New folder
2019-01-26 16:30 - 2018-05-19 11:25 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2019-01-17 03:06 - 2015-09-19 01:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-10 16:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2019-01-09 03:10 - 2013-08-26 02:02 - 000000000 ____D C:\Windows\system32\MRT
2019-01-09 03:02 - 2010-07-14 15:51 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2012-10-18 03:38 - 2012-10-18 03:38 - 000000025 _____ () C:\Users\Cliff\AppData\Roaming\bdfvconp.ini
2011-06-02 15:08 - 2011-07-02 09:41 - 000001854 _____ () C:\Users\Cliff\AppData\Roaming\GhostObjGAFix.xml
2019-02-08 16:03 - 2019-02-08 16:03 - 000279269 _____ () C:\Users\Cliff\AppData\Roaming\Rahosoleboc
2019-02-08 16:03 - 2019-02-08 16:03 - 000378880 _____ () C:\Users\Cliff\AppData\Roaming\Rahosoleboc.exe
2019-01-30 07:03 - 2019-02-08 16:03 - 000000317 _____ () C:\Users\Cliff\AppData\Roaming\WB.CFG
2009-12-30 21:18 - 2009-12-30 21:18 - 000000000 _____ () C:\Users\Cliff\AppData\Roaming\wklnhst.dat
2015-05-17 20:02 - 2015-05-17 20:02 - 000000017 _____ () C:\Users\Cliff\AppData\Local\resmon.resmoncfg
2011-05-28 03:48 - 2011-07-23 05:35 - 000001940 _____ () C:\Users\Cliff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
 
Files to move or delete:
====================
C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job
 
