Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Start:: CreateRestorePoint: EmptyTemp: CloseProcesses: HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 -> DefaultScope {7533AE27-277B-4A5D-B7B0-CE504A91C310} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = BHO-x32: ShopAtHomeIEHelper Class -> {E8DAAA30-6CAA-4b58-9603-8E54238219E2} -> C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll => No File Toolbar: HKLM-x32 - ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll No File Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X] 2019-02-08 16:03 - 2019-02-08 16:03 - 000378880 _____ C:\Users\Cliff\AppData\Roaming\Rahosoleboc.exe 2019-02-08 16:03 - 2019-02-08 16:03 - 000279269 _____ C:\Users\Cliff\AppData\Roaming\Rahosoleboc 2019-01-29 12:12 - 2019-01-29 12:12 - 000002257 _____ C:\Users\Cliff\Desktop\Chromium.lnk 2019-01-29 12:11 - 2019-01-29 12:12 - 000000000 ____D C:\Users\Cliff\AppData\Local\chromium 2019-01-29 12:03 - 2019-02-08 16:03 - 000000272 _____ C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job 2019-01-29 12:03 - 2019-01-29 12:03 - 000003212 _____ C:\Windows\System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC} 2019-01-29 12:03 - 2019-01-29 12:03 - 000000000 ____D C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec Task: {6B262C11-D0F9-48B3-BEAC-16AD0D9362E7} - System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC} => C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec\Pemam.exe [2013-05-04] () [File not signed] Task: C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job => C:\Users\Cliff\AppData\Roaming\459D8C~1\Pemam.exe <==== ATTENTION MSCONFIG\startupreg: Chromium => "c:\users\cliff\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session FirewallRules: [{C0F52F53-CFCD-4EE5-BCEF-29B3C9655706}] => (Allow) C:\Users\Cliff\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) VirusTotal: C:\Users\Cliff\AppData\Roaming\GhostObjGAFix.xml Hosts: C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect End::Right-click on FRST/FRST64 and select Run as Administrator.
Thank you, The first difference I see after the reboot is the desktop icon for Chromium is now gone.
Here is the requested information.
Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by Cliff (08-02-2019 23:36:40) Run:1
Running from C:\Users\Cliff\Desktop
Loaded Profiles: Cliff & (Available Profiles: Cliff)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {7533AE27-277B-4A5D-B7B0-CE504A91C310} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {4E546D24-C8B3-480B-AAF7-00DB4D53052D} URL =
BHO-x32: ShopAtHomeIEHelper Class -> {E8DAAA30-6CAA-4b58-9603-8E54238219E2} -> C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll => No File
Toolbar: HKLM-x32 - ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
2019-02-08 16:03 - 2019-02-08 16:03 - 000378880 _____ C:\Users\Cliff\AppData\Roaming\Rahosoleboc.exe
2019-02-08 16:03 - 2019-02-08 16:03 - 000279269 _____ C:\Users\Cliff\AppData\Roaming\Rahosoleboc
2019-01-29 12:12 - 2019-01-29 12:12 - 000002257 _____ C:\Users\Cliff\Desktop\Chromium.lnk
2019-01-29 12:11 - 2019-01-29 12:12 - 000000000 ____D C:\Users\Cliff\AppData\Local\chromium
2019-01-29 12:03 - 2019-02-08 16:03 - 000000272 _____ C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job
2019-01-29 12:03 - 2019-01-29 12:03 - 000003212 _____ C:\Windows\System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}
2019-01-29 12:03 - 2019-01-29 12:03 - 000000000 ____D C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec
Task: {6B262C11-D0F9-48B3-BEAC-16AD0D9362E7} - System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC} => C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec\Pemam.exe [2013-05-04] () [File not signed]
Task: C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job => C:\Users\Cliff\AppData\Roaming\459D8C~1\Pemam.exe <==== ATTENTION
MSCONFIG\startupreg: Chromium => "c:\users\cliff\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
FirewallRules: [{C0F52F53-CFCD-4EE5-BCEF-29B3C9655706}] => (Allow) C:\Users\Cliff\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors)
VirusTotal: C:\Users\Cliff\AppData\Roaming\GhostObjGAFix.xml
Hosts:
C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect
*****************
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => removed successfully
HKLM\Software\Classes\CLSID\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => not found
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => removed successfully
HKLM\Software\Classes\CLSID\{4E546D24-C8B3-480B-AAF7-00DB4D53052D} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2} => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} => removed successfully
"HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}" => removed successfully
HKLM\Software\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => not found
"HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => removed successfully
CHR HKU\S-1-5-21-2090084819-1613995479-3893764942-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02082019153947174\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol => removed successfully
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully
SWDUMon => service removed successfully
"C:\Users\Cliff\AppData\Roaming\Rahosoleboc.exe" => not found
C:\Users\Cliff\AppData\Roaming\Rahosoleboc => moved successfully
C:\Users\Cliff\Desktop\Chromium.lnk => moved successfully
C:\Users\Cliff\AppData\Local\chromium => moved successfully
C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job => moved successfully
C:\Windows\System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC} => moved successfully
