[SOLVED] Windows Update kb4471318 Failed

D

DMHdragons

Member
Joined
Dec 16, 2018
Posts
16
My windows update for KB4471318 has failed multiple times. I found the Windows update forum here and was following the instructions. I got to the point of installing and running the SFCfix and the warning in that program said to make sure there were not malware installed before running. So that is what I'm doing.

I have followed the instructions in the malware removal posting instructions and downloaded the Farbar recovery Scan Tool.

scan logs to follow.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09.12.2018
Ran by Delacia (administrator) on DELACIA-PC (16-12-2018 15:31:27)
Running from C:\Users\Delacia\Desktop
Loaded Profiles: Delacia (Available Profiles: Delacia & Delacia_2)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\AEstSrv.exe
(DeviceVM, Inc.) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Dashlane, Inc.) C:\Users\Delacia\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane, Inc.) C:\Users\Delacia\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-02-26] (IDT, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKU\S-1-5-21-258222910-2402859807-2480419078-1000\...\Run: [Dashlane] => C:\Users\Delacia\AppData\Roaming\Dashlane\Dashlane.exe [391248 2018-11-27] (Dashlane, Inc.)
HKU\S-1-5-21-258222910-2402859807-2480419078-1000\...\Run: [DashlanePlugin] => C:\Users\Delacia\AppData\Roaming\Dashlane\DashlanePlugin.exe [404560 2018-11-27] (Dashlane, Inc.)
HKU\S-1-5-21-258222910-2402859807-2480419078-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Media Suite.lnk [2010-05-12]
ShortcutTarget: HP Media Suite.lnk -> C:\Program Files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe (ArcSoft Inc.)
Startup: C:\Users\Delacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2018-01-24]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (No File)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{427451A2-3F51-49B4-B04B-1EC7CE825D6D}: [DhcpNameServer] 192.168.0.1 205.171.3.25


Internet Explorer:
==================
HKU\S-1-5-21-258222910-2402859807-2480419078-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {A4834EF8-F973-4612-BABC-CDEDECA41D70} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5459096D-9E9C-4109-8D4F-8CA711CB7525} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {780356D3-EEAB-446C-9450-7F453804D1FD} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {A4834EF8-F973-4612-BABC-CDEDECA41D70} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-258222910-2402859807-2480419078-1000 -> DefaultScope {A4834EF8-F973-4612-BABC-CDEDECA41D70} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-258222910-2402859807-2480419078-1000 -> {5459096D-9E9C-4109-8D4F-8CA711CB7525} URL =
SearchScopes: HKU\S-1-5-21-258222910-2402859807-2480419078-1000 -> {780356D3-EEAB-446C-9450-7F453804D1FD} URL =
SearchScopes: HKU\S-1-5-21-258222910-2402859807-2480419078-1000 -> {A4834EF8-F973-4612-BABC-CDEDECA41D70} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Delacia\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2018-11-27] (Dashlane, Inc.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-12] (Sun Microsystems, Inc.)
Toolbar: HKLM - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Delacia\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2018-11-27] (Dashlane, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)


FireFox:
========
FF DefaultProfile: Edit Note: Email address removed by Corrine.
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-07-21] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-17] (Google Inc.)


Chrome:
=======
CHR Profile: C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default [2018-12-16]
CHR Extension: (Slides) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-28]
CHR Extension: (Docs) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-28]
CHR Extension: (Google Drive) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-28]
CHR Extension: (Translator) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blndkmebkmenignoajhoemebccmmfjib [2018-12-09]
CHR Extension: (YouTube) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-28]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2018-12-09]
CHR Extension: (Sheets) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-28]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2018-01-28]
CHR Extension: (Google Docs Offline) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-09]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-17]
CHR Extension: (Gmail) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-28]
CHR Extension: (Chrome Media Router) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-15]


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-03-31] (DeviceVM, Inc.)
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [238328 2010-01-04] (WildTangent, Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-03-24] (Hewlett-Packard) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26168 2010-04-09] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\STacSV.exe [229458 2010-02-26] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [18136 2009-11-11] (DeviceVM, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2018-12-16 15:17 - 2018-12-16 15:20 - 000027324 _____ C:\Users\Delacia\Desktop\Addition.txt
2018-12-16 15:11 - 2018-12-16 15:33 - 000012978 _____ C:\Users\Delacia\Desktop\FRST.txt
2018-12-16 15:10 - 2018-12-16 15:31 - 000000000 ____D C:\FRST
2018-12-16 14:14 - 2018-12-16 14:17 - 001776640 _____ (Farbar) C:\Users\Delacia\Desktop\FRST.exe
2018-12-16 13:13 - 2018-12-16 13:13 - 000000000 ____D C:\Users\Delacia\AppData\Local\niemiro
2018-12-16 13:12 - 2018-12-16 13:12 - 002884096 _____ (niemiro) C:\Users\Delacia\Downloads\SFCFix.exe
2018-12-16 12:59 - 2018-12-16 12:59 - 000000000 ____D C:\Users\Delacia\AppData\Local\ElevatedDiagnostics
2018-12-16 12:39 - 2018-12-16 12:39 - 000313366 _____ C:\Users\Delacia\Downloads\WindowsUpdate.diagcab
2018-12-09 15:31 - 2018-12-09 15:31 - 000238892 _____ C:\Users\Delacia\Documents\cc_20181209_153111.reg
2018-12-09 13:26 - 2018-12-09 13:26 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-09 13:26 - 2018-12-09 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-12-09 13:25 - 2018-12-09 13:26 - 000000000 ____D C:\Program Files\CCleaner
2018-12-09 12:47 - 2018-12-09 13:24 - 018177128 _____ (Piriform Software Ltd) C:\Users\Delacia\Downloads\ccsetup550.exe
2018-12-09 11:03 - 2018-12-09 11:03 - 000000000 ____D C:\Users\Delacia\AppData\LocalLow\Dashlane
2018-12-09 11:02 - 2018-12-09 11:02 - 000001885 _____ C:\Users\Delacia\Desktop\Dashlane.lnk
2018-12-09 11:02 - 2018-12-09 11:02 - 000001699 _____ C:\Users\Delacia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane.lnk
2018-12-09 11:01 - 2018-12-09 11:01 - 000000000 ____D C:\Program Files\Dashlane
2018-12-09 10:52 - 2018-12-09 11:03 - 000000000 ____D C:\Users\Delacia\AppData\Roaming\Dashlane
2018-12-09 10:52 - 2018-12-09 10:52 - 000000000 ____D C:\Users\Delacia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2018-12-09 10:52 - 2018-12-09 10:52 - 000000000 ____D C:\Users\Delacia\AppData\Local\Packages
2018-12-09 10:48 - 2018-12-09 10:50 - 000845680 _____ (Dashlane Inc.) C:\Users\Delacia\Downloads\DashlaneInst.exe
2018-12-09 09:07 - 2018-06-08 06:05 - 002703872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-12-09 09:06 - 2018-06-13 10:59 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-12-09 09:06 - 2018-06-13 08:53 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-11-24 16:37 - 2018-11-24 16:37 - 000000000 ____D C:\Users\Delacia\AppData\Local\Microsoft Corporation
2018-11-24 16:36 - 2018-11-24 16:36 - 000002085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2018-11-24 16:36 - 2018-11-24 16:36 - 000000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2018-11-24 16:32 - 2018-11-24 16:32 - 008669472 _____ (Microsoft Corporation) C:\Users\Delacia_2\Downloads\Windows7UpgradeAdvisorSetup.exe
2018-11-24 16:29 - 2018-11-24 16:29 - 000000000 ____D C:\Users\Delacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2018-12-16 15:16 - 2009-09-06 16:02 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-16 15:16 - 2009-07-13 21:34 - 000014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-16 15:16 - 2009-07-13 21:34 - 000014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-16 15:16 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\inf
2018-12-16 15:08 - 2009-07-13 21:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-15 09:00 - 2016-12-25 21:56 - 000000000 ____D C:\Windows\system32\MRT
2018-12-15 08:50 - 2016-12-25 21:56 - 134209608 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-15 07:58 - 2016-12-25 21:49 - 000083208 _____ C:\Users\Delacia\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-15 07:57 - 2009-07-13 21:33 - 000334832 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-10 15:04 - 2016-12-25 21:55 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-09 14:47 - 2018-01-28 08:46 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-09 14:47 - 2018-01-28 08:46 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-09 14:43 - 2009-09-06 16:51 - 000000000 ____D C:\Windows\Panther
2018-12-09 12:18 - 2017-07-23 11:34 - 000000000 ____D C:\Windows\system32\appraiser