 
Some files in TEMP:
====================
2018-08-16 16:04 - 2018-08-16 16:05 - 001906040 _____ (Oracle Corporation) C:\Users\Cliff\AppData\Local\Temp\jre-8u181-windows-au.exe
2018-10-27 15:42 - 2018-10-27 15:43 - 001892728 _____ (Oracle Corporation) C:\Users\Cliff\AppData\Local\Temp\jre-8u191-windows-au.exe
2019-01-24 08:44 - 2019-01-24 08:44 - 001974624 _____ (Oracle Corporation) C:\Users\Cliff\AppData\Local\Temp\jre-8u201-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2019-02-02 11:32
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by Cliff (08-02-2019 16:42:46)
Running from C:\Users\Cliff\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-11-29 04:38:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2090084819-1613995479-3893764942-500 - Administrator - Disabled)
Cliff (S-1-5-21-2090084819-1613995479-3893764942-1001 - Administrator - Enabled) => C:\Users\Cliff
Guest (S-1-5-21-2090084819-1613995479-3893764942-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2090084819-1613995479-3893764942-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2WIREUSBWLANInstaller (HKLM-x32\...\{2EAEB0A6-582A-490B-B075-D837677365C2}) (Version: 1.00.7327 - 2WIRE, Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7 Wonders (HKLM-x32\...\7 Wonders) (Version:  - )
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Atlantis Quest (HKLM-x32\...\Atlantis Quest_is1) (Version:  - Playrix Entertainment)
Awakening: The Dreamless Castle (HKLM-x32\...\BFG-Awakening - The Dreamless Castle) (Version:  - )
Azada ® (HKLM-x32\...\BFG-Azada) (Version:  - )
Bejeweled 2 Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}) (Version:  - Oberon Media)
Bejeweled Blitz (HKLM-x32\...\Bejeweled Blitz) (Version:  - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin) Hidden
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
Coupons.com Toolbar (HKLM-x32\...\Coupons.com Toolbar) (Version: 6.2.7.3 - Coupons.com)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D1600 (HKLM-x32\...\{EAE8CF06-28CA-4213-839C-A32817A47E00}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}) (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DJ_SF_06_D1600_SW_Min (HKLM-x32\...\{5727583F-3530-45FD-B09E-7E1CB6C135AD}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
Facebook Plug-In (HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Facebook Plug-In (HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Haunted Hotel (HKLM-x32\...\BFG-Haunted Hotel) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Expedition Titanic (remove only) (HKLM-x32\...\Hidden Expedition Titanic) (Version:  - )
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6 (HKLM\...\{2CD0168D-FBBC-4667-8810-105CB6EC6348}) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (HKLM-x32\...\{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}) (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (HKLM-x32\...\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}) (Version: 130.0.303.000 - Hewlett-Packard) Hidden
James Patterson Women's Murder Club: A Darker Shade of Grey (HKLM-x32\...\BFG-James Patterson Women's Murder Club - A Darker Shade of Grey) (Version:  - )
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Magic Crystals (HKLM-x32\...\Magic Crystals_is1) (Version: 1.0 - MyPlayCity, Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 65.0 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 65.0.0.6963 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files: Ravenhearst ® (HKLM-x32\...\BFG-Mystery Case Files - Ravenhearst) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1923 - CyberLink Corp.) Hidden
Princess Isabella: A Witch's Curse (HKLM-x32\...\BFG-Princess Isabella - A Witch's Curse) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Software Informer 1.2 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
The Mysterious City: Cairo (HKLM-x32\...\BFG-The Mysterious City - Cairo) (Version:  - )
The Serpent of Isis ™ (HKLM-x32\...\BFG-The Serpent of Isis) (Version:  - )
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}) (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtual Villagers: A New Home (HKLM-x32\...\BFG-Virtual Villagers) (Version:  - )
Virtual Villagers: New Believers (HKLM-x32\...\BFG-Virtual Villagers - New Believers) (Version:  - )
Virtual Villagers: The Lost Children (HKLM-x32\...\BFG-Virtual Villagers The Lost Children) (Version:  - )
Virtual Villagers: The Tree of Life (HKLM-x32\...\BFG-Virtual Villagers - The Tree of Life) (Version:  - )
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.60 - WildTangent) Hidden
Yahoo! BrowserPlus (HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! BrowserPlus (HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Search Protection (HKLM-x32\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2009-07-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2AE736BD-E5A3-41AD-881F-44C90D0C6B4E} - System32\Tasks\SpeedFixTool_Popup => C:\Program Files (x86)\Speed Fix Tool\Splash.exe
Task: {40942083-659A-42E8-A530-C71774EEFEA0} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
Task: {45B89FE6-C0D8-4051-87F3-AB08ACD90C59} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {588B6CB4-302D-40DD-ABC2-673F3AE60E82} - System32\Tasks\SpeedFixTool_Start => C:\Program Files (x86)\Speed Fix Tool\SpeedFixTool.exe
Task: {5DA70224-D9EE-433A-A8ED-62982BBA4A43} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink -> CyberLink)
Task: {6B262C11-D0F9-48B3-BEAC-16AD0D9362E7} - System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC} => C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec\Pemam.exe [2013-05-04] () [File not signed]
Task: {9027AD15-C426-40E5-B8E6-7A6CB67D2E22} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-02] (Google Inc -> Google Inc.)
Task: {A2D097B7-9F29-460A-A06E-A96F3BE3F153} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AD0D7C6E-A99B-4E75-B21D-4C0F90336ACA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc. -> HP Inc.)
Task: {B69CD151-2FB8-4882-B084-E10B075A7FC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-02] (Google Inc -> Google Inc.)
Task: {B76F2725-7903-407E-AA00-C20A3FAAEE2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {BBB57A27-4B09-4DEA-8EB6-85794AEEB8D8} - System32\Tasks\HPCeeScheduleForCliff => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {C268AC5F-ED91-461D-9254-FEBE73E5F4C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2019-01-02] (HP Inc. -> HP Inc.)
Task: {C2A52C9B-90F2-404A-9CFE-A733A209BC55} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {CB1C38AA-395A-48B3-A78F-14EF83EA394F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-12-24] (HP Inc. -> HP Inc.)