C:\Users\Cliff\AppData\Roaming\459d8c466d48f90eb33a24d33edd0eec => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B262C11-D0F9-48B3-BEAC-16AD0D9362E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B262C11-D0F9-48B3-BEAC-16AD0D9362E7}" => removed successfully
"C:\Windows\System32\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}" => removed successfully
"C:\Windows\Tasks\{459D8C46-6D48-F90E-B33A-24D33EDD0EEC}.job" => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chromium => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0F52F53-CFCD-4EE5-BCEF-29B3C9655706}" => removed successfully
VirusTotal: C:\Users\Cliff\AppData\Roaming\GhostObjGAFix.xml => https://www.virustot...sis/1503859188/
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9536048 B
Java, Flash, Steam htmlcache => 1370 B
Windows/system/drivers => 1616339321 B
Edge => 0 B
Chrome => 528862972 B
Firefox => 1082534624 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 83293 B
LocalService => 132244 B
NetworkService => 854412 B
Cliff => 406426330 B
RecycleBin => 76440725 B
EmptyTemp: => 3.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 23:52:09 ====
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-07.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-09-2019
# Duration: 00:00:07
# OS: Windows 7 Home Premium
# Cleaned: 1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
Deleted MSN Homepage & Bing Search Engine
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [5935 octets] - [30/01/2019 08:21:25]
AdwCleaner[C00].txt - [5085 octets] - [30/01/2019 08:26:26]
AdwCleaner[S01].txt - [1408 octets] - [09/02/2019 17:00:26]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/9/19
Scan Time: 5:09 PM
Log File: 5d41e660-2cb7-11e9-b8e2-0026188e205a.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.527
Update Package Version: 1.0.9190
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cliff-PC\Cliff
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 249055
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 22 min, 12 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 8.02.2019
Ran by Cliff (administrator) on CLIFF-PC (09-02-2019 17:55:14)
Running from C:\Users\Cliff\Desktop
Loaded Profiles: Cliff (Available Profiles: Cliff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
(Facebook) C:\Users\Cliff\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(The CefSharp Authors) C:\Users\Cliff\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-05-19]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-09-24]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Cliff\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{123328CA-34DB-4459-9810-C05E85BF971E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{68E0E2FA-013C-4444-B5C0-85773DEA4C53}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Internet Explorer:
==================
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
URLSearchHook: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> DefaultScope {BDE0AB9D-F217-4738-8BAC-5C2853054AD1} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {BDE0AB9D-F217-4738-8BAC-5C2853054AD1} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {BDE0AB9D-F217-4738-8BAC-5C2853054AD1} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}394038
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {2DF0F6B9-0055-471B-B06A-C38F564E21D0} URL = hxxp://www.bing.com/search?FORM=SL5GDF&PC=SL5G&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {CCE505CE-69F9-42AA-A2CB-CA7BB1E1BFD0} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}394038
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2019-01-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2019-01-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corporation -> Microsoft Corp.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FireFox:
========
FF DefaultProfile: dhajm7rv.default-1469742683247-1527433105574
FF ProfilePath: C:\Users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\dhajm7rv.default-1469742683247-1527433105574 [2019-02-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-13] [Legacy] [not signed]
FF HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2019-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2019-01-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2090084819-1613995479-3893764942-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Cliff\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin HKU\S-1-5-21-2090084819-1613995479-3893764942-1001: @yahoo.com/BrowserPlus,version=2.4.21 -> C:\Users\Cliff\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll [2009-11-12] (Yahoo! Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default [2019-02-09]
CHR Extension: (Slides) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-30]
CHR Extension: (Google Search) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
CHR Extension: (Sheets) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-04]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-03-27] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2019-01-30] (SurfRight B.V. -> SurfRight B.V.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc. -> McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1208320 2009-07-09] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1021440 2007-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-01-31] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-01-31] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [126624 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [72536 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [103760 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc. -> McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-11-04] (McAfee, Inc. -> McAfee, Inc.)