Some files in TEMP:
====================
2016-12-26 09:34 - 2016-12-26 09:34 - 000077824 _____ (Eclipse Foundation) C:\Users\Delacia_2\AppData\Local\Temp\swt-gdip-win32-3448.dll
2016-12-26 09:34 - 2016-12-26 09:34 - 000335872 _____ (Eclipse Foundation) C:\Users\Delacia_2\AppData\Local\Temp\swt-win32-3448.dll
2016-12-26 09:34 - 2018-01-27 08:23 - 000198144 _____ () C:\Users\Delacia_2\AppData\Local\Temp\WindowsAPI.dll


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2018-12-16 14:54
 
Last edited by a moderator:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09.12.2018
Ran by Delacia (16-12-2018 15:34:49)
Running from C:\Users\Delacia\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) (2016-12-26 04:42:53)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-258222910-2402859807-2480419078-500 - Administrator - Disabled)
Delacia (S-1-5-21-258222910-2402859807-2480419078-1000 - Administrator - Enabled) => C:\Users\Delacia
Delacia_2 (S-1-5-21-258222910-2402859807-2480419078-1001 - Limited - Enabled) => C:\Users\Delacia_2
Guest (S-1-5-21-258222910-2402859807-2480419078-501 - Limited - Disabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader 9.3 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
ArcSoft WebCam Companion 3 (HKLM\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
Bejeweled 2 Deluxe (HKLM\...\WT082192) (Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (HKLM\...\WT082124) (Version: 2.2.0.82 - WildTangent) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
Chuzzle Deluxe (HKLM\...\WT082200) (Version: 2.2.0.82 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2529 - CyberLink Corp.)
Dashlane (HKU\S-1-5-21-258222910-2402859807-2480419078-1000\...\Dashlane) (Version: 6.1848.0.15588 - Dashlane, Inc.)
Diner Dash 2 Restaurant Rescue (HKLM\...\WT082396) (Version: 2.2.0.82 - WildTangent) Hidden
Dream Chronicles (HKLM\...\WT083521) (Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Faerie Solitaire (HKLM\...\WT082442) (Version: 2.2.0.82 - WildTangent) Hidden
FATE (HKLM\...\WT082141) (Version: 2.2.0.82 - WildTangent) Hidden
Gem Shop (HKLM\...\WT083529) (Version: 2.2.0.82 - WildTangent) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP HomeBase (HKLM\...\{4F22707C-C8E4-4BC8-881C-FAAB2EF5914B}) (Version: 3.2.2.70 - ArcSoft)
HP Quick Launch (HKLM\...\{40C915B0-F2A0-423D-BEDF-04D3CE4D4DC5}) (Version: 2.0.10 - Hewlett-Packard Company)
HP QuickSync (HKLM\...\{DB23EB2A-5137-4FA0-9A90-AAAABE4AADBA}) (Version: 5.5.609.9414 - Hewlett-Packard)
HP QuickWeb Installer (HKLM\...\{394FA67A-FF0A-4356-BB77-D85E5A300BDE}) (Version: 1.2.16.0 - DeviceVM Inc.)
HP Setup (HKLM\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard)
HP Software Framework (HKLM\...\{DA200FDD-DE3D-4958-8465-C4FBC869544B}) (Version: 3.5.20.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM\...\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}) (Version: 4.4.6.3 - Hewlett-Packard)
HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0214 (HKLM\...\{6590DC16-A0D3-4397-9A91-C4E8836E40A4}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}) (Version: 4.0.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6272.0 - IDT)
Insaniquarium Deluxe (HKLM\...\WT082222) (Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
IntelĀ® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Jewel Match 2 (HKLM\...\WT083503) (Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest II (HKLM\...\WT083514) (Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire (HKLM\...\WT083510) (Version: 2.2.0.82 - WildTangent) Hidden
JoJo's Fashion Show (HKLM\...\WT083489) (Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (HKLM\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Mahjongg Artifacts (HKLM\...\WT082409) (Version: 2.2.0.82 - WildTangent) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Penguins! (HKLM\...\WT082168) (Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (HKLM\...\WT082170) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (HKLM\...\WT082172) (Version: 2.2.0.82 - WildTangent) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) Hidden
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2725 - CyberLink Corp.) Hidden
Slingo Deluxe (HKLM\...\WT082427) (Version: 2.2.0.82 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
Times Reader (HKLM\...\{491ADA37-04EE-2ECE-9F86-DDC0106047AC}) (Version: 2.055 - The New York Times Company) Hidden
Times Reader (HKLM\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Virtual Villagers - The Secret City (HKLM\...\WT082241) (Version: 2.2.0.82 - WildTangent) Hidden
Wedding Dash (HKLM\...\WT082422) (Version: 2.2.0.82 - WildTangent) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma Deluxe (HKLM\...\WT082246) (Version: 2.2.0.82 - WildTangent) Hidden