Task: {F4DD050A-2AB9-42B6-AA08-618508E1F2AB} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink -> CyberLink Corp.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForCliff.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job => C:\Users\Cliff\AppData\Roaming\459D8C~1\Pemam.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2019-01-30 07:33 - 2019-01-31 18:35 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2019-01-30 07:33 - 2019-01-31 18:35 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2019-02-08 16:03 - 2019-02-08 16:03 - 000378880 _____ () C:\Users\Cliff\AppData\Roaming\Rahosoleboc.exe
2018-05-03 10:03 - 2018-05-03 10:03 - 001184256 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\CefSharp.Core.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 071641088 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\libcef.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 000774656 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 003149824 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\libglesv2.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 000078848 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\libegl.dll
2018-12-17 21:38 - 2018-12-11 23:58 - 004430304 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-17 21:38 - 2018-12-11 23:58 - 000097248 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB [134]
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9 [225]
AlternateDataStreams: C:\ProgramData\Temp:206470A5 [224]
AlternateDataStreams: C:\ProgramData\Temp:260575F1 [205]
AlternateDataStreams: C:\ProgramData\Temp:27F44544 [229]
AlternateDataStreams: C:\ProgramData\Temp:3C9B05C4 [224]
AlternateDataStreams: C:\ProgramData\Temp:3D36932D [203]
AlternateDataStreams: C:\ProgramData\Temp:61A065F2 [244]
AlternateDataStreams: C:\ProgramData\Temp:70E897B5 [240]
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [204]
AlternateDataStreams: C:\ProgramData\Temp:BB71BBA2 [202]
AlternateDataStreams: C:\ProgramData\Temp:C46995DA [192]
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [210]
AlternateDataStreams: C:\ProgramData\Temp:D3A8AA31 [0]
AlternateDataStreams: C:\ProgramData\Temp:D48500F8 [216]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\pogo.com -> hxxps://games3.pogo.com
IE trusted site: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\...\pogo.com -> hxxps://games3.pogo.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2018-05-19 11:26 - 000000859 _____ C:\Windows\system32\drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: BingSvc => C:\Users\Cliff\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: Chromium => "c:\users\cliff\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{688A56F1-FDA2-4FFA-B68F-8F2FFA1010F1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{BCAB8D7D-B06E-4F91-9848-BAF49DBBF9DB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{B32C144B-4DE9-48C3-AF8C-454EB3FB021B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{64725199-50AB-4865-8EEA-F1AF81019210}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{FB4F5F04-DBC8-4BB4-AEB8-0CFD8C1BFEE6}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{FB9999EF-E651-497C-BE13-645246108282}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{CD88ADF7-272C-45DE-9177-13BF8385B046}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{00DFF516-9C13-4A32-8DAC-E8375DB803E1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{69542552-B4DA-414A-97E7-CFD983C99B9A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{8AE3B823-D1D3-4A1F-8AB5-E4FD5EEEB766}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{A9F66091-4536-484B-9B9B-8672B321EB6A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{83D9D1E5-29B8-4FE9-B458-92DDEFD6E547}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink -> CyberLink)
FirewallRules: [{9C7C5E71-FB71-4C54-9E4A-15D37EF84038}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{F138DBB2-DFC5-4E07-B29D-752EE47A0B0E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{B0EC256E-3727-421F-BCA5-0C4982285708}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BACD8AEE-08D8-4371-8D33-A68F01BAAEBC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
FirewallRules: [{B0DC3A97-8F7F-43FB-B3EB-6C6956E66488}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{ACBFBE91-979B-461C-BADC-B5B16D7B58F9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{3E292212-0E60-44FB-8B3B-0543D9FBF305}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{92DD16B9-5C5B-4CF3-8EC9-9C670872CA4A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.)
FirewallRules: [{5B360EC2-1DB6-4A66-B11B-212AFAAE1110}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
FirewallRules: [{19B4395B-6EE1-4B88-8E78-C02CD2AC70B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C769016F-BDE3-4456-AB11-74C1C109F6ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5FB167C1-24E3-40D7-880C-816CCA3C20EC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{12483BCD-E388-4845-A056-261E213DD828}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{81F282FD-01BC-4AF4-A511-EFEE765F468E}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe No File
FirewallRules: [{94FC05F9-4DA0-4A89-9309-9D8DFA9E9733}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe No File
FirewallRules: [{4DC3E188-88B7-4B16-BFFA-362D2788315B}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\ToolbarUpdate.exe No File
FirewallRules: [{D9233BA6-8D07-4499-9A30-294A5FAEF2B0}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\ToolbarUpdate.exe No File
FirewallRules: [TCP Query User{BE27E60A-3CA7-4F84-8856-275B97EB304A}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [UDP Query User{898A6F3D-1CB0-4527-8A57-8925B9D5CA7F}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{ACA422CE-0718-463E-8F8B-A48411D6C7E4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
FirewallRules: [{902E9055-E1D6-41AE-9B92-F7CCDFBD1866}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DEB8AD48-0461-40DC-BD93-081D32200F0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{FE529841-CBAD-44F7-BB94-F846EB5884B6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{FA7020EA-6ADD-4D07-83F3-7516131C034A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EFC02469-43C6-4E90-B996-E2BE5156BCD5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
FirewallRules: [{385B6083-2BDF-4467-8618-A775EE509840}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BFF97D1B-ED54-4962-B3B9-969376BE5ED7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F2F5F231-A31B-4971-8AC6-3B25875647AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{C0F52F53-CFCD-4EE5-BCEF-29B3C9655706}] => (Allow) C:\Users\Cliff\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors)
 