S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [676864 2010-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Apple, Inc.) [File not signed]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S1 mfehidk; system32\drivers\mfehidk.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-09 17:55 - 2019-02-09 17:57 - 000016773 _____ C:\Users\Cliff\Desktop\FRST.txt
2019-02-09 17:03 - 2019-02-09 17:03 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-09 17:03 - 2019-02-09 17:03 - 000126624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-02-09 17:03 - 2019-02-09 17:03 - 000103760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-02-09 17:03 - 2019-02-09 17:03 - 000072536 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-02-09 16:57 - 2019-02-09 16:58 - 007316688 _____ (Malwarebytes) C:\Users\Cliff\Desktop\adwcleaner_7.2.7.0.exe
2019-02-08 16:32 - 2019-02-09 17:55 - 000000000 ____D C:\FRST
2019-02-08 16:31 - 2019-02-08 16:32 - 002434048 _____ (Farbar) C:\Users\Cliff\Desktop\FRST64.exe
2019-01-31 18:38 - 2019-01-31 18:38 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-01-30 09:04 - 2019-01-30 09:04 - 000000000 ____D C:\Windows\pss
2019-01-30 08:57 - 2019-01-30 08:57 - 000004174 _____ C:\Windows\system32\.crusader
2019-01-30 08:40 - 2019-01-30 08:40 - 000001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-01-30 08:39 - 2019-01-30 08:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-01-30 08:39 - 2019-01-30 08:40 - 000000000 ____D C:\Program Files\HitmanPro
2019-01-30 08:37 - 2019-01-30 08:58 - 000000000 ____D C:\ProgramData\HitmanPro
2019-01-30 08:35 - 2019-01-30 08:39 - 011576808 _____ (SurfRight B.V.) C:\Users\Cliff\Downloads\HitmanPro_x64.exe
2019-01-30 08:19 - 2019-01-30 08:26 - 000000000 ____D C:\AdwCleaner
2019-01-30 08:15 - 2019-01-30 08:17 - 007320272 _____ (Malwarebytes) C:\Users\Cliff\Downloads\AdwCleaner.exe
2019-01-30 07:34 - 2019-01-30 07:34 - 000000000 ____D C:\Users\Cliff\AppData\Local\mbamtray
2019-01-30 07:34 - 2019-01-30 07:34 - 000000000 ____D C:\Users\Cliff\AppData\Local\mbam
2019-01-30 07:33 - 2019-01-31 18:35 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-01-30 07:33 - 2019-01-30 07:33 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-30 07:33 - 2019-01-30 07:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-30 07:33 - 2019-01-30 07:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-30 07:33 - 2019-01-30 07:33 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-30 07:20 - 2019-01-30 07:32 - 080262528 _____ (Malwarebytes ) C:\Users\Cliff\Downloads\mb3-setup-1878.1878-3.6.1.2711.exe
2019-01-30 07:03 - 2019-02-08 16:03 - 000000317 _____ C:\Users\Cliff\AppData\Roaming\WB.CFG
2019-01-29 12:07 - 2019-01-29 12:06 - 000319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2019-01-29 12:06 - 2019-01-29 12:06 - 000189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2019-01-29 12:06 - 2019-01-29 12:06 - 000189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2019-01-29 12:06 - 2019-01-29 12:06 - 000111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-01-29 12:06 - 2019-01-29 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-29 11:19 - 2019-01-29 11:20 - 001211216 _____ (Oracle Corporation) C:\Users\Cliff\Downloads\JavaUninstallTool.exe
2019-01-22 20:29 - 2019-01-22 20:42 - 000000000 ____D C:\Users\Cliff\AppData\Roaming\Apple Computer
2019-01-22 20:29 - 2019-01-22 20:29 - 000000000 ____D C:\Users\Cliff\AppData\Local\Apple Computer
2019-01-22 20:24 - 2019-01-22 20:24 - 000000000 ____D C:\ProgramData\Apple Computer
2019-01-22 20:20 - 2019-01-22 20:20 - 000000000 ____D C:\Users\Cliff\AppData\Local\Apple
2019-01-22 20:17 - 2019-01-29 13:48 - 000000000 ____D C:\ProgramData\Apple
2019-01-22 14:24 - 2019-01-22 15:05 - 269393736 _____ (Apple Inc.) C:\Users\Cliff\Downloads\iTunes64Setup.exe
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-09 17:39 - 2009-07-13 23:45 - 000015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-09 17:39 - 2009-07-13 23:45 - 000015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-09 17:04 - 2017-09-27 12:46 - 000000000 ____D C:\Users\Cliff\AppData\LocalLow\Mozilla