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-10-25] (Intel Corporation)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {3715781E-9678-44B2-B8BA-5BEF9D1F4A3D} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
Task: {3CE27D8E-B79F-45A1-B8CE-7169FFADE6AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-01-28] (Google Inc.)
Task: {3D8D1F75-11FB-4CE7-B263-571E5D2FC67C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)
Task: {4C63AF35-DCAF-4091-915D-05EECC71CCD4} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe
Task: {4E1788AC-1804-4429-BF22-8764560B8D6A} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
Task: {536F89D6-CB83-464B-BF8C-F4BB500752F4} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {6E5C78D0-276A-45A7-B8F9-082F18D89AAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-01-28] (Google Inc.)
Task: {70BFC301-777F-4E36-BF8C-9315083D56E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2018-07-03] (Microsoft)
Task: {A00FF426-BAF6-4747-B688-52EC0ACF87D0} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-26] ()
Task: {BE9C7F82-2284-48F0-BD2E-8C1FB31F086B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2018-07-03] (Microsoft)
Task: {C1ECBC2E-71E7-4582-8958-CB9E5284A0CA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {C44C4738-3AB0-44F0-A87B-6E30C5086A5B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {D0E06C40-C423-49BB-97C0-D6689B032423} - System32\Tasks\RecoveryCDWin7 => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-26] ()
Task: {F65743F4-AB5C-4B92-83DE-D5E128F42DCA} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)




ShortcutWithArgument: C:\Users\Delacia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki


==================== Loaded Modules (Whitelisted) ==============


2010-04-09 15:43 - 2010-04-09 15:43 - 000026168 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2010-04-05 11:12 - 2010-04-05 11:12 - 000267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-04-05 11:11 - 2010-04-05 11:11 - 000030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 11:12 - 2010-04-05 11:12 - 000052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 19:04 - 2009-06-10 14:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-258222910-2402859807-2480419078-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


If an entry is included in the fixlist, it will be removed.


MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{0B675D67-9A76-4EAC-97B3-BC8816D1B8B0}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{94B5AA1C-54BC-46B6-B60F-E184C2B9DA17}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C1DE215D-37B3-4B19-9B2A-89F29BDE0C8B}] => (Allow) svchost.exe
FirewallRules: [{8CFFF0F4-4A89-41BE-BF5F-358173EAB123}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{C1452932-A375-477C-8CF4-62B897AEEEEA}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Music\HPMusic.exe
FirewallRules: [{E6DCA3AE-6028-44E7-AA1A-BF477F10E6FB}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Music\HPMusic.exe
FirewallRules: [{BE268FFA-E09D-4FF7-88C6-A257A9DC34AB}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Photo\HPPhoto.exe
FirewallRules: [{42BF87DD-F6BF-42A5-8923-AC01594C2EC3}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Photo\HPPhoto.exe
FirewallRules: [{4DA2A831-D202-4934-813D-D7A474D9BEC2}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Video\HPVideo.exe
FirewallRules: [{AD8F6E9B-2D0E-4F51-9AB1-0161172DA8E7}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Video\HPVideo.exe
FirewallRules: [{E85992DC-F8CF-4F84-AE4A-1BDD3FA4FF96}] => (Allow) C:\Windows\System32\javaw.exe
FirewallRules: [{82F3C9B2-89B3-4D06-9177-2D8CABCB685A}] => (Allow) C:\Windows\System32\javaw.exe
FirewallRules: [{7809BF9B-2462-4233-9FD4-B0E1515AE5E0}] => (Allow) LPort=5353
FirewallRules: [{014E1FBE-2688-4865-B11D-8846098F80A8}] => (Allow) LPort=8182
FirewallRules: [{FCD789C6-7A92-4A72-A470-A78EEE16742D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E78147C5-7D47-4B52-BD47-B41712A6EFF8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{7544326B-CDA3-4561-918B-44C47BB60935}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{81C25C2B-4D68-4255-8E86-DCC2EFF204EF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Restore Points =========================


22-06-2018 17:27:42 Windows Update
23-06-2018 14:39:01 Windows Update
07-07-2018 09:26:55 Windows Update
05-08-2018 09:58:25 Windows Update
24-11-2018 16:34:45 Installed Windows 7 Upgrade Advisor
09-12-2018 09:06:00 Windows Update
09-12-2018 10:58:20 Windows Update
09-12-2018 12:42:11 Windows Update
15-12-2018 08:35:46 Windows Update
16-12-2018 10:06:26 Windows Update
16-12-2018 10:41:17 Windows Update
16-12-2018 13:49:40 Windows Update
16-12-2018 15:01:18 Windows Update


==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (08/05/2018 10:47:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "G:\iTunes64Setup.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


Error: (06/22/2018 04:51:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Detect_RecoveryDiscReminder_V2.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at Detect_RecoveryDiscReminder_V2.Program.Main(System.String[])


Error: (06/17/2018 03:45:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPSF.exe version 4.4.6.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: 3a4


Start Time: 01d4068c754cc7cd


Termination Time: 183


Application Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe


Report Id: 1eff7e56-7280-11e8-8d7c-fa4fb34334ca


Error: (01/26/2018 04:54:07 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.


Error: (01/26/2018 04:52:16 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.


Error: (01/25/2018 07:22:47 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.


Context: Application, SystemIndex Catalog


Error: (01/25/2018 06:58:59 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Delacia-PC)
Description: Application or service 'MSNĀ® Toolbar' could not be shut down.