==================== Restore Points =========================
 
27-01-2019 15:27:20 Windows Update
29-01-2019 11:46:56 Removed Apple Application Support (32-bit)
29-01-2019 12:05:27 Installed Java 7 Update 72 (64-bit)
29-01-2019 12:17:44 Removed iTunes
29-01-2019 12:27:23 Removed Bonjour
29-01-2019 13:32:28 Removed Apple Application Support (64-bit)
29-01-2019 13:40:19 Removed Apple Mobile Device Support
29-01-2019 13:43:56 Removed Apple Application Support (32-bit)
29-01-2019 13:50:11 Removed Apple Software Update
30-01-2019 08:47:33 Checkpoint by HitmanPro
30-01-2019 08:57:11 Checkpoint by HitmanPro
03-02-2019 16:37:31 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: McAfee Inc. mfehidk
Description: McAfee Inc. mfehidk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mfehidk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: TSSTcorp CDDVDW TS-H653R SCSI CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001EDF0E0.72).  hr = 0x80070005, Access is denied.
.
 
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b4,(null),0,REG_BINARY,00000000016CE450.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {feb8b191-4fb2-4ac2-ac05-5e86cae036ae}
 
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b4,(null),0,REG_BINARY,00000000016CE450.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {feb8b191-4fb2-4ac2-ac05-5e86cae036ae}
 
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c8,(null),0,REG_BINARY,000000001482E380.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9bd5bdcd-189a-4657-bbd3-afde1040950e}
 
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c8,(null),0,REG_BINARY,000000001482E380.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9bd5bdcd-189a-4657-bbd3-afde1040950e}
 
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009e4,(null),0,REG_BINARY,000000000522E4C0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {45af5186-7188-45f9-8eff-d336f21eb9e6}
 
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000001F9EF00.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {a72b7ff6-da50-48d7-87d6-f0b7ceb714e2}
 
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009e4,(null),0,REG_BINARY,000000000522E4C0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {45af5186-7188-45f9-8eff-d336f21eb9e6}
 
 
System errors:
=============
Error: (02/07/2019 02:39:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (02/06/2019 07:28:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (02/06/2019 11:01:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (02/05/2019 01:30:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (02/05/2019 11:24:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (02/05/2019 12:07:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (02/04/2019 07:59:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
mfehidk
 
Error: (02/04/2019 07:57:17 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.
 
 
CodeIntegrity:
===================================
 
Date: 2013-02-21 10:48:53.113
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2013-02-21 01:27:35.297
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2013-02-21 00:18:43.104
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2013-02-20 23:56:24.889
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2013-02-20 23:49:15.994
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2013-02-20 23:33:51.871
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2013-02-20 23:23:30.998
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2013-02-20 23:16:21.592
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: AMD Sempron™ Processor LE-1200
Percentage of memory in use: 94%
Total physical RAM: 2942.49 MB
Available physical RAM: 172.54 MB
Total Virtual: 6131.17 MB
Available Virtual: 1297.72 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:202.62 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.14 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{f9944445-9e41-11de-8479-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#3
iMacg3
Posted 08 February 2019 - 09:36 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, remove it now. It is one is the leading causes of malware infecting a computer.
  • If you have questions about anything, please ask.
--------------------


Press the Windows Key + R. This will open the Run box.
Type Appwiz.cpl and click OK.

A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

Yahoo! Search Protection

Follow the steps in the uninstaller to remove the program.

--------------------

Highlight the contents of the below code box and press Ctrl + C:
Start::

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {7533AE27-277B-4A5D-B7B0-CE504A91C310} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = 
BHO-x32: ShopAtHomeIEHelper Class -> {E8DAAA30-6CAA-4b58-9603-8E54238219E2} -> C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll => No File
Toolbar: HKLM-x32 - ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx

S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]

2019-02-08 16:03 - 2019-02-08 16:03 - 000378880 _____ C:\Users\Cliff\AppData\Roaming\Rahosoleboc.exe
2019-02-08 16:03 - 2019-02-08 16:03 - 000279269 _____ C:\Users\Cliff\AppData\Roaming\Rahosoleboc
2019-01-29 12:12 - 2019-01-29 12:12 - 000002257 _____ C:\Users\Cliff\Desktop\Chromium.lnk
2019-01-29 12:11 - 2019-01-29 12:12 - 000000000 ____D C:\Users\Cliff\AppData\Local\chromium
2019-01-29 12:03 - 2019-02-08 16:03 - 000000272 _____ C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job
2019-01-29 12:03 - 2019-01-29 12:03 - 000003212 _____ C:\Windows\System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}
2019-01-29 12:03 - 2019-01-29 12:03 - 000000000 ____D C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec

Task: {6B262C11-D0F9-48B3-BEAC-16AD0D9362E7} - System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC} => C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec\Pemam.exe [2013-05-04] () [File not signed]
Task: C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job => C:\Users\Cliff\AppData\Roaming\459D8C~1\Pemam.exe <==== ATTENTION

MSCONFIG\startupreg: Chromium => "c:\users\cliff\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session

FirewallRules: [{C0F52F53-CFCD-4EE5-BCEF-29B3C9655706}] => (Allow) C:\Users\Cliff\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors)

VirusTotal: C:\Users\Cliff\AppData\Roaming\GhostObjGAFix.xml
Hosts:
C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

Let me know if the problems persist.