2019-02-09 17:02 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-09 16:55 - 2018-05-19 11:25 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2019-02-08 23:54 - 2018-12-11 22:30 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForCliff.job
2019-02-08 23:51 - 2011-05-15 17:30 - 000000000 ____D C:\Users\Cliff\AppData\LocalLow\Temp
2019-02-08 23:13 - 2009-11-28 23:55 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2019-02-05 09:25 - 2018-12-11 22:30 - 000003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCliff
2019-02-04 19:58 - 2017-09-18 15:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-04 19:58 - 2012-04-25 20:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-01 18:04 - 2009-08-20 10:31 - 000000000 ____D C:\ProgramData\Temp
2019-01-31 10:29 - 2009-11-29 07:23 - 000000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2019-01-30 17:14 - 2012-04-25 20:57 - 000000000 ____D C:\ProgramData\Mozilla
2019-01-30 09:33 - 2009-11-29 09:45 - 000000000 ____D C:\Windows\System32\Tasks\Games
2019-01-30 08:26 - 2009-12-30 21:02 - 000000000 ____D C:\Users\Cliff\AppData\LocalLow\Yahoo!
2019-01-30 08:01 - 2011-05-15 17:30 - 000000000 ____D C:\Program Files (x86)\Coupons.com
2019-01-30 07:13 - 2010-08-29 09:48 - 000000000 ____D C:\Users\Cliff\AppData\Local\CrashDumps
2019-01-30 06:54 - 2009-07-14 00:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-30 06:54 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-01-30 06:46 - 2018-12-23 01:14 - 000000000 ____D C:\Program Files\Java
2019-01-30 06:46 - 2015-09-19 01:09 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-30 06:46 - 2015-09-19 01:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-29 12:04 - 2010-04-18 13:59 - 000000000 ____D C:\Users\Cliff\Desktop\New folder
2019-01-17 03:06 - 2015-09-19 01:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-10 16:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
==================== Files in the root of some directories =======
2012-10-18 03:38 - 2012-10-18 03:38 - 000000025 _____ () C:\Users\Cliff\AppData\Roaming\bdfvconp.ini
2011-06-02 15:08 - 2011-07-02 09:41 - 000001854 _____ () C:\Users\Cliff\AppData\Roaming\GhostObjGAFix.xml
2019-01-30 07:03 - 2019-02-08 16:03 - 000000317 _____ () C:\Users\Cliff\AppData\Roaming\WB.CFG
2009-12-30 21:18 - 2009-12-30 21:18 - 000000000 _____ () C:\Users\Cliff\AppData\Roaming\wklnhst.dat
2015-05-17 20:02 - 2015-05-17 20:02 - 000000017 _____ () C:\Users\Cliff\AppData\Local\resmon.resmoncfg
2011-05-28 03:48 - 2011-07-23 05:35 - 000001940 _____ () C:\Users\Cliff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-02-02 11:32
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by Cliff (09-02-2019 17:58:24)
Running from C:\Users\Cliff\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-11-29 04:38:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2090084819-1613995479-3893764942-500 - Administrator - Disabled)
Cliff (S-1-5-21-2090084819-1613995479-3893764942-1001 - Administrator - Enabled) => C:\Users\Cliff
Guest (S-1-5-21-2090084819-1613995479-3893764942-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2090084819-1613995479-3893764942-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2WIREUSBWLANInstaller (HKLM-x32\...\{2EAEB0A6-582A-490B-B075-D837677365C2}) (Version: 1.00.7327 - 2WIRE, Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7 Wonders (HKLM-x32\...\7 Wonders) (Version: - )
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Atlantis Quest (HKLM-x32\...\Atlantis Quest_is1) (Version: - Playrix Entertainment)
Awakening: The Dreamless Castle (HKLM-x32\...\BFG-Awakening - The Dreamless Castle) (Version: - )
Azada ® (HKLM-x32\...\BFG-Azada) (Version: - )
Bejeweled 2 Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}) (Version: - Oberon Media)
Bejeweled Blitz (HKLM-x32\...\Bejeweled Blitz) (Version: - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version: - PopCap Games)
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin) Hidden
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