Error: (01/25/2018 06:43:38 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files\common files\adobe air\versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\program files\common files\adobe air\versions\1.0\Adobe AIR.dll" on line 3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.




System errors:
=============
Error: (12/16/2018 03:08:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Error: (12/16/2018 03:07:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2018-12 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4471318).


Error: (12/16/2018 01:53:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Error: (12/16/2018 01:51:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 2018-12 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4471318).


Error: (12/16/2018 01:34:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Error: (12/16/2018 11:22:38 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.


New Signature Version:


Previous Signature Version: 1.283.671.0


Update Source: Microsoft Malware Protection Center


Update Stage: Install


Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094


Signature Type: AntiSpyware


Update Type: Full


User: NT AUTHORITY\NETWORK SERVICE


Current Engine Version:


Previous Engine Version: 1.1.15500.2


Error code: 0x80070652


Error description: Another installation is already in progress. Complete that installation before proceeding with this install.


Error: (12/16/2018 11:22:38 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.


New Signature Version:


Previous Signature Version: 1.283.671.0


Update Source: Microsoft Malware Protection Center


Update Stage: Install


Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094


Signature Type: AntiVirus


Update Type: Full


User: NT AUTHORITY\NETWORK SERVICE


Current Engine Version:


Previous Engine Version: 1.1.15500.2


Error code: 0x80070652


Error description: Another installation is already in progress. Complete that installation before proceeding with this install.


Error: (12/16/2018 11:22:35 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.


New Signature Version:


Previous Signature Version:


Update Source: User


Update Stage: Install


Source Path:


Signature Type:


Update Type:


User: NT AUTHORITY\NETWORK SERVICE


Current Engine Version:


Previous Engine Version:


Error code: 0x80070652


Error description: Another installation is already in progress. Complete that installation before proceeding with this install.




==================== Memory info ===========================


Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz
Percentage of memory in use: 67%
Total physical RAM: 1012.2 MB
Available physical RAM: 330.07 MB
Total Virtual: 2036.2 MB
Available Virtual: 1083.8 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:218.15 GB) (Free:179.41 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.44 GB) (Free:2.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32


\\?\Volume{b8495e74-cb24-11e6-bf8a-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 3F2EB0A1)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=218.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
Hi, DMHdragons. Welcome to Sysnative.

1. Although unrelated to your Windows Update problem, you have some very outdated and extremely vulnerable Adobe software on your computer that has had numerous critical security updates. Please uninstall the following programs:
  • Acrobat.com
  • Adobe AIR
  • Adobe Flash Player 10 ActiveX
  • Adobe Reader 9.3
  • Adobe Shockwave Player

The latest version of Adobe Acrobat and Reader is available from here.

The latest version of Adobe Air is available from the AIR Download Center.

Installation links for Windows 7 are provided by Adobe at Installation problems | Flash Player | Windows 7 and earlier:

Generally, most people no longer need Adobe Shockwave Player. I suggest you hold off reinstalling it but if you find it is needed, the latest version is available at Adobe - Adobe Shockwave Player.

Note: For all Adobe products, please be sure to UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

2. Most people no longer need Java installed. The most likely scenario is playing on-line games generally requires Java. However, since you have a lot of computer games on your computer, it is likely that it is needed. However, I strongly suggest you consider uninstalling Java(TM) 6 Update 18 and only install the latest version if you are prompted to do s, in which case you can get the latest version from https://www.oracle.com/technetwork/java/javase/downloads/index.html. Again, UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

3. Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The log is available from the History tab. Please post it contents in your next reply.
 
Hi Corrine,

Sorry for the delay in my reply. I finally had some time to complete the above steps. I wasn't able to find the Shock wave to uninstall, and do to this computer being bought from a pawn shop the games are from the previous owner. I do not want the games and would like to clean this computer up.

Below is the report. Looks like no threats were detected.


Malwarebytes
Malwarebytes Cybersecurity for Windows, Mac, Android & iOS | Malwarebytes


-Log Details-
Scan Date: 12/26/18
Scan Time: 9:40 AM
Log File: e6b0606a-092c-11e9-95bf-000000000000.json


-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.508
Update Package Version: 1.0.8507
License: Trial


-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Delacia-PC\Delacia


-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 192644
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 20 min, 0 sec


-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect


-Scan Details-
Process: 0
(No malicious items detected)


Module: 0
(No malicious items detected)


Registry Key: 0
(No malicious items detected)


Registry Value: 0
(No malicious items detected)


Registry Data: 0
(No malicious items detected)


Data Stream: 0
(No malicious items detected)


Folder: 0
(No malicious items detected)


File: 0
(No malicious items detected)


Physical Sector: 0
(No malicious items detected)


WMI: 0
(No malicious items detected)




(end)
 
Hi, DMHDraggons.

Adobe Shockwave Player is shown under Installed Programs. Please check again.

There are a LOT of games installed. The best thing for you to do at this point is to uninstall each game you no longer want on your computer. Follow that with also uninstalling Java(TM) 6 Update 18.

After that has been completed, please restart the computer and then post fresh FRST logs according to the instructions below so we can see where things stand.

Please do the following to provide fresh FRST logs:
  • Download a fresh copy of the Farbar Recovery Scan Tool (FRST) and save it to your Desktop. As before, select the version compatible with your system (32- or 64-bit).
  • Right-click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • Please copy/paste both logs in your reply.
 
No, it isn't necessary to uninstall. (Hope you had fun installing all those games. :smile9: )
 
OK, so I have run into a snag. Previously, I didn't have any issues downloading FRST. But now I'm getting a message that tells me "FRST.exe in not commonly downloaded and may be dangerous.". What should I do now?
 