Thanks.
  • 0

#4
emaan9301
Posted 08 February 2019 - 11:07 PM

emaan9301

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

Thank you, The first difference I see after the reboot is the desktop icon for Chromium is now gone.

 

Here is the requested information.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by Cliff (08-02-2019 23:36:40) Run:1
Running from C:\Users\Cliff\Desktop
Loaded Profiles: Cliff &  (Available Profiles: Cliff)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {7533AE27-277B-4A5D-B7B0-CE504A91C310} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL =
BHO-x32: ShopAtHomeIEHelper Class -> {E8DAAA30-6CAA-4b58-9603-8E54238219E2} -> C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll => No File
Toolbar: HKLM-x32 - ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
2019-02-08 16:03 - 2019-02-08 16:03 - 000378880 _____ C:\Users\Cliff\AppData\Roaming\Rahosoleboc.exe
2019-02-08 16:03 - 2019-02-08 16:03 - 000279269 _____ C:\Users\Cliff\AppData\Roaming\Rahosoleboc
2019-01-29 12:12 - 2019-01-29 12:12 - 000002257 _____ C:\Users\Cliff\Desktop\Chromium.lnk
2019-01-29 12:11 - 2019-01-29 12:12 - 000000000 ____D C:\Users\Cliff\AppData\Local\chromium
2019-01-29 12:03 - 2019-02-08 16:03 - 000000272 _____ C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job
2019-01-29 12:03 - 2019-01-29 12:03 - 000003212 _____ C:\Windows\System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}
2019-01-29 12:03 - 2019-01-29 12:03 - 000000000 ____D C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec
Task: {6B262C11-D0F9-48B3-BEAC-16AD0D9362E7} - System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC} => C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec\Pemam.exe [2013-05-04] () [File not signed]
Task: C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job => C:\Users\Cliff\AppData\Roaming\459D8C~1\Pemam.exe <==== ATTENTION
MSCONFIG\startupreg: Chromium => "c:\users\cliff\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
FirewallRules: [{C0F52F53-CFCD-4EE5-BCEF-29B3C9655706}] => (Allow) C:\Users\Cliff\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors)
VirusTotal: C:\Users\Cliff\AppData\Roaming\GhostObjGAFix.xml
Hosts:
C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => removed successfully
HKLM\Software\Classes\CLSID\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => not found
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => removed successfully
HKLM\Software\Classes\CLSID\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2} => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} => removed successfully
"HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}" => removed successfully
HKLM\Software\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => not found
"HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => removed successfully
CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol => removed successfully
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully
SWDUMon => service removed successfully
"C:\Users\Cliff\AppData\Roaming\Rahosoleboc.exe" => not found
C:\Users\Cliff\AppData\Roaming\Rahosoleboc => moved successfully
C:\Users\Cliff\Desktop\Chromium.lnk => moved successfully
C:\Users\Cliff\AppData\Local\chromium => moved successfully
C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job => moved successfully
C:\Windows\System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC} => moved successfully
C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B262C11-D0F9-48B3-BEAC-16AD0D9362E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B262C11-D0F9-48B3-BEAC-16AD0D9362E7}" => removed successfully
"C:\Windows\System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}" => removed successfully
"C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job" => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chromium => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0F52F53-CFCD-4EE5-BCEF-29B3C9655706}" => removed successfully
VirusTotal: C:\Users\Cliff\AppData\Roaming\GhostObjGAFix.xml => https://www.virustot...sis/1503859188/
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9536048 B
Java, Flash, Steam htmlcache => 1370 B
Windows/system/drivers => 1616339321 B
Edge => 0 B
Chrome => 528862972 B
Firefox => 1082534624 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 83293 B
LocalService => 132244 B
NetworkService => 854412 B
Cliff => 406426330 B

RecycleBin => 76440725 B
EmptyTemp: => 3.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:52:09 ====


  • 0

#5
iMacg3
Posted 09 February 2019 - 09:50 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

We'll run a few more scans to check for any remnants of the adware.

Download AdwCleaner and save it to your Desktop.
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

---------------------------------------

Malwarebytes is already installed on your computer.
  • Launch Malwarebytes, then click on Scan Now and wait for the scan to complete.
  • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
  • Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
  • Select Export in the bottom left corner, and click Text File. Save the file to your desktop, with a name like MBAMLog.txt.
  • Open the Malwarebytes log on your desktop, and copy and paste its contents into your next reply.
---------------------------------------


Right-click on FRST/FRST64 and click Run as Administrator
Click on Scan. Once the scan is complete, two text files will pop up. (FRST.txt and Addition.txt)

Please copy and paste the contents of FRST.txt and Addition.txt in your next reply.

---------------------------------------


In your next reply, please include:
  • AdwCleaner log
  • Malwarebytes log
  • FRST.txt and Addition.txt
Thanks.
  • 0

#6
emaan9301
Posted 09 February 2019 - 05:01 PM

emaan9301

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-02-07.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-09-2019
# Duration: 00:00:07
# OS:       Windows 7 Home Premium
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted       MSN Homepage & Bing Search Engine

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5935 octets] - [30/01/2019 08:21:25]
AdwCleaner[C00].txt - [5085 octets] - [30/01/2019 08:26:26]
AdwCleaner[S01].txt - [1408 octets] - [09/02/2019 17:00:26]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/9/19
Scan Time: 5:09 PM
Log File: 5d41e660-2cb7-11e9-b8e2-0026188e205a.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.527
Update Package Version: 1.0.9190
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cliff-PC\Cliff

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 249055
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 22 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 8.02.2019
Ran by Cliff (administrator) on CLIFF-PC (09-02-2019 17:55:14)
Running from C:\Users\Cliff\Desktop
Loaded Profiles: Cliff (Available Profiles: Cliff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
(Facebook) C:\Users\Cliff\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(The CefSharp Authors) C:\Users\Cliff\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-05-19]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-09-24]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Cliff\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{123328CA-34DB-4459-9810-C05E85BF971E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{68E0E2FA-013C-4444-B5C0-85773DEA4C53}: [DhcpNameServer] 192.168.0.1 205.171.3.65