Coupons.com Toolbar (HKLM-x32\...\Coupons.com Toolbar) (Version: 6.2.7.3 - Coupons.com)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D1600 (HKLM-x32\...\{EAE8CF06-28CA-4213-839C-A32817A47E00}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}) (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DJ_SF_06_D1600_SW_Min (HKLM-x32\...\{5727583F-3530-45FD-B09E-7E1CB6C135AD}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
Facebook Plug-In (HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Haunted Hotel (HKLM-x32\...\BFG-Haunted Hotel) (Version: - )
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Expedition Titanic (remove only) (HKLM-x32\...\Hidden Expedition Titanic) (Version: - )
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6 (HKLM\...\{2CD0168D-FBBC-4667-8810-105CB6EC6348}) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (HKLM-x32\...\{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}) (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (HKLM-x32\...\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}) (Version: 130.0.303.000 - Hewlett-Packard) Hidden
James Patterson Women's Murder Club: A Darker Shade of Grey (HKLM-x32\...\BFG-James Patterson Women's Murder Club - A Darker Shade of Grey) (Version: - )
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Magic Crystals (HKLM-x32\...\Magic Crystals_is1) (Version: 1.0 - MyPlayCity, Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 65.0 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 65.0.0.6963 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files: Ravenhearst ® (HKLM-x32\...\BFG-Mystery Case Files - Ravenhearst) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1923 - CyberLink Corp.) Hidden
Princess Isabella: A Witch's Curse (HKLM-x32\...\BFG-Princess Isabella - A Witch's Curse) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Software Informer 1.2 (HKLM\...\Software Informer_is1) (Version: - Informer Technologies, Inc.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
The Mysterious City: Cairo (HKLM-x32\...\BFG-The Mysterious City - Cairo) (Version: - )
The Serpent of Isis ™ (HKLM-x32\...\BFG-The Serpent of Isis) (Version: - )
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}) (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Virtual Villagers: A New Home (HKLM-x32\...\BFG-Virtual Villagers) (Version: - )
Virtual Villagers: New Believers (HKLM-x32\...\BFG-Virtual Villagers - New Believers) (Version: - )
Virtual Villagers: The Lost Children (HKLM-x32\...\BFG-Virtual Villagers The Lost Children) (Version: - )
Virtual Villagers: The Tree of Life (HKLM-x32\...\BFG-Virtual Villagers - The Tree of Life) (Version: - )
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.60 - WildTangent) Hidden
Yahoo! BrowserPlus (HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2009-07-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2AE736BD-E5A3-41AD-881F-44C90D0C6B4E} - System32\Tasks\SpeedFixTool_Popup => C:\Program Files (x86)\Speed Fix Tool\Splash.exe
Task: {40942083-659A-42E8-A530-C71774EEFEA0} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
Task: {45B89FE6-C0D8-4051-87F3-AB08ACD90C59} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {588B6CB4-302D-40DD-ABC2-673F3AE60E82} - System32\Tasks\SpeedFixTool_Start => C:\Program Files (x86)\Speed Fix Tool\SpeedFixTool.exe
Task: {5DA70224-D9EE-433A-A8ED-62982BBA4A43} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink -> CyberLink)
Task: {9027AD15-C426-40E5-B8E6-7A6CB67D2E22} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-02] (Google Inc -> Google Inc.)
Task: {A2D097B7-9F29-460A-A06E-A96F3BE3F153} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AD0D7C6E-A99B-4E75-B21D-4C0F90336ACA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc. -> HP Inc.)
Task: {B69CD151-2FB8-4882-B084-E10B075A7FC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-02] (Google Inc -> Google Inc.)
Task: {B76F2725-7903-407E-AA00-C20A3FAAEE2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {BBB57A27-4B09-4DEA-8EB6-85794AEEB8D8} - System32\Tasks\HPCeeScheduleForCliff => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {C268AC5F-ED91-461D-9254-FEBE73E5F4C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2019-01-02] (HP Inc. -> HP Inc.)