That would have either been from Chrome or Microsoft Security Essentials. As long as you are downloading it from the link I provided, FRST is safe to download, which you know having previously downloaded and run it.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28.12.2018 01
Ran by Delacia (administrator) on DELACIA-PC (28-12-2018 12:28:36)
Running from C:\Users\Delacia\Desktop
Loaded Profiles: Delacia (Available Profiles: Delacia & Delacia_2)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\AEstSrv.exe
(DeviceVM, Inc.) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dashlane, Inc.) C:\Users\Delacia\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane, Inc.) C:\Users\Delacia\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe


==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


"Path" (%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11\Driver -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11\Driver) <==== Repaired successfully
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-02-26] (IDT, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKU\S-1-5-21-258222910-2402859807-2480419078-1000\...\Run: [Dashlane] => C:\Users\Delacia\AppData\Roaming\Dashlane\Dashlane.exe [391248 2018-11-27] (Dashlane, Inc.)
HKU\S-1-5-21-258222910-2402859807-2480419078-1000\...\Run: [DashlanePlugin] => C:\Users\Delacia\AppData\Roaming\Dashlane\DashlanePlugin.exe [404560 2018-11-27] (Dashlane, Inc.)
HKU\S-1-5-21-258222910-2402859807-2480419078-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\System32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\...\Drivers32: [msacm.siren] => C:\Windows\System32\sirenacm.dll [48448 2009-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Media Suite.lnk [2010-05-12]
ShortcutTarget: HP Media Suite.lnk -> C:\Program Files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe (ArcSoft Inc.)
Startup: C:\Users\Delacia_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2018-01-24]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (No File)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{427451A2-3F51-49B4-B04B-1EC7CE825D6D}: [DhcpNameServer] 192.168.0.1 205.171.3.25


Internet Explorer:
==================
HKU\S-1-5-21-258222910-2402859807-2480419078-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {A4834EF8-F973-4612-BABC-CDEDECA41D70} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5459096D-9E9C-4109-8D4F-8CA711CB7525} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {780356D3-EEAB-446C-9450-7F453804D1FD} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {A4834EF8-F973-4612-BABC-CDEDECA41D70} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-258222910-2402859807-2480419078-1000 -> DefaultScope {A4834EF8-F973-4612-BABC-CDEDECA41D70} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-258222910-2402859807-2480419078-1000 -> {5459096D-9E9C-4109-8D4F-8CA711CB7525} URL =
SearchScopes: HKU\S-1-5-21-258222910-2402859807-2480419078-1000 -> {780356D3-EEAB-446C-9450-7F453804D1FD} URL =
SearchScopes: HKU\S-1-5-21-258222910-2402859807-2480419078-1000 -> {A4834EF8-F973-4612-BABC-CDEDECA41D70} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
BHO: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Delacia\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2018-11-27] (Dashlane, Inc.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Toolbar: HKLM - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Delacia\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2018-11-27] (Dashlane, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)


FireFox:
========
FF DefaultProfile: Edit Note Email address removed by Corrine.
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-07-21] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)