Internet Explorer:
==================
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
URLSearchHook: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> DefaultScope {BDE0AB9D-F217-4738-8BAC-5C2853054AD1} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {BDE0AB9D-F217-4738-8BAC-5C2853054AD1} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {BDE0AB9D-F217-4738-8BAC-5C2853054AD1} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}394038
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {2DF0F6B9-0055-471B-B06A-C38F564E21D0} URL = hxxp://www.bing.com/search?FORM=SL5GDF&PC=SL5G&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {CCE505CE-69F9-42AA-A2CB-CA7BB1E1BFD0} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}394038
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2019-01-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2019-01-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corporation -> Microsoft Corp.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF DefaultProfile: dhajm7rv.default-1469742683247-1527433105574
FF ProfilePath: C:\Users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\dhajm7rv.default-1469742683247-1527433105574 [2019-02-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-13] [Legacy] [not signed]
FF HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2019-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2019-01-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2090084819-1613995479-3893764942-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Cliff\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin HKU\S-1-5-21-2090084819-1613995479-3893764942-1001: @yahoo.com/BrowserPlus,version=2.4.21 -> C:\Users\Cliff\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll [2009-11-12] (Yahoo! Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default [2019-02-09]
CHR Extension: (Slides) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-30]
CHR Extension: (Google Search) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
CHR Extension: (Sheets) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-03-27] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2019-01-30] (SurfRight B.V. -> SurfRight B.V.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc. -> McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1208320 2009-07-09] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1021440 2007-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-01-31] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-01-31] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [126624 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [72536 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [103760 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc. -> McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-11-04] (McAfee, Inc. -> McAfee, Inc.)
S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [676864 2010-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Apple, Inc.) [File not signed]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S1 mfehidk; system32\drivers\mfehidk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 17:55 - 2019-02-09 17:57 - 000016773 _____ C:\Users\Cliff\Desktop\FRST.txt
2019-02-09 17:03 - 2019-02-09 17:03 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-09 17:03 - 2019-02-09 17:03 - 000126624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-02-09 17:03 - 2019-02-09 17:03 - 000103760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-02-09 17:03 - 2019-02-09 17:03 - 000072536 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-02-09 16:57 - 2019-02-09 16:58 - 007316688 _____ (Malwarebytes) C:\Users\Cliff\Desktop\adwcleaner_7.2.7.0.exe
2019-02-08 16:32 - 2019-02-09 17:55 - 000000000 ____D C:\FRST
2019-02-08 16:31 - 2019-02-08 16:32 - 002434048 _____ (Farbar) C:\Users\Cliff\Desktop\FRST64.exe
2019-01-31 18:38 - 2019-01-31 18:38 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-01-30 09:04 - 2019-01-30 09:04 - 000000000 ____D C:\Windows\pss
2019-01-30 08:57 - 2019-01-30 08:57 - 000004174 _____ C:\Windows\system32\.crusader
2019-01-30 08:40 - 2019-01-30 08:40 - 000001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-01-30 08:39 - 2019-01-30 08:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-01-30 08:39 - 2019-01-30 08:40 - 000000000 ____D C:\Program Files\HitmanPro
2019-01-30 08:37 - 2019-01-30 08:58 - 000000000 ____D C:\ProgramData\HitmanPro
2019-01-30 08:35 - 2019-01-30 08:39 - 011576808 _____ (SurfRight B.V.) C:\Users\Cliff\Downloads\HitmanPro_x64.exe
2019-01-30 08:19 - 2019-01-30 08:26 - 000000000 ____D C:\AdwCleaner
2019-01-30 08:15 - 2019-01-30 08:17 - 007320272 _____ (Malwarebytes) C:\Users\Cliff\Downloads\AdwCleaner.exe
2019-01-30 07:34 - 2019-01-30 07:34 - 000000000 ____D C:\Users\Cliff\AppData\Local\mbamtray
2019-01-30 07:34 - 2019-01-30 07:34 - 000000000 ____D C:\Users\Cliff\AppData\Local\mbam
2019-01-30 07:33 - 2019-01-31 18:35 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-01-30 07:33 - 2019-01-30 07:33 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-30 07:33 - 2019-01-30 07:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-30 07:33 - 2019-01-30 07:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-30 07:33 - 2019-01-30 07:33 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-30 07:20 - 2019-01-30 07:32 - 080262528 _____ (Malwarebytes ) C:\Users\Cliff\Downloads\mb3-setup-1878.1878-3.6.1.2711.exe
2019-01-30 07:03 - 2019-02-08 16:03 - 000000317 _____ C:\Users\Cliff\AppData\Roaming\WB.CFG
2019-01-29 12:07 - 2019-01-29 12:06 - 000319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2019-01-29 12:06 - 2019-01-29 12:06 - 000189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2019-01-29 12:06 - 2019-01-29 12:06 - 000189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2019-01-29 12:06 - 2019-01-29 12:06 - 000111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-01-29 12:06 - 2019-01-29 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-29 11:19 - 2019-01-29 11:20 - 001211216 _____ (Oracle Corporation) C:\Users\Cliff\Downloads\JavaUninstallTool.exe
2019-01-22 20:29 - 2019-01-22 20:42 - 000000000 ____D C:\Users\Cliff\AppData\Roaming\Apple Computer
2019-01-22 20:29 - 2019-01-22 20:29 - 000000000 ____D C:\Users\Cliff\AppData\Local\Apple Computer
2019-01-22 20:24 - 2019-01-22 20:24 - 000000000 ____D C:\ProgramData\Apple Computer
2019-01-22 20:20 - 2019-01-22 20:20 - 000000000 ____D C:\Users\Cliff\AppData\Local\Apple
2019-01-22 20:17 - 2019-01-29 13:48 - 000000000 ____D C:\ProgramData\Apple
2019-01-22 14:24 - 2019-01-22 15:05 - 269393736 _____ (Apple Inc.) C:\Users\Cliff\Downloads\iTunes64Setup.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 17:39 - 2009-07-13 23:45 - 000015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-09 17:39 - 2009-07-13 23:45 - 000015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-09 17:04 - 2017-09-27 12:46 - 000000000 ____D C:\Users\Cliff\AppData\LocalLow\Mozilla
2019-02-09 17:02 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-09 16:55 - 2018-05-19 11:25 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2019-02-08 23:54 - 2018-12-11 22:30 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForCliff.job
2019-02-08 23:51 - 2011-05-15 17:30 - 000000000 ____D C:\Users\Cliff\AppData\LocalLow\Temp
2019-02-08 23:13 - 2009-11-28 23:55 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2019-02-05 09:25 - 2018-12-11 22:30 - 000003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCliff
2019-02-04 19:58 - 2017-09-18 15:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-04 19:58 - 2012-04-25 20:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-01 18:04 - 2009-08-20 10:31 - 000000000 ____D C:\ProgramData\Temp
2019-01-31 10:29 - 2009-11-29 07:23 - 000000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2019-01-30 17:14 - 2012-04-25 20:57 - 000000000 ____D C:\ProgramData\Mozilla
2019-01-30 09:33 - 2009-11-29 09:45 - 000000000 ____D C:\Windows\System32\Tasks\Games
2019-01-30 08:26 - 2009-12-30 21:02 - 000000000 ____D C:\Users\Cliff\AppData\LocalLow\Yahoo!
2019-01-30 08:01 - 2011-05-15 17:30 - 000000000 ____D C:\Program Files (x86)\Coupons.com
2019-01-30 07:13 - 2010-08-29 09:48 - 000000000 ____D C:\Users\Cliff\AppData\Local\CrashDumps
2019-01-30 06:54 - 2009-07-14 00:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-30 06:54 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-01-30 06:46 - 2018-12-23 01:14 - 000000000 ____D C:\Program Files\Java
2019-01-30 06:46 - 2015-09-19 01:09 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-30 06:46 - 2015-09-19 01:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-29 12:04 - 2010-04-18 13:59 - 000000000 ____D C:\Users\Cliff\Desktop\New folder
2019-01-17 03:06 - 2015-09-19 01:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-10 16:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2012-10-18 03:38 - 2012-10-18 03:38 - 000000025 _____ () C:\Users\Cliff\AppData\Roaming\bdfvconp.ini
2011-06-02 15:08 - 2011-07-02 09:41 - 000001854 _____ () C:\Users\Cliff\AppData\Roaming\GhostObjGAFix.xml
2019-01-30 07:03 - 2019-02-08 16:03 - 000000317 _____ () C:\Users\Cliff\AppData\Roaming\WB.CFG
2009-12-30 21:18 - 2009-12-30 21:18 - 000000000 _____ () C:\Users\Cliff\AppData\Roaming\wklnhst.dat
2015-05-17 20:02 - 2015-05-17 20:02 - 000000017 _____ () C:\Users\Cliff\AppData\Local\resmon.resmoncfg
2011-05-28 03:48 - 2011-07-23 05:35 - 000001940 _____ () C:\Users\Cliff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-02 11:32