Task: {C2A52C9B-90F2-404A-9CFE-A733A209BC55} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2019-01-31] (HP Inc. -> HP Inc.)
Task: {CB1C38AA-395A-48B3-A78F-14EF83EA394F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-12-24] (HP Inc. -> HP Inc.)
Task: {F4DD050A-2AB9-42B6-AA08-618508E1F2AB} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink -> CyberLink Corp.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForCliff.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2019-01-30 07:33 - 2019-01-31 18:35 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2019-01-30 07:33 - 2019-01-31 18:35 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 001184256 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\CefSharp.Core.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 071641088 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\libcef.dll
2009-08-05 15:45 - 2009-08-05 15:45 - 000931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 000774656 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 003149824 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\libglesv2.dll
2018-05-03 10:03 - 2018-05-03 10:03 - 000078848 _____ () C:\Users\Cliff\AppData\Local\Facebook\Games\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB [134]
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9 [225]
AlternateDataStreams: C:\ProgramData\Temp:206470A5 [224]
AlternateDataStreams: C:\ProgramData\Temp:260575F1 [205]
AlternateDataStreams: C:\ProgramData\Temp:27F44544 [229]
AlternateDataStreams: C:\ProgramData\Temp:3C9B05C4 [224]
AlternateDataStreams: C:\ProgramData\Temp:3D36932D [203]
AlternateDataStreams: C:\ProgramData\Temp:61A065F2 [244]
AlternateDataStreams: C:\ProgramData\Temp:70E897B5 [240]
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [204]
AlternateDataStreams: C:\ProgramData\Temp:BB71BBA2 [202]
AlternateDataStreams: C:\ProgramData\Temp:C46995DA [192]
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [210]
AlternateDataStreams: C:\ProgramData\Temp:D3A8AA31 [0]
AlternateDataStreams: C:\ProgramData\Temp:D48500F8 [216]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\...\pogo.com -> hxxps://games3.pogo.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2019-02-09 16:55 - 000000064 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2090084819-1613995479-3893764942-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: BingSvc => C:\Users\Cliff\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{688A56F1-FDA2-4FFA-B68F-8F2FFA1010F1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{BCAB8D7D-B06E-4F91-9848-BAF49DBBF9DB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{B32C144B-4DE9-48C3-AF8C-454EB3FB021B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{64725199-50AB-4865-8EEA-F1AF81019210}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{FB4F5F04-DBC8-4BB4-AEB8-0CFD8C1BFEE6}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{FB9999EF-E651-497C-BE13-645246108282}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{CD88ADF7-272C-45DE-9177-13BF8385B046}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{00DFF516-9C13-4A32-8DAC-E8375DB803E1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{69542552-B4DA-414A-97E7-CFD983C99B9A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{8AE3B823-D1D3-4A1F-8AB5-E4FD5EEEB766}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{A9F66091-4536-484B-9B9B-8672B321EB6A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{83D9D1E5-29B8-4FE9-B458-92DDEFD6E547}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink -> CyberLink)
FirewallRules: [{9C7C5E71-FB71-4C54-9E4A-15D37EF84038}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{F138DBB2-DFC5-4E07-B29D-752EE47A0B0E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{B0EC256E-3727-421F-BCA5-0C4982285708}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BACD8AEE-08D8-4371-8D33-A68F01BAAEBC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
FirewallRules: [{B0DC3A97-8F7F-43FB-B3EB-6C6956E66488}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{ACBFBE91-979B-461C-BADC-B5B16D7B58F9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{3E292212-0E60-44FB-8B3B-0543D9FBF305}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{92DD16B9-5C5B-4CF3-8EC9-9C670872CA4A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.)