Chrome:
=======
CHR Profile: C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default [2018-12-28]
CHR Extension: (Slides) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-28]
CHR Extension: (Docs) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-28]
CHR Extension: (Google Drive) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-28]
CHR Extension: (Translator) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blndkmebkmenignoajhoemebccmmfjib [2018-12-09]
CHR Extension: (YouTube) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-28]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2018-12-09]
CHR Extension: (Sheets) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-28]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2018-01-28]
CHR Extension: (Google Docs Offline) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-09]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-12-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-17]
CHR Extension: (Gmail) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-28]
CHR Extension: (Chrome Media Router) - C:\Users\Delacia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-28]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-03-31] (DeviceVM, Inc.)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-11] (Google Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-03-24] (Hewlett-Packard) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26168 2010-04-09] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\STacSV.exe [229458 2010-02-26] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [18136 2009-11-11] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-12-04] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2018-12-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2018-12-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2018-12-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2018-12-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2018-12-28] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2018-12-28 12:28 - 2018-12-28 12:28 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-28 12:27 - 2018-12-28 12:27 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-28 12:27 - 2018-12-28 12:27 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-28 12:27 - 2018-12-28 12:27 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-28 12:04 - 2018-12-28 12:04 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-28 12:04 - 2018-12-28 12:04 - 000001977 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-12-28 12:00 - 2018-12-28 12:01 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-12-28 11:49 - 2018-12-28 11:49 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-12-28 11:49 - 2018-12-28 11:49 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-12-28 11:47 - 2018-12-28 12:00 - 000000000 ____D C:\Program Files\Adobe
2018-12-28 11:47 - 2018-12-28 11:47 - 000000000 ____D C:\Program Files\Common Files\Adobe AIR
2018-12-28 11:32 - 2018-12-28 11:33 - 011536984 _____ (Adobe Systems Inc.) C:\Users\Delacia\Downloads\AdobeAIRInstaller.exe
2018-12-28 11:26 - 2018-12-28 11:28 - 001781248 _____ (Farbar) C:\Users\Delacia\Desktop\FRST.exe
2018-12-26 19:44 - 2018-12-14 16:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-26 19:44 - 2018-12-13 23:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-12-26 19:44 - 2018-12-13 23:51 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-12-26 19:44 - 2018-12-13 23:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-12-26 19:44 - 2018-12-13 23:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-12-26 19:44 - 2018-12-13 23:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-12-26 19:44 - 2018-12-13 23:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-12-26 19:44 - 2018-12-13 23:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-12-26 19:44 - 2018-12-13 23:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-12-26 19:44 - 2018-12-13 23:33 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-12-26 19:44 - 2018-12-13 23:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-26 19:44 - 2018-12-13 23:29 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-12-26 19:44 - 2018-12-13 23:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-12-26 19:44 - 2018-12-13 23:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-12-26 19:44 - 2018-12-13 23:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-12-26 19:44 - 2018-12-13 23:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-12-26 19:44 - 2018-12-13 23:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-12-26 19:44 - 2018-12-13 23:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-12-26 19:44 - 2018-12-13 23:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-12-26 19:44 - 2018-12-13 23:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-12-26 19:44 - 2018-12-13 23:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-12-26 19:44 - 2018-12-13 23:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-26 19:44 - 2018-12-13 23:11 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-12-26 19:44 - 2018-12-13 22:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-26 19:44 - 2018-12-13 22:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-26 19:44 - 2018-12-13 22:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-26 19:43 - 2018-12-13 23:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-26 19:43 - 2018-12-13 23:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-26 19:43 - 2018-12-13 23:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-12-26 19:43 - 2018-12-13 23:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-12-26 19:43 - 2018-12-13 23:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-26 19:43 - 2018-12-13 23:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-26 19:43 - 2018-12-13 23:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-12-26 19:43 - 2018-12-13 23:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-26 19:43 - 2018-12-13 23:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-26 19:43 - 2018-12-13 23:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-12-26 09:38 - 2018-12-26 09:38 - 000000000 ____D C:\Users\Delacia\AppData\Local\mbamtray
2018-12-26 09:38 - 2018-12-26 09:38 - 000000000 ____D C:\Users\Delacia\AppData\Local\mbam
2018-12-26 09:37 - 2018-12-26 09:37 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-26 09:35 - 2018-12-26 09:35 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-26 09:35 - 2018-12-26 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-26 09:35 - 2018-12-26 09:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-26 09:35 - 2018-12-26 09:35 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-26 09:35 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-26 09:28 - 2018-12-26 09:31 - 081227760 _____ (Malwarebytes ) C:\Users\Delacia\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-26 09:08 - 2018-12-26 09:08 - 007895040 _____ C:\Program Files\GUT8F06.tmp
2018-12-26 09:08 - 2018-12-26 09:08 - 000000000 ____D C:\Program Files\GUM8F05.tmp
2018-12-16 15:17 - 2018-12-16 15:36 - 000027325 _____ C:\Users\Delacia\Desktop\Addition.txt
2018-12-16 15:11 - 2018-12-28 12:32 - 000013876 _____ C:\Users\Delacia\Desktop\FRST.txt
2018-12-16 15:10 - 2018-12-28 12:28 - 000000000 ____D C:\FRST
2018-12-16 13:13 - 2018-12-16 13:13 - 000000000 ____D C:\Users\Delacia\AppData\Local\niemiro
2018-12-16 13:12 - 2018-12-16 13:12 - 002884096 _____ (niemiro) C:\Users\Delacia\Downloads\SFCFix.exe
2018-12-16 12:59 - 2018-12-16 12:59 - 000000000 ____D C:\Users\Delacia\AppData\Local\ElevatedDiagnostics
2018-12-16 12:39 - 2018-12-16 12:39 - 000313366 _____ C:\Users\Delacia\Downloads\WindowsUpdate.diagcab
2018-12-09 15:31 - 2018-12-09 15:31 - 000238892 _____ C:\Users\Delacia\Documents\cc_20181209_153111.reg
2018-12-09 13:26 - 2018-12-09 13:26 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-09 13:26 - 2018-12-09 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-12-09 13:25 - 2018-12-09 13:26 - 000000000 ____D C:\Program Files\CCleaner
2018-12-09 12:47 - 2018-12-09 13:24 - 018177128 _____ (Piriform Software Ltd) C:\Users\Delacia\Downloads\ccsetup550.exe
2018-12-09 11:03 - 2018-12-09 11:03 - 000000000 ____D C:\Users\Delacia\AppData\LocalLow\Dashlane
2018-12-09 11:02 - 2018-12-09 11:02 - 000001885 _____ C:\Users\Delacia\Desktop\Dashlane.lnk
2018-12-09 11:02 - 2018-12-09 11:02 - 000001699 _____ C:\Users\Delacia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane.lnk
2018-12-09 11:01 - 2018-12-09 11:01 - 000000000 ____D C:\Program Files\Dashlane
2018-12-09 10:52 - 2018-12-09 11:03 - 000000000 ____D C:\Users\Delacia\AppData\Roaming\Dashlane
2018-12-09 10:52 - 2018-12-09 10:52 - 000000000 ____D C:\Users\Delacia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2018-12-09 10:52 - 2018-12-09 10:52 - 000000000 ____D C:\Users\Delacia\AppData\Local\Packages
2018-12-09 10:48 - 2018-12-09 10:50 - 000845680 _____ (Dashlane Inc.) C:\Users\Delacia\Downloads\DashlaneInst.exe
2018-12-09 09:07 - 2018-06-08 06:05 - 002703872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-12-09 09:06 - 2018-06-13 10:59 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-12-09 09:06 - 2018-06-13 08:53 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-12-09 09:06 - 2018-06-08 06:05 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2018-12-28 12:32 - 2009-07-13 21:34 - 000014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-28 12:32 - 2009-07-13 21:34 - 000014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-28 12:26 - 2009-07-13 21:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-28 12:22 - 2016-12-26 18:26 - 000000000 ____D C:\Users\Delacia\AppData\Local\Adobe
2018-12-28 11:57 - 2010-05-12 21:02 - 000000000 ____D C:\ProgramData\Adobe
2018-12-28 11:49 - 2010-05-12 19:37 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-28 11:47 - 2016-12-26 17:49 - 000000000 ____D C:\Users\Delacia\AppData\Roaming\Adobe
2018-12-28 11:08 - 2009-09-06 16:02 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-28 11:08 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\inf
2018-12-27 10:07 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-12-26 19:54 - 2018-01-28 08:46 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-26 19:54 - 2018-01-28 08:46 - 000002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-26 10:39 - 2010-05-12 19:43 - 000000000 ____D C:\ProgramData\WildTangent
2018-12-26 10:39 - 2010-05-12 19:43 - 000000000 ____D C:\Program Files\HP Games
2018-12-26 10:39 - 2009-07-13 21:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-12-26 09:15 - 2009-07-13 19:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-12-15 09:00 - 2016-12-25 21:56 - 000000000 ____D C:\Windows\system32\MRT
2018-12-15 08:50 - 2016-12-25 21:56 - 134209608 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-15 07:58 - 2016-12-25 21:49 - 000083208 _____ C:\Users\Delacia\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-15 07:57 - 2009-07-13 21:33 - 000334832 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-10 15:04 - 2016-12-25 21:55 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-09 14:43 - 2009-09-06 16:51 - 000000000 ____D C:\Windows\Panther
2018-12-09 12:18 - 2017-07-23 11:34 - 000000000 ____D C:\Windows\system32\appraiser


==================== Files in the root of some directories =======


2018-12-26 09:08 - 2018-12-26 09:08 - 007895040 _____ () C:\Program Files\GUT8F06.tmp


Some files in TEMP:
====================
2016-12-26 09:34 - 2016-12-26 09:34 - 000077824 _____ (Eclipse Foundation) C:\Users\Delacia_2\AppData\Local\Temp\swt-gdip-win32-3448.dll
2016-12-26 09:34 - 2016-12-26 09:34 - 000335872 _____ (Eclipse Foundation) C:\Users\Delacia_2\AppData\Local\Temp\swt-win32-3448.dll
2016-12-26 09:34 - 2018-01-27 08:23 - 000198144 _____ () C:\Users\Delacia_2\AppData\Local\Temp\WindowsAPI.dll


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2018-12-16 14:54
 
Last edited by a moderator:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28.12.2018 01
Ran by Delacia (28-12-2018 12:35:51)
Running from C:\Users\Delacia\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) (2016-12-26 04:42:53)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-258222910-2402859807-2480419078-500 - Administrator - Disabled)
Delacia (S-1-5-21-258222910-2402859807-2480419078-1000 - Administrator - Enabled) => C:\Users\Delacia
Delacia_2 (S-1-5-21-258222910-2402859807-2480419078-1001 - Limited - Enabled) => C:\Users\Delacia_2
Guest (S-1-5-21-258222910-2402859807-2480419078-501 - Limited - Disabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


ActiveCheck component for HP Active Support Library (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
ArcSoft WebCam Companion 3 (HKLM\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2529 - CyberLink Corp.)
Dashlane (HKU\S-1-5-21-258222910-2402859807-2480419078-1000\...\Dashlane) (Version: 6.1848.0.15588 - Dashlane, Inc.)
ESU for Microsoft Windows 7 (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Google Chrome (HKLM\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP HomeBase (HKLM\...\{4F22707C-C8E4-4BC8-881C-FAAB2EF5914B}) (Version: 3.2.2.70 - ArcSoft)
HP Quick Launch (HKLM\...\{40C915B0-F2A0-423D-BEDF-04D3CE4D4DC5}) (Version: 2.0.10 - Hewlett-Packard Company)
HP QuickSync (HKLM\...\{DB23EB2A-5137-4FA0-9A90-AAAABE4AADBA}) (Version: 5.5.609.9414 - Hewlett-Packard)
HP QuickWeb Installer (HKLM\...\{394FA67A-FF0A-4356-BB77-D85E5A300BDE}) (Version: 1.2.16.0 - DeviceVM Inc.)
HP Setup (HKLM\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard)
HP Software Framework (HKLM\...\{DA200FDD-DE3D-4958-8465-C4FBC869544B}) (Version: 3.5.20.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM\...\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}) (Version: 4.4.6.3 - Hewlett-Packard)
HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0214 (HKLM\...\{6590DC16-A0D3-4397-9A91-C4E8836E40A4}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}) (Version: 4.0.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6272.0 - IDT)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
IntelĀ® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Junk Mail filter update (HKLM\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) Hidden
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2725 - CyberLink Corp.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-10-25] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {12BADCD4-335C-41E3-96D9-C1084AF2255A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-28] (Adobe Systems Incorporated)
Task: {269D8EFF-A5F4-4441-9C45-7DA760850C15} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {3715781E-9678-44B2-B8BA-5BEF9D1F4A3D} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
Task: {3CE27D8E-B79F-45A1-B8CE-7169FFADE6AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-01-28] (Google Inc.)
Task: {3D8D1F75-11FB-4CE7-B263-571E5D2FC67C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)
Task: {4C63AF35-DCAF-4091-915D-05EECC71CCD4} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe
Task: {4E1788AC-1804-4429-BF22-8764560B8D6A} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
Task: {536F89D6-CB83-464B-BF8C-F4BB500752F4} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {6E5C78D0-276A-45A7-B8F9-082F18D89AAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-01-28] (Google Inc.)
Task: {70BFC301-777F-4E36-BF8C-9315083D56E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2018-07-03] (Microsoft)
Task: {A00FF426-BAF6-4747-B688-52EC0ACF87D0} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-26] ()
Task: {BE9C7F82-2284-48F0-BD2E-8C1FB31F086B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2018-07-03] (Microsoft)
Task: {C44C4738-3AB0-44F0-A87B-6E30C5086A5B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {D0E06C40-C423-49BB-97C0-D6689B032423} - System32\Tasks\RecoveryCDWin7 => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-26] ()
Task: {D418D470-4234-4DE5-971E-3BDB7FAFED38} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {DBDA3578-AA1D-437B-A8D5-FD98937FC070} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {E2806FFC-E01E-4A23-8341-EC65CA2EF091} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [2018-12-28] (Adobe Systems Incorporated)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)




ShortcutWithArgument: C:\Users\Delacia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki


==================== Loaded Modules (Whitelisted) ==============


2010-04-09 15:43 - 2010-04-09 15:43 - 000026168 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2018-12-26 09:35 - 2018-11-21 11:07 - 002327640 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-12-26 09:35 - 2018-11-15 11:01 - 002234688 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 19:04 - 2009-06-10 14:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-258222910-2402859807-2480419078-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


If an entry is included in the fixlist, it will be removed.


MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{0B675D67-9A76-4EAC-97B3-BC8816D1B8B0}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation)
FirewallRules: [{94B5AA1C-54BC-46B6-B60F-E184C2B9DA17}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
FirewallRules: [{C1DE215D-37B3-4B19-9B2A-89F29BDE0C8B}] => (Allow) svchost.exe (Microsoft Corporation)
FirewallRules: [{8CFFF0F4-4A89-41BE-BF5F-358173EAB123}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation)
FirewallRules: [{C1452932-A375-477C-8CF4-62B897AEEEEA}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Music\HPMusic.exe (ArcSoft Inc.)
FirewallRules: [{E6DCA3AE-6028-44E7-AA1A-BF477F10E6FB}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Music\HPMusic.exe (ArcSoft Inc.)
FirewallRules: [{BE268FFA-E09D-4FF7-88C6-A257A9DC34AB}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Photo\HPPhoto.exe (ArcSoft Inc.)
FirewallRules: [{42BF87DD-F6BF-42A5-8923-AC01594C2EC3}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Photo\HPPhoto.exe (ArcSoft Inc.)
FirewallRules: [{4DA2A831-D202-4934-813D-D7A474D9BEC2}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Video\HPVideo.exe (ArcSoft Inc.)
FirewallRules: [{AD8F6E9B-2D0E-4F51-9AB1-0161172DA8E7}] => (Allow) C:\PROGRA~1\HEWLET~1\HPMEDI~1\Video\HPVideo.exe (ArcSoft Inc.)
FirewallRules: [{E85992DC-F8CF-4F84-AE4A-1BDD3FA4FF96}] => (Allow) C:\Windows\System32\javaw.exe No File
FirewallRules: [{82F3C9B2-89B3-4D06-9177-2D8CABCB685A}] => (Allow) C:\Windows\System32\javaw.exe No File
FirewallRules: [{7809BF9B-2462-4233-9FD4-B0E1515AE5E0}] => (Allow) LPort=5353
FirewallRules: [{014E1FBE-2688-4865-B11D-8846098F80A8}] => (Allow) LPort=8182
FirewallRules: [{FCD789C6-7A92-4A72-A470-A78EEE16742D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
FirewallRules: [{E78147C5-7D47-4B52-BD47-B41712A6EFF8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{7544326B-CDA3-4561-918B-44C47BB60935}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{3D6652D9-CBA7-434A-BD57-579F1FDD3F5E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)


==================== Restore Points =========================


15-12-2018 08:35:46 Windows Update
16-12-2018 10:06:26 Windows Update
16-12-2018 10:41:17 Windows Update
16-12-2018 13:49:40 Windows Update
16-12-2018 15:01:18 Windows Update
16-12-2018 16:12:35 Windows Update
16-12-2018 18:43:34 Windows Update
26-12-2018 08:57:18 Removed Acrobat.com
26-12-2018 09:00:35 Removed Adobe Reader 9.3 MUI.
26-12-2018 09:04:34 Removed Times Reader
26-12-2018 09:07:03 Removed Microsoft Office Suite Activation Assistant.
26-12-2018 09:08:48 Removed Java(TM) 6 Update 18
26-12-2018 09:10:58 Windows Update
26-12-2018 09:10:59 Removed Compatibility Pack for the 2007 Office system
26-12-2018 09:14:56 Removed Microsoft Office PowerPoint Viewer 2007 (English)
27-12-2018 09:48:58 Windows Update
28-12-2018 10:52:13 Windows Update
28-12-2018 12:03:08 Windows Update


==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (12/28/2018 10:45:15 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner (5296) An attempt to open the file "C:\Users\Delacia\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).


Error: (08/05/2018 10:47:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "G:\iTunes64Setup.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


Error: (06/22/2018 04:51:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Detect_RecoveryDiscReminder_V2.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at Detect_RecoveryDiscReminder_V2.Program.Main(System.String[])


Error: (06/17/2018 03:45:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPSF.exe version 4.4.6.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: 3a4


Start Time: 01d4068c754cc7cd


Termination Time: 183


Application Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe


Report Id: 1eff7e56-7280-11e8-8d7c-fa4fb34334ca


Error: (01/26/2018 04:54:07 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.


Error: (01/26/2018 04:52:16 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.


Error: (01/25/2018 07:22:47 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.


Context: Application, SystemIndex Catalog


Error: (01/25/2018 06:58:59 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Delacia-PC)
Description: Application or service 'MSNĀ® Toolbar' could not be shut down.




System errors:
=============
Error: (12/28/2018 12:26:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Error: (12/28/2018 12:21:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DiagTrack service.


Error: (12/28/2018 11:07:47 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.


Error: (12/28/2018 11:04:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Wireless Assistant Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Error: (12/28/2018 11:04:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.


Error: (12/28/2018 11:03:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Error: (12/28/2018 11:03:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.


Error: (12/28/2018 11:03:09 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.




==================== Memory info ===========================


Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz
Percentage of memory in use: 90%
Total physical RAM: 1012.2 MB
Available physical RAM: 96.97 MB
Total Virtual: 2036.2 MB
Available Virtual: 1015.65 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:218.15 GB) (Free:182.16 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.44 GB) (Free:2.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32


\\?\Volume{b8495e74-cb24-11e6-bf8a-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 3F2EB0A1)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=218.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
That is a lot of games gone -- almost 3 GB!

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
2018-12-26 09:08 - 2018-12-26 09:08 - 007895040 _____ C:\Program Files\GUT8F06.tmp
2018-12-26 09:08 - 2018-12-26 09:08 - 000000000 ____D C:\Program Files\GUM8F05.tmp
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
FirewallRules: [{E85992DC-F8CF-4F84-AE4A-1BDD3FA4FF96}] => (Allow) C:\Windows\System32\javaw.exe No File
FirewallRules: [{82F3C9B2-89B3-4D06-9177-2D8CABCB685A}] => (Allow) C:\Windows\System32\javaw.exe No File
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 28.12.2018 01
Ran by Delacia (28-12-2018 16:50:38) Run:1
Running from C:\Users\Delacia\Desktop
Loaded Profiles: Delacia (Available Profiles: Delacia & Delacia_2)
Boot Mode: Normal


==============================================


fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
2018-12-26 09:08 - 2018-12-26 09:08 - 007895040 _____ C:\Program Files\GUT8F06.tmp
2018-12-26 09:08 - 2018-12-26 09:08 - 000000000 ____D C:\Program Files\GUM8F05.tmp
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
FirewallRules: [{E85992DC-F8CF-4F84-AE4A-1BDD3FA4FF96}] => (Allow) C:\Windows\System32\javaw.exe No File
FirewallRules: [{82F3C9B2-89B3-4D06-9177-2D8CABCB685A}] => (Allow) C:\Windows\System32\javaw.exe No File
EmptyTemp:


*****************


Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => removed successfully.
HKLM\Software\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => not found
C:\Program Files\GUT8F06.tmp => moved successfully
C:\Program Files\GUM8F05.tmp => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E85992DC-F8CF-4F84-AE4A-1BDD3FA4FF96}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82F3C9B2-89B3-4D06-9177-2D8CABCB685A}" => removed successfully.


=========== EmptyTemp: ==========


BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4414051 B
Java, Flash, Steam htmlcache => 510 B
Windows/system/drivers => 703076 B
Edge => 0 B
Chrome => 49179207 B
Firefox => 0 B
Opera => 0 B


Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 29550862 B
Public => 0 B
ProgramData => 0 B
systemprofile => 31213468 B
LocalService => 66228 B
NetworkService => 38898006 B
Delacia => 4998819 B
Delacia_2 => 578221116 B


RecycleBin => 0 B
EmptyTemp: => 711.1 MB temporary data Removed.


================================




The system needed a reboot.

I did reboot
 
If everything else is working as expected, you can go ahead ahead and delete the FRST files on your desktop.

Good luck, DMHdragons and Happy New Year!
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top