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by Cliff (09-02-2019 17:58:24)
Running from C:\Users\Cliff\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-11-29 04:38:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2090084819-1613995479-3893764942-500 - Administrator - Disabled)
Cliff (S-1-5-21-2090084819-1613995479-3893764942-1001 - Administrator - Enabled) => C:\Users\Cliff
Guest (S-1-5-21-2090084819-1613995479-3893764942-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2090084819-1613995479-3893764942-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2WIREUSBWLANInstaller (HKLM-x32\...\{2EAEB0A6-582A-490B-B075-D837677365C2}) (Version: 1.00.7327 - 2WIRE, Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7 Wonders (HKLM-x32\...\7 Wonders) (Version:  - )
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Atlantis Quest (HKLM-x32\...\Atlantis Quest_is1) (Version:  - Playrix Entertainment)
Awakening: The Dreamless Castle (HKLM-x32\...\BFG-Awakening - The Dreamless Castle) (Version:  - )
Azada &reg; (HKLM-x32\...\BFG-Azada) (Version:  - )
Bejeweled 2 Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}) (Version:  - Oberon Media)
Bejeweled Blitz (HKLM-x32\...\Bejeweled Blitz) (Version:  - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin) Hidden
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
Coupons.com Toolbar (HKLM-x32\...\Coupons.com Toolbar) (Version: 6.2.7.3 - Coupons.com)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D1600 (HKLM-x32\...\{EAE8CF06-28CA-4213-839C-A32817A47E00}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}) (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DJ_SF_06_D1600_SW_Min (HKLM-x32\...\{5727583F-3530-45FD-B09E-7E1CB6C135AD}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
Facebook Plug-In (HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Haunted Hotel (HKLM-x32\...\BFG-Haunted Hotel) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Expedition Titanic (remove only) (HKLM-x32\...\Hidden Expedition Titanic) (Version:  - )
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6 (HKLM\...\{2CD0168D-FBBC-4667-8810-105CB6EC6348}) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (HKLM-x32\...\{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}) (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (HKLM-x32\...\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}) (Version: 130.0.303.000 - Hewlett-Packard) Hidden
James Patterson Women's Murder Club: A Darker Shade of Grey (HKLM-x32\...\BFG-James Patterson Women's Murder Club - A Darker Shade of Grey) (Version:  - )
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Magic Crystals (HKLM-x32\...\Magic Crystals_is1) (Version: 1.0 - MyPlayCity, Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 65.0 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 65.0.0.6963 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files: Ravenhearst &reg; (HKLM-x32\...\BFG-Mystery Case Files - Ravenhearst) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1923 - CyberLink Corp.) Hidden
Princess Isabella: A Witch's Curse (HKLM-x32\...\BFG-Princess Isabella - A Witch's Curse) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Software Informer 1.2 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
The Mysterious City: Cairo (HKLM-x32\...\BFG-The Mysterious City - Cairo) (Version:  - )
The Serpent of Isis ™ (HKLM-x32\...\BFG-The Serpent of Isis) (Version:  - )
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}) (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtual Villagers: A New Home (HKLM-x32\...\BFG-Virtual Villagers) (Version:  - )
Virtual Villagers: New Believers (HKLM-x32\...\BFG-Virtual Villagers - New Believers) (Version:  - )
Virtual Villagers: The Lost Children (HKLM-x32\...\BFG-Virtual Villagers The Lost Children) (Version:  - )
Virtual Villagers: The Tree of Life (HKLM-x32\...\BFG-Virtual Villagers - The Tree of Life) (Version:  - )
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.60 - WildTangent) Hidden
Yahoo! BrowserPlus (HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2009-07-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2AE736BD-E5A3-41AD-881F-44C90D0C6B4E} - System32\Tasks\SpeedFixTool_Popup => C:\Program Files (x86)\Speed Fix Tool\Splash.exe
Task: {40942083-659A-42E8-A530-C71774EEFEA0} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
Task: {45B89FE6-C0D8-4051-87F3-AB08ACD90C59} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {588B6CB4-302D-40DD-ABC2-673F3AE60E82} - System32\Tasks\SpeedFixTool_Start => C:\Program Files (x86)\Speed Fix Tool\SpeedFixTool.exe
Task: {5DA70224-D9EE-433A-A8ED-62982BBA4A43} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink -> CyberLink)
Task: {9027AD15-C426-40E5-B8E6-7A6CB67D2E22} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-02] (Google Inc -> Google Inc.)
Task: {A2D097B7-9F29-460A-A06E-A96F3BE3F153} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AD0D7C6E-A99B-4E75-B21D-4C0F90336ACA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc. -> HP Inc.)
Task: {B69CD151-2FB8-4882-B084-E10B075A7FC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-02] (Google Inc -> Google Inc.)
Task: {B76F2725-7903-407E-AA00-C20A3FAAEE2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {BBB57A27-4B09-4DEA-8EB6-85794AEEB8D8} - System32\Tasks\HPCeeScheduleForCliff => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {C268AC5F-ED91-461D-9254-FEBE73E5F4C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2019-01-02] (HP Inc. -> HP Inc.)
Task: {C2A52C9B-90F2-404A-9CFE-A733A209BC55} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2019-01-31] (HP Inc. -> HP Inc.)
Task: {CB1C38AA-395A-48B3-A78F-14EF83EA394F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-12-24] (HP Inc. -> HP Inc.)
Task: {F4DD050A-2AB9-42B6-AA08-618508E1F2AB} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink -> CyberLink Corp.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForCliff.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-30 07:33 - 2019-01-31 18:35 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2019-01-30 07:33 - 2019-01-31 18:35 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 001184256 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\CefSharp.Core.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 071641088 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\libcef.dll
2009-08-05 15:45 - 2009-08-05 15:45 - 000931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 000774656 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 003149824 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\libglesv2.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 000078848 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB [134]
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9 [225]
AlternateDataStreams: C:\ProgramData\Temp:206470A5 [224]
AlternateDataStreams: C:\ProgramData\Temp:260575F1 [205]
AlternateDataStreams: C:\ProgramData\Temp:27F44544 [229]
AlternateDataStreams: C:\ProgramData\Temp:3C9B05C4 [224]
AlternateDataStreams: C:\ProgramData\Temp:3D36932D [203]
AlternateDataStreams: C:\ProgramData\Temp:61A065F2 [244]
AlternateDataStreams: C:\ProgramData\Temp:70E897B5 [240]
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [204]
AlternateDataStreams: C:\ProgramData\Temp:BB71BBA2 [202]
AlternateDataStreams: C:\ProgramData\Temp:C46995DA [192]
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [210]
AlternateDataStreams: C:\ProgramData\Temp:D3A8AA31 [0]
AlternateDataStreams: C:\ProgramData\Temp:D48500F8 [216]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\pogo.com -> hxxps://games3.pogo.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-02-09 16:55 - 000000064 _____ C:\Windows\system32\drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: BingSvc => C:\Users\Cliff\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{688A56F1-FDA2-4FFA-B68F-8F2FFA1010F1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{BCAB8D7D-B06E-4F91-9848-BAF49DBBF9DB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{B32C144B-4DE9-48C3-AF8C-454EB3FB021B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{64725199-50AB-4865-8EEA-F1AF81019210}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{FB4F5F04-DBC8-4BB4-AEB8-0CFD8C1BFEE6}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{FB9999EF-E651-497C-BE13-645246108282}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{CD88ADF7-272C-45DE-9177-13BF8385B046}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{00DFF516-9C13-4A32-8DAC-E8375DB803E1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{69542552-B4DA-414A-97E7-CFD983C99B9A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{8AE3B823-D1D3-4A1F-8AB5-E4FD5EEEB766}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{A9F66091-4536-484B-9B9B-8672B321EB6A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{83D9D1E5-29B8-4FE9-B458-92DDEFD6E547}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink -> CyberLink)
FirewallRules: [{9C7C5E71-FB71-4C54-9E4A-15D37EF84038}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{F138DBB2-DFC5-4E07-B29D-752EE47A0B0E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{B0EC256E-3727-421F-BCA5-0C4982285708}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BACD8AEE-08D8-4371-8D33-A68F01BAAEBC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
FirewallRules: [{B0DC3A97-8F7F-43FB-B3EB-6C6956E66488}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{ACBFBE91-979B-461C-BADC-B5B16D7B58F9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{3E292212-0E60-44FB-8B3B-0543D9FBF305}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{92DD16B9-5C5B-4CF3-8EC9-9C670872CA4A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.)
FirewallRules: [{5B360EC2-1DB6-4A66-B11B-212AFAAE1110}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
FirewallRules: [{19B4395B-6EE1-4B88-8E78-C02CD2AC70B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C769016F-BDE3-4456-AB11-74C1C109F6ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5FB167C1-24E3-40D7-880C-816CCA3C20EC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{12483BCD-E388-4845-A056-261E213DD828}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{81F282FD-01BC-4AF4-A511-EFEE765F468E}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe No File
FirewallRules: [{94FC05F9-4DA0-4A89-9309-9D8DFA9E9733}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe No File
FirewallRules: [{4DC3E188-88B7-4B16-BFFA-362D2788315B}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\ToolbarUpdate.exe No File
FirewallRules: [{D9233BA6-8D07-4499-9A30-294A5FAEF2B0}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\ToolbarUpdate.exe No File
FirewallRules: [TCP Query User{BE27E60A-3CA7-4F84-8856-275B97EB304A}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [UDP Query User{898A6F3D-1CB0-4527-8A57-8925B9D5CA7F}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{ACA422CE-0718-463E-8F8B-A48411D6C7E4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
FirewallRules: [{902E9055-E1D6-41AE-9B92-F7CCDFBD1866}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DEB8AD48-0461-40DC-BD93-081D32200F0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{FE529841-CBAD-44F7-BB94-F846EB5884B6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{FA7020EA-6ADD-4D07-83F3-7516131C034A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EFC02469-43C6-4E90-B996-E2BE5156BCD5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
FirewallRules: [{385B6083-2BDF-4467-8618-A775EE509840}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BFF97D1B-ED54-4962-B3B9-969376BE5ED7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F2F5F231-A31B-4971-8AC6-3B25875647AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)