FirewallRules: [{5B360EC2-1DB6-4A66-B11B-212AFAAE1110}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
FirewallRules: [{19B4395B-6EE1-4B88-8E78-C02CD2AC70B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C769016F-BDE3-4456-AB11-74C1C109F6ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5FB167C1-24E3-40D7-880C-816CCA3C20EC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{12483BCD-E388-4845-A056-261E213DD828}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{81F282FD-01BC-4AF4-A511-EFEE765F468E}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe No File
FirewallRules: [{94FC05F9-4DA0-4A89-9309-9D8DFA9E9733}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe No File
FirewallRules: [{4DC3E188-88B7-4B16-BFFA-362D2788315B}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\ToolbarUpdate.exe No File
FirewallRules: [{D9233BA6-8D07-4499-9A30-294A5FAEF2B0}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\ToolbarUpdate.exe No File
FirewallRules: [TCP Query User{BE27E60A-3CA7-4F84-8856-275B97EB304A}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [UDP Query User{898A6F3D-1CB0-4527-8A57-8925B9D5CA7F}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{ACA422CE-0718-463E-8F8B-A48411D6C7E4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
FirewallRules: [{902E9055-E1D6-41AE-9B92-F7CCDFBD1866}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DEB8AD48-0461-40DC-BD93-081D32200F0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{FE529841-CBAD-44F7-BB94-F846EB5884B6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{FA7020EA-6ADD-4D07-83F3-7516131C034A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EFC02469-43C6-4E90-B996-E2BE5156BCD5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
FirewallRules: [{385B6083-2BDF-4467-8618-A775EE509840}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BFF97D1B-ED54-4962-B3B9-969376BE5ED7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F2F5F231-A31B-4971-8AC6-3B25875647AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
==================== Restore Points =========================
27-01-2019 15:27:20 Windows Update
29-01-2019 11:46:56 Removed Apple Application Support (32-bit)
29-01-2019 12:05:27 Installed Java 7 Update 72 (64-bit)
29-01-2019 12:17:44 Removed iTunes
29-01-2019 12:27:23 Removed Bonjour
29-01-2019 13:32:28 Removed Apple Application Support (64-bit)
29-01-2019 13:40:19 Removed Apple Mobile Device Support
29-01-2019 13:43:56 Removed Apple Application Support (32-bit)
29-01-2019 13:50:11 Removed Apple Software Update
30-01-2019 08:47:33 Checkpoint by HitmanPro
30-01-2019 08:57:11 Checkpoint by HitmanPro
03-02-2019 16:37:31 Windows Update
08-02-2019 23:37:42 Restore Point Created by FRST
09-02-2019 07:42:46 Windows Update
==================== Faulty Device Manager Devices =============
Name: McAfee Inc. mfehidk
Description: McAfee Inc. mfehidk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfehidk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: TSSTcorp CDDVDW TS-H653R SCSI CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/08/2019 11:36:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {fd462639-c428-46f5-b22c-1d841420fc22}
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001EDF0E0.72). hr = 0x80070005, Access is denied.
.
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b4,(null),0,REG_BINARY,00000000016CE450.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {feb8b191-4fb2-4ac2-ac05-5e86cae036ae}
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b4,(null),0,REG_BINARY,00000000016CE450.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {feb8b191-4fb2-4ac2-ac05-5e86cae036ae}
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c8,(null),0,REG_BINARY,000000001482E380.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9bd5bdcd-189a-4657-bbd3-afde1040950e}
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c8,(null),0,REG_BINARY,000000001482E380.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9bd5bdcd-189a-4657-bbd3-afde1040950e}
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009e4,(null),0,REG_BINARY,000000000522E4C0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {45af5186-7188-45f9-8eff-d336f21eb9e6}
Error: (01/30/2019 08:58:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000001F9EF00.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {a72b7ff6-da50-48d7-87d6-f0b7ceb714e2}
System errors:
=============
Error: (02/09/2019 05:02:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
mfehidk
Error: (02/09/2019 05:01:53 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.
Error: (02/09/2019 05:00:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/09/2019 05:00:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
Error: (02/09/2019 05:00:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (02/09/2019 05:00:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/09/2019 05:00:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HitmanPro Scheduler service terminated unexpectedly. It has done this 1 time(s).
Error: (02/08/2019 11:54:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
mfehidk
CodeIntegrity:
===================================
Date: 2013-02-21 10:48:53.113
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-02-21 01:27:35.297
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-02-21 00:18:43.104
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-02-20 23:56:24.889
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-02-20 23:49:15.994
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-02-20 23:33:51.871
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-02-20 23:23:30.998
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-02-20 23:16:21.592
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00089_003\midas64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD Sempron Processor LE-1200
Percentage of memory in use: 84%
Total physical RAM: 2942.49 MB
Available physical RAM: 451.2 MB
Total Virtual: 5883.13 MB
Available Virtual: 2953.58 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:205.32 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.14 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{f9944445-9e41-11de-8479-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
We can't use java again, but i'm hoping that will be an easy fix now that everything else is working right. Fingers crossed.
Thank you for helping us out.
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.