==================== Restore Points =========================

27-01-2019 15:27:20 Windows Update
29-01-2019 11:46:56 Removed Apple Application Support (32-bit)
29-01-2019 12:05:27 Installed Java 7 Update 72 (64-bit)
29-01-2019 12:17:44 Removed iTunes
29-01-2019 12:27:23 Removed Bonjour
29-01-2019 13:32:28 Removed Apple Application Support (64-bit)
29-01-2019 13:40:19 Removed Apple Mobile Device Support
29-01-2019 13:43:56 Removed Apple Application Support (32-bit)
29-01-2019 13:50:11 Removed Apple Software Update
30-01-2019 08:47:33 Checkpoint by HitmanPro
30-01-2019 08:57:11 Checkpoint by HitmanPro
03-02-2019 16:37:31 Windows Update
08-02-2019 23:37:42 Restore Point Created by FRST
09-02-2019 07:42:46 Windows Update

==================== Faulty Device Manager Devices =============

Name: McAfee Inc. mfehidk
Description: McAfee Inc. mfehidk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfehidk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: TSSTcorp CDDVDW TS-H653R SCSI CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2019 11:36:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fd462639-c428-46f5-b22c-1d841420fc22}

Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001EDF0E0.72).  hr = 0x80070005, Access is denied.
.

Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b4,(null),0,REG_BINARY,00000000016CE450.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {feb8b191-4fb2-4ac2-ac05-5e86cae036ae}

Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b4,(null),0,REG_BINARY,00000000016CE450.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {feb8b191-4fb2-4ac2-ac05-5e86cae036ae}

Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c8,(null),0,REG_BINARY,000000001482E380.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9bd5bdcd-189a-4657-bbd3-afde1040950e}

Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c8,(null),0,REG_BINARY,000000001482E380.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9bd5bdcd-189a-4657-bbd3-afde1040950e}

Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009e4,(null),0,REG_BINARY,000000000522E4C0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {45af5186-7188-45f9-8eff-d336f21eb9e6}

Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000001F9EF00.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {a72b7ff6-da50-48d7-87d6-f0b7ceb714e2}


System errors:
=============
Error: (02/09/2019 05:02:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
mfehidk

Error: (02/09/2019 05:01:53 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

Error: (02/09/2019 05:00:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LightScribeService Direct Disc Labeling Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/09/2019 05:00:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Agere Modem Call Progress Audio service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/09/2019 05:00:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/09/2019 05:00:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/09/2019 05:00:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HitmanPro Scheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/08/2019 11:54:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
mfehidk


CodeIntegrity:
===================================

Date: 2013-02-21 10:48:53.113
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-21 01:27:35.297
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-21 00:18:43.104
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-20 23:56:24.889
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-20 23:49:15.994
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-20 23:33:51.871
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-20 23:23:30.998
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-20 23:16:21.592
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Sempron™ Processor LE-1200
Percentage of memory in use: 84%
Total physical RAM: 2942.49 MB
Available physical RAM: 451.2 MB
Total Virtual: 5883.13 MB
Available Virtual: 2953.58 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:205.32 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.14 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{f9944445-9e41-11de-8479-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#7
iMacg3
Posted 09 February 2019 - 06:38 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

How is the computer doing? Do any of the problems persist?

Thanks.
  • 0

#8
emaan9301
Posted 09 February 2019 - 06:43 PM

emaan9301

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

We can't use java again, but i'm hoping that will be an easy fix now that everything else is working right.  Fingers crossed.

 

Thank you for helping us out.


  • 0

#9
iMacg3
Posted 09 February 2019 - 07:11 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Outdated versions of Java are a security risk. It's best to update to the newest version to avoid unpatched security holes - here is a link to the Java download page.

Uninstall FRST
  • Right-click on FRST/FRST64, and select Rename.
  • Rename it to Uninstall.exe and press Enter on your keyboard.
  • Double-click on Uninstall.exe. Your computer will restart, and allow it to do so. FRST will now uninstall.
---------------------

Here are some tips to keep your computer safe on the Internet:

Keep your antivirus up to date and enabled. If you use Windows 8.1 or 10, using Windows Defender is sufficient protection. However, if you use Windows 7, running an antivirus is recommended. Some good AVs are Microsoft Security Essentials, BitDefender, or Kaspersky.


Keep your Windows operating system up to date. Make sure the Automatic Updates feature on your computer is enabled, so Windows can install updates automatically and keep your system up to date. Additionally, make sure to keep your third party software (such as Java, Adobe Flash, and Web browsers) up to date as well.


Use secure passwords. Make sure your passwords are complex and difficult to guess. There are password managers (for example, Bitwarden) that can help you keep track of your passwords and use secure passwords. Make sure to use a different password at every website that requires a login.


Don't download attachments without knowing what they are. Do not download any email attachments that end with an extension of .exe, .pif, .com, or .bat. When downloading third party software, make sure to download it from the developer. Also, un-check offers of additional software when installing some software you want.


Be cautious when using P2P software such as BitTorrent or uTorrent. Often these are used for the downloading of pirated software. Avoid pirated/cracked software, as it is one of the top ways that computer users get malware infections.

Here are some guides for you to read about keeping your computer safe -

Keep your computer safe on the Internet

Answers to common security questions

If you ever have any malware infections on your computer (hopefully not) you can always come back here for help.

Safe surfing! :)
  • 0

#10
iMacg3
Posted 09 February 2019 - 10:53 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP