Jump to content

brownhornet

The SWAT Team
  • Content Count

    5,122
  • Joined

  • Last visited

Everything posted by brownhornet

  1. drive it like you stole it CB...
  2. joined back in 03 and am glad to have met him...he always had the best of the best hardware which made us all strive to better our rigs...be it overclocking or not he taught us all so much...sorry to see him go...RIP brother...
  3. was there anything left behind by the phone scam guy...just curious..
  4. hi, forgot to tell ya that i will have the laptop back after thanksgiving..the customers kids want to use it over the school break...happy thanksgiving....
  5. 192.168.2.1 for belkin..alot depends on the speed plan you have as well...would also try resetting router and changing channel and see if there is a firmware update. slow speed could also be on comcast's end. would also try unscrewing the coaxial cable and screwing back in..
  6. ran adw first and it cleaned some stuff...JRT came up witth nothing..MB cleaned some PUP items as well.. # AdwCleaner v6.030 - Logfile created 19/11/2016 at 17:12:06 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-11-19.2 [server] # Operating System : Windows 7 Ultimate Service Pack 1 (X64) # Username : Home - HOME-PC # Running from : C:\Users\Home\Downloads\adwcleaner_6.030.exe # Mode: Clean # Support : hxxps://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk ***** [ Files ] ***** [-] File deleted: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage [-] File deleted: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: aol.com [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: ask.com [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1558 Bytes] - [19/11/2016 17:12:06] C:\AdwCleaner\AdwCleaner[s1].txt - [758 Bytes] - [06/04/2016 15:25:15] C:\AdwCleaner\AdwCleaner[s2].txt - [1900 Bytes] - [19/11/2016 17:11:35] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1776 Bytes] ##########
  7. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2016 01 Ran by Home (19-11-2016 17:19:50) Running from C:\Users\Home\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2016-04-05 05:25:24) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2123777662-1516311981-2037243955-500 - Administrator - Disabled) Guest (S-1-5-21-2123777662-1516311981-2037243955-501 - Limited - Disabled) Home (S-1-5-21-2123777662-1516311981-2037243955-1000 - Administrator - Enabled) => C:\Users\Home ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.1.0 - Auslogics Labs Pty Ltd) Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 5.2.1.0 - Auslogics Labs Pty Ltd) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Intel® Driver Update Utility 2.4 (x32 Version: 2.4.0.15 - Intel) Hidden Intel® Product Improvement Program (x32 Version: 2.1.27.3 - Intel) Hidden Intel® Driver Update Utility (HKLM-x32\...\{1b09c4de-9cae-4122-b17c-65d395062b50}) (Version: 2.4.0.15 - Intel) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.) ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com) TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0C036412-C64E-4501-8457-B34A14635A48} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software) Task: {11E17271-0431-448C-B226-B65BC2847529} - System32\Tasks\AVAST Software\Avast settings backup Task: {1CD36313-6BB8-47B0-B392-C44C10DF2C9B} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation) Task: {215DF1EB-4291-4CDA-A1DF-ABE7C32D39EE} - System32\Tasks\{D088B91B-A5CE-437C-8B1C-275E19432227} => pcalua.exe -a C:\Users\Home\Downloads\sp53707.exe -d C:\Users\Home\Downloads Task: {6A1F60DF-D897-4BC7-8849-AC38A7B77E62} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs" Task: {7285E965-9E3A-4BA2-B71E-FFB02102B93F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-11] (Google Inc.) Task: {9E3EB503-E0C3-436E-A28C-F42204173FBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-11] (Google Inc.) Task: {D72D5994-6E9B-4E09-9C34-DE96D8BBF1B8} - System32\Tasks\SafeZone scheduled Autoupdate 1459970579 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-03-09 19:43 - 2016-03-09 19:43 - 00118424 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe 2016-03-09 19:43 - 2016-03-09 19:43 - 00256152 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\analyzer.dll 2016-08-30 17:07 - 2016-08-30 17:07 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-11-19 12:21 - 2016-11-19 12:21 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16111900\algo.dll 2016-08-30 17:07 - 2016-08-30 17:07 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-08-30 17:07 - 2016-08-30 17:07 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{18A774E9-AC41-422F-8FC5-5B5A3DB8316B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{92C65A56-1053-4A93-8B92-63ED44831B16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EB5900B1-2124-4EF8-AD44-F440A2968BA9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 24-10-2016 20:57:44 Scheduled Checkpoint 01-11-2016 14:56:21 Scheduled Checkpoint 09-11-2016 12:22:30 Scheduled Checkpoint 16-11-2016 19:08:25 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/18/2016 03:52:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.269.1.29620, time stamp: 0x582e39f8 Faulting module name: RobloxPlayerBeta.exe, version: 0.269.1.29620, time stamp: 0x582e39f8 Exception code: 0xc0000005 Fault offset: 0x0070f561 Faulting process id: 0xe58 Faulting application start time: 0x01d241f676807570 Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-c2285b6f3d724119\RobloxPlayerBeta.exe Faulting module path: C:\Program Files (x86)\Roblox\Versions\version-c2285b6f3d724119\RobloxPlayerBeta.exe Report Id: 1f06c4ef-adea-11e6-a5ec-2c27d720bee2 Error: (11/07/2016 08:21:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.267.0.27338, time stamp: 0x581b8870 Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f Exception code: 0xc0000005 Fault offset: 0x0003485a Faulting process id: 0x99c Faulting application start time: 0x01d239744feb45c3 Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-e2543a4115cb41d6\RobloxPlayerBeta.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: c27ff8cc-a56a-11e6-a29a-2c27d720bee2 Error: (09/23/2016 02:50:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.261.0.21595, time stamp: 0x57e30e6d Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f Exception code: 0xc000041d Fault offset: 0x00022372 Faulting process id: 0xc70 Faulting application start time: 0x01d215eb77264d0e Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-a1718013fcc842b1\RobloxPlayerBeta.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 158bf851-81e0-11e6-9295-2c27d720bee2 Error: (09/11/2016 05:03:03 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program RobloxPlayerBeta.exe version 0.259.0.19981 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ee0 Start Time: 01d20c88ec541176 Termination Time: 6 Application Path: C:\Program Files (x86)\Roblox\Versions\version-256edf8e82cb478d\RobloxPlayerBeta.exe Report Id: a3e123ba-7884-11e6-8e3c-2c27d720bee2 Error: (09/07/2016 04:34:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.258.0.19508, time stamp: 0x57c870f9 Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f Exception code: 0xc0000005 Fault offset: 0x0002e5a3 Faulting process id: 0xc34 Faulting application start time: 0x01d20968c64f70b0 Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-2a3769b753884f05\RobloxPlayerBeta.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 0836de94-755c-11e6-9e34-2c27d720bee2 Error: (07/24/2016 09:22:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.253.0.14948, time stamp: 0x579001ba Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f Exception code: 0xc000041d Fault offset: 0x00022372 Faulting process id: 0x4b8 Faulting application start time: 0x01d1e63307de4d6f Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-aee78a51139946c2\RobloxPlayerBeta.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: c00c62b7-5227-11e6-9241-2c27d720bee2 Error: (07/15/2016 08:39:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.252.0.14159, time stamp: 0x5786bfc0 Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f Exception code: 0xc0000005 Fault offset: 0x00033306 Faulting process id: 0x674 Faulting application start time: 0x01d1df1c04da2747 Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-23a05f622b7b47a6\RobloxPlayerBeta.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 464e5f4c-4b0f-11e6-923f-2c27d720bee2 Error: (06/20/2016 07:44:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.248.0.11430, time stamp: 0x5761cc7e Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f Exception code: 0xc0000005 Fault offset: 0x0002e546 Faulting process id: 0xa58 Faulting application start time: 0x01d1cb6f1c935224 Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-6675f84c75f246df\RobloxPlayerBeta.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 68284f0f-3762-11e6-a1b3-2c27d720bee2 Error: (05/25/2016 03:24:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.244.0.9061, time stamp: 0x573bc807 Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f Exception code: 0xc000041d Fault offset: 0x00022372 Faulting process id: 0xd4c Faulting application start time: 0x01d1b6dc924dbf29 Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-3df8ddf7c03c4c87\RobloxPlayerBeta.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: da6f8165-22cf-11e6-a1fb-2c27d720bee2 Error: (05/25/2016 03:24:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.244.0.9061, time stamp: 0x573bc807 Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f Exception code: 0xc000041d Fault offset: 0x00022372 Faulting process id: 0xac8 Faulting application start time: 0x01d1b6dc8217baa5 Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-3df8ddf7c03c4c87\RobloxPlayerBeta.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: c9a13246-22cf-11e6-a1fb-2c27d720bee2 System errors: ============= Error: (11/19/2016 05:12:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126 Error: (11/19/2016 05:11:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (11/19/2016 05:11:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (11/19/2016 05:11:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® System Usage Report Service SystemUsageReportSvc_WILLAMETTE service terminated unexpectedly. It has done this 1 time(s). Error: (11/19/2016 05:11:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (11/19/2016 05:11:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (11/19/2016 05:02:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126 Error: (11/03/2016 04:19:31 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:17:07 PM on ‎11/‎3/‎2016 was unexpected. Error: (10/24/2016 03:12:11 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. Error: (10/11/2016 12:57:18 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 1:56:27 PM on ‎10/‎11/‎2016 was unexpected. ==================== Memory info =========================== Processor: Pentium® Dual-Core CPU E6700 @ 3.20GHz Percentage of memory in use: 43% Total physical RAM: 3037.24 MB Available physical RAM: 1727.54 MB Total Virtual: 6072.69 MB Available Virtual: 4743.09 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:892.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1AEEC0E2) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  8. a customers wife was greeted with a pop up saying the computer was infected and told to call the # on the screen,,she did(oh no)..they connected to it remotely but the husband told her to hang up when they said it would cost $150 to clean it..he says the computer is slow to start but otherwise ok..here is a scan Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2016 01 Ran by Home (administrator) on HOME-PC (19-11-2016 17:19:19) Running from C:\Users\Home\Downloads Loaded Profiles: Home (Available Profiles: Home) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-04-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2001734C-F1DA-479A-84FC-96E968B9D23F}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{87F4DB05-5AF7-414D-937F-C05A897E9E8B}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer: ================== HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U206&ocid=U206DHP&osmkt=en-us HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) FireFox: ======== FF DefaultProfile: 3tazpmnh.default FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3tazpmnh.default [2016-11-19] FF Homepage: Mozilla\Firefox\Profiles\3tazpmnh.default -> hxxp://www.msn.com/?pc=U206&ocid=U206DHP&osmkt=en-us hxxps://www.yahoo.com/ FF Extension: (Firefox Hotfix) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3tazpmnh.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-08] FF Extension: (Adblock Plus) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3tazpmnh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-26] FF Extension: (Navigational Sounds) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3tazpmnh.default\Extensions\{d84a846d-f7cb-4187-a408-b171020e8940}.xpi [2016-10-26] FF Extension: (Youtube Unblocker Remediation) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3tazpmnh.default\features\{f01b3a14-d157-44aa-8d59-cdcbf35828f7}\malware-remediation@mozilla.org.xpi [2016-10-08] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-13] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin HKU\S-1-5-21-2123777662-1516311981-2037243955-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-c2285b6f3d724119\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-2123777662-1516311981-2037243955-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-c2285b6f3d724119\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2016-11-19] CHR Extension: (Google Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-11] CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-11] CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-11] CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-11] CHR Extension: (Avast SafePrice) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14] CHR Extension: (Google Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-11] CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11] CHR Extension: (Avast Online Security) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11] CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-11] CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25] CHR HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software) S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] () R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] () S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software) R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-12] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] () S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-19 17:19 - 2016-11-19 17:19 - 00011316 _____ C:\Users\Home\Downloads\FRST.txt 2016-11-19 17:19 - 2016-11-19 17:19 - 00001396 _____ C:\Users\Home\Desktop\FRST64 - Shortcut.lnk 2016-11-19 17:19 - 2016-11-19 17:19 - 00000000 ____D C:\FRST 2016-11-19 17:18 - 2016-11-19 17:18 - 02413056 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe 2016-11-19 17:15 - 2016-11-19 17:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-11-19 17:10 - 2016-11-19 17:10 - 00001488 _____ C:\Users\Home\Desktop\adwcleaner_6.030 - Shortcut.lnk 2016-11-19 17:09 - 2016-11-19 17:09 - 03910208 _____ C:\Users\Home\Downloads\adwcleaner_6.030.exe 2016-11-14 09:51 - 2016-11-14 09:51 - 00000000 ____D C:\Users\Home\AppData\Local\LogMeIn Rescue Applet ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-19 17:19 - 2016-05-11 15:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-19 17:18 - 2009-07-13 21:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-19 17:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2016-11-19 17:13 - 2016-05-11 15:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-19 17:13 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-19 17:12 - 2016-04-06 15:24 - 00000000 ____D C:\AdwCleaner 2016-11-18 15:48 - 2016-04-30 11:05 - 00001319 _____ C:\Users\Home\Desktop\ROBLOX Player.lnk 2016-11-18 15:48 - 2016-04-30 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox 2016-11-14 16:24 - 2016-05-11 16:05 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-14 16:24 - 2016-05-11 16:05 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-11-04 14:48 - 2016-04-30 11:09 - 00000000 ____D C:\Users\Home\AppData\Local\Roblox 2016-10-30 14:51 - 2016-05-11 15:59 - 00000000 ____D C:\Users\Home\AppData\Local\Google 2016-10-30 00:00 - 2016-04-05 17:08 - 00000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics 2016-10-27 14:58 - 2009-07-13 21:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2016-10-12 18:39 - 2016-10-12 18:39 - 0003584 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-04-06 12:40 - 2016-10-11 17:59 - 0007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Home\AppData\Local\Temp\libeay32.dll C:\Users\Home\AppData\Local\Temp\msvcr120.dll C:\Users\Home\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-11-14 20:07 ==================== End of FRST.txt ============================
  9. she is a realtor agent so once a day should be fine..having the laptop for the past 2 days i can say that i see a big difference...thanks again
  10. so it looks all clear now...i set carbonite to back up once a day instead of all the time...
  11. seems to be ok,kinda slow opening a browser.and the CPU usage keeps going from 70%-100% and all i can see using any resource is carbonite and cortana and anti maleware service...so how bad was it..
  12. Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016 Ran by hauvegas (11-11-2016 13:01:16) Run:3 Running from C:\Users\hauve\Downloads Loaded Profiles: hauvegas (Available Profiles: hauvegas & Home & GRETCHEN & hauve_000 & ghau & GRETHEN) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: StartRegedit: [-HKEY_CURRENT_USER\SOFTWARE\Chromium] [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu] [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] [-HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium] [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities] [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu] [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon] [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo] [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Chromium"=- [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xhtml\OpenWithProgids] "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=- [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] EndRegedit: EmptyTemp: Hosts: End ***************** Restore point was successfully created. Processes closed successfully. ====> Registry C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 308208 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12852056 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 606973 B Edge => 0 B Chrome => 0 B Firefox => 11389502 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 822 B NetworkService => 0 B hauve => 542480 B Home.DESKTOP-R38V4I4 => 0 B GRETCHEN.DESKTOP-R38V4I4 => 0 B hauve_000.DESKTOP-R38V4I4 => 0 B ghau.DESKTOP-R38V4I4 => 0 B GRETHEN.DESKTOP-R38V4I4 => 0 B RecycleBin => 4353 B EmptyTemp: => 24.5 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 13:02:34 ====
  13. Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016 Ran by hauvegas (11-11-2016 05:29:18) Run:2 Running from C:\Users\hauve\Downloads Loaded Profiles: hauvegas (Available Profiles: hauvegas & Home & GRETCHEN & hauve_000 & ghau & GRETHEN) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe C:\Users\hauve\AppData\Local\Chromium Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Chromium] Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu] Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium] Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities] Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu] Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon] Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo] Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] Reg: reg delete [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Chromium"=- Reg: reg delete [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xhtml\OpenWithProgids] "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=- Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] EmptyTemp: Hosts: End ***************** Restore point was successfully created. Processes closed successfully. "C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" => not found. "C:\Users\hauve\AppData\Local\Chromium" => not found. ========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Chromium] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= "Chromium"=- => Error: No automatic fix found for this entry. ========= reg delete [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xhtml\OpenWithProgids] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=- => Error: No automatic fix found for this entry. ========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] ========= ERROR: Invalid key name. Type "REG DELETE /?" for usage. ========= End of Reg: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 3022745 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14871646 B Java, Flash, Steam htmlcache => 492 B Windows/system/drivers => 609389 B Edge => 0 B Chrome => 7250477 B Firefox => 18588500 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B hauve => 31659127 B Home.DESKTOP-R38V4I4 => 0 B GRETCHEN.DESKTOP-R38V4I4 => 0 B hauve_000.DESKTOP-R38V4I4 => 0 B ghau.DESKTOP-R38V4I4 => 0 B GRETHEN.DESKTOP-R38V4I4 => 0 B RecycleBin => 122666 B EmptyTemp: => 72.6 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 05:31:04 ====
  14. i did a search again and found a folder and some shortcuts and removed them...BUT i see its in the registry. SystemLook 30.07.11 by jpshortstuff Log created at 18:17 on 10/11/2016 by hauvegas Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== folderfind ========== Searching for "Chromium" No folders found. ========== filefind ========== Searching for "Chromium" No files found. ========== regfind ========== Searching for "Chromium" [HKEY_CURRENT_USER\SOFTWARE\Chromium] [HKEY_CURRENT_USER\SOFTWARE\Chromium\Commands\on-os-upgrade] "CommandLine"=""C:\Users\hauve\AppData\Local\Chromium\Application\51.0.2683.0\Installer\setup.exe" --on-os-upgrade --verbose-logging" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] @="Chromium" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities] "ApplicationDescription"="Chromium is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Chromium." [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities] "ApplicationIcon"="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities] "ApplicationName"="Chromium" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".htm"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".html"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".shtml"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".xht"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".xhtml"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".webp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu] "StartMenuInternet"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "ftp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "http"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "https"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "irc"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "mailto"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "mms"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "news"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "nntp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "sms"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "smsto"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "tel"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "urn"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "webcal"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon] @="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo] "ReinstallCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --make-default-browser" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo] "HideIconsCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --hide-icons" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo] "ShowIconsCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --show-icons" [HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] @=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\17ba52b3_0] @="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0282&subsys_103c809d&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume3\Users\hauve\AppData\Local\Chromium\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit] "LastKey"="Computer\HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Chromium"=""c:\users\hauve\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{13807D4F-B44B-40BF-9F92-E4289D42368E}\RecentItems\{B247C7CC-A5E1-4E1C-9D3E-3552F1529E1D}] "Path"="microsoft-edge:https://www.bing.com/search?q=chromium+browser&form=WNSGPH&qs=LS&cvid=90e61c21b2e54e0ebc24ddcae67be78a&pq=chromium&nclid=A48804F2DE604CEA8D2639E5A08E9C0F&ts=1478827585336&nclidts=1478827585&tsms=336&cc=US&setlang=en-US" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{13807D4F-B44B-40BF-9F92-E4289D42368E}\RecentItems\{B247C7CC-A5E1-4E1C-9D3E-3552F1529E1D}] "DisplayName"="microsoft-edge:https://www.bing.com/search?q=chromium+browser&form=WNSGPH&qs=LS&cvid=90e61c21b2e54e0ebc24ddcae67be78a&pq=chromium&nclid=A48804F2DE604CEA8D2639E5A08E9C0F&ts=1478827585336&nclidts=1478827585&tsms=336&cc=US&setlang=en-US" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{15966E5F-B8B8-4F56-AC7B-0C460728312B}] "AppId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\RegisteredApplications] "Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="Software\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities" [HKEY_CURRENT_USER\SOFTWARE\Classes\.webp\OpenWithProgids] "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="" [HKEY_CURRENT_USER\SOFTWARE\Classes\.xht\OpenWithProgids] "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="" [HKEY_CURRENT_USER\SOFTWARE\Classes\.xhtml\OpenWithProgids] "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="" [HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] [HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] @="Chromium HTML Document" [HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] "AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "ApplicationIcon"="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0" [HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "ApplicationName"="Chromium" [HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "ApplicationCompany"="Chromium" [HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon] @="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0" [HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] @=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" -- "%1"" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium] [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium\Commands\on-os-upgrade] "CommandLine"=""C:\Users\hauve\AppData\Local\Chromium\Application\51.0.2683.0\Installer\setup.exe" --on-os-upgrade --verbose-logging" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] @="Chromium" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities] "ApplicationDescription"="Chromium is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Chromium." [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities] "ApplicationIcon"="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities] "ApplicationName"="Chromium" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".htm"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".html"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".shtml"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".xht"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".xhtml"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] ".webp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu] "StartMenuInternet"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "ftp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "http"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "https"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "irc"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "mailto"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "mms"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "news"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "nntp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "sms"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "smsto"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "tel"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "urn"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] "webcal"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon] @="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo] "ReinstallCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --make-default-browser" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo] "HideIconsCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --hide-icons" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo] "ShowIconsCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --show-icons" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] @=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe"" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\17ba52b3_0] @="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0282&subsys_103c809d&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume3\Users\hauve\AppData\Local\Chromium\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit] "LastKey"="Computer\HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Chromium"=""c:\users\hauve\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{13807D4F-B44B-40BF-9F92-E4289D42368E}\RecentItems\{B247C7CC-A5E1-4E1C-9D3E-3552F1529E1D}] "Path"="microsoft-edge:https://www.bing.com/search?q=chromium+browser&form=WNSGPH&qs=LS&cvid=90e61c21b2e54e0ebc24ddcae67be78a&pq=chromium&nclid=A48804F2DE604CEA8D2639E5A08E9C0F&ts=1478827585336&nclidts=1478827585&tsms=336&cc=US&setlang=en-US" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{13807D4F-B44B-40BF-9F92-E4289D42368E}\RecentItems\{B247C7CC-A5E1-4E1C-9D3E-3552F1529E1D}] "DisplayName"="microsoft-edge:https://www.bing.com/search?q=chromium+browser&form=WNSGPH&qs=LS&cvid=90e61c21b2e54e0ebc24ddcae67be78a&pq=chromium&nclid=A48804F2DE604CEA8D2639E5A08E9C0F&ts=1478827585336&nclidts=1478827585&tsms=336&cc=US&setlang=en-US" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{15966E5F-B8B8-4F56-AC7B-0C460728312B}] "AppId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\RegisteredApplications] "Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="Software\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.webp\OpenWithProgids] "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xht\OpenWithProgids] "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xhtml\OpenWithProgids] "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] @="Chromium HTML Document" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] "AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "ApplicationIcon"="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "ApplicationName"="Chromium" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "ApplicationCompany"="Chromium" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon] @="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] @=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" -- "%1"" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\.webp\OpenWithProgids] "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\.xht\OpenWithProgids] "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\.xhtml\OpenWithProgids] "ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] @="Chromium HTML Document" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] "AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "ApplicationIcon"="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "ApplicationName"="Chromium" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] "ApplicationCompany"="Chromium" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon] @="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] @=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" -- "%1"" -= EOF =-
  15. im worried now..i removed it last night but it still would load on start up.then i found a short cut.removed it then rebooted,didnt pop up as soon as it did before but it started up as before.what is it and should i be very worried. would this chromium thing have anything to do with 100% disk usage?
  16. the pic i posted pops up as soon as i get to the desktop,like i said clicking on any link does nothing.not sure if it is something bad but she said it wasnt there before.have to close that then open a new browser to get on the net. that pop up from pic at the bottom says ''facebook chromium'' and she doesnt know what it is...
  17. Emsisoft Emergency Kit - Version 11.9 Last update: 11/10/2016 5:20:25 AM User account: DESKTOP-R38V4I4\hauvegas Computer name: DESKTOP-R38V4I4 OS version: Windows 10x64 Scan settings: Scan type: Malware Scan Objects: Rootkits, Memory, Traces, Files Detect PUPs: On Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 11/10/2016 5:22:47 AM Scanned 82842 Found 0 Scan end: 11/10/2016 5:30:15 AM Scan time: 0:07:28
  18. Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016 Ran by hauvegas (10-11-2016 04:58:14) Run:1 Running from C:\Users\hauve\Downloads Loaded Profiles: hauvegas (Available Profiles: hauvegas & Home & GRETCHEN & hauve_000 & ghau & GRETHEN) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: HKLM-x32\...\Run: [] => [X] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File GroupPolicy: Restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-3302668231-1340561324-16488363-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\Users\hauve\AppData\Local\Temp\libeay32.dll C:\Users\hauve\AppData\Local\Temp\msvcr120.dll C:\Users\hauve\AppData\Local\Temp\sqlite3.dll ShortcutWithArgument: C:\Users\hauve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: Hosts: End ***************** Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully HKU\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully C:\Users\hauve\AppData\Local\Temp\libeay32.dll => moved successfully C:\Users\hauve\AppData\Local\Temp\msvcr120.dll => moved successfully C:\Users\hauve\AppData\Local\Temp\sqlite3.dll => moved successfully C:\Users\hauve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk => Shortcut argument removed successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Resetting Global, OK! Resetting Interface, OK! Resetting Unicast Address, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 5514068 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82990993 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 2962510 B Edge => 113110139 B Chrome => 87726359 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 135124 B NetworkService => 6190 B hauve => 854950723 B Home.DESKTOP-R38V4I4 => 0 B GRETCHEN.DESKTOP-R38V4I4 => 0 B hauve_000.DESKTOP-R38V4I4 => 0 B ghau.DESKTOP-R38V4I4 => 0 B GRETHEN.DESKTOP-R38V4I4 => 0 B RecycleBin => 0 B EmptyTemp: => 1.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 05:01:05 ====
  19. when i boot up and log in on the laptop this (see pic) comes up. clicking on anything does nothing..
  20. not sure if this is needed but i ran it anyways: Results of screen317's Security Check version 1.014 --- 12/23/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ThreatTrack Security VIPRE Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Auslogics Registry Cleaner Google Chrome (53.0.2785.143) Google Chrome (54.0.2840.71) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` MediaMall MediaMallServer.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  21. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016 Ran by hauvegas (10-11-2016 00:44:13) Running from C:\Users\hauve\Downloads Windows 10 Home Version 1607 (X64) (2016-09-21 02:57:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3302668231-1340561324-16488363-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3302668231-1340561324-16488363-503 - Limited - Disabled) ghau (S-1-5-21-3302668231-1340561324-16488363-1011 - Limited - Enabled) => C:\Users\ghau.DESKTOP-R38V4I4 GRETCHEN (S-1-5-21-3302668231-1340561324-16488363-1007 - Limited - Enabled) => C:\Users\GRETCHEN.DESKTOP-R38V4I4 GRETHEN (S-1-5-21-3302668231-1340561324-16488363-1013 - Limited - Enabled) => C:\Users\GRETHEN.DESKTOP-R38V4I4 Guest (S-1-5-21-3302668231-1340561324-16488363-501 - Limited - Disabled) hauvegas (S-1-5-21-3302668231-1340561324-16488363-1001 - Administrator - Enabled) => C:\Users\hauve hauve_000 (S-1-5-21-3302668231-1340561324-16488363-1009 - Limited - Enabled) => C:\Users\hauve_000.DESKTOP-R38V4I4 Home (S-1-5-21-3302668231-1340561324-16488363-1005 - Limited - Enabled) => C:\Users\Home.DESKTOP-R38V4I4 HomeGroupUser$ (S-1-5-21-3302668231-1340561324-16488363-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ThreatTrack Security VIPRE (Enabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ThreatTrack Security VIPRE (Enabled - Up to date) {18492914-0484-A154-17E2-57F84B0E5CB7} FW: ThreatTrack Security VIPRE (Enabled) {9B1349D5-68D1-AF82-060D-C5BFCE5A5171} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 6.1.0.0 - Auslogics Labs Pty Ltd) Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Carbonite (HKLM-x32\...\{D0D08FBC-6D5F-482C-B2ED-32E67D8FFAFF}) (Version: 6.0.1 build 6421 (Aug-04-2016) - Carbonite) Chromium (HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Chromium) (Version: 51.0.2683.0 - Chromium) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix) Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.5.4601 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.) Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden DocBox Printer by Instanet Solutions (HKLM-x32\...\DocBox Printer by Instanet Solutions) (Version: - Instanet Solutions) Dropbox (HKLM-x32\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.) Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.57.1 - Dropbox, Inc.) Hidden Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.) Family Vacation 2: Road Trip (x32 Version: 3.0.2.59 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline) Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company) HP Documentation (HKLM\...\HP_Documentation) (Version: - HP) HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard) HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard) HP Photo Creations (HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\HP Photo Creations) (Version: 1.0.0.21292 - HP) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.32.37 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.) IGT Slots: Paradise Garden (x32 Version: 3.0.2.59 - WildTangent) Hidden Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation) Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation) iTunes (HKLM\...\{F11677B7-0D8E-4F34-BEBB-6869FE861CDF}) (Version: 12.5.2.36 - Apple Inc.) Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden Living Legends: Frozen Beauty Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Lost Lands: Dark Overlord Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden Neat (HKLM-x32\...\Neat) (Version: 5.7.1.474 - The Neat Company) Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.5 - The Neat Company) Neat Core Files (x32 Version: 5.7.1.474 - The Neat Company) Hidden Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company) NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company) Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden PlayOn (HKLM-x32\...\{2f99dc4c-1233-46da-9e2a-b9150230601f}) (Version: 4.2.30.16062 - MediaMall Technologies, Inc.) PlayOn (x32 Version: 4.2.30 - MediaMall Technologies, Inc.) Hidden PlayOn Dependencies (x32 Version: 1.0.0.0 - MediaMall Technologies, Inc.) Hidden Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.91 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.62 - REALTEK Semiconductor Corp.) Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company) Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated) TrackOFF - Privacy Software (HKLM-x32\...\TrackOFF) (Version: 3.2.0.0 - Praetorian Technologies, LLC) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 10.0.1.17 - ThreatTrack Security Inc.) VIPRE Internet Security (x32 Version: 10.0.1.17 - ThreatTrack Security, Inc.) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App for HP (x32 Version: 4.0.11.16 - WildTangent) Hidden Windows Driver Package - Intel Corporation (iagpioe) System (05/21/2015 604.10120.2652.361) (HKLM\...\AF9226384B030787C4D0F761A23F48F7649D6D17) (Version: 05/21/2015 604.10120.2652.361 - Intel Corporation) Windows Driver Package - Intel Corporation (iai2ce) System (05/21/2015 604.10120.2654.367) (HKLM\...\B37036F6A0766DAC3E418F6CAE67005C5F3A8C40) (Version: 05/21/2015 604.10120.2654.367 - Intel Corporation) Windows Driver Package - Intel Corporation (iauarte) System (05/21/2015 604.10120.2653.391) (HKLM\...\1D4FF76A05A14FF5BA3636A41E0AB237F3A55E14) (Version: 05/21/2015 604.10120.2653.391 - Intel Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\hauve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\hauve\AppData\Local\Citrix\GoToMeeting\4911\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {029F7117-1A4B-4B11-8301-CC33C8DD9CD6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe [2016-10-31] (Adobe Systems Incorporated) Task: {074E8C94-7BF8-4D16-8E2B-0F7C1C0B2893} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {1E303AA0-E427-4090-B5A2-D181B5FC28E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {1F914AFE-B5F4-44CD-A105-D187BAFBA3E8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-31] (Adobe Systems Incorporated) Task: {26FF72EE-6714-4826-B298-FAC048CFF577} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {3553A306-F3D0-4B53-9889-8B9F8D7780ED} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.) Task: {384AB60A-9D91-4063-8C75-0C34236CE463} - System32\Tasks\HPCeeScheduleForhauvegas => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {3DC0B2FA-9C25-4D8C-8321-AB9E9E82CDE0} - System32\Tasks\HP AR Program Upload - 2d2d0c01e581402db7185173d195e5101afceb10265f46438fc3ef3271eb0619 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>) Task: {5561CAF2-B898-4744-B58F-3C7404FDFFB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {5A103220-B9CC-4A75-8CAE-8FD096A3D2C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {5B46BD1C-78A1-4DD5-9A5F-561EF48F861B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.) Task: {68DE9836-04A8-45FC-8141-23D43B4B69C9} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-10-05] (Apple Inc.) Task: {705F34E1-57CE-44DC-B61B-496E29B80A92} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-12] (Dropbox, Inc.) Task: {74AB8666-AA3B-4195-BA67-B61F47ADF9ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.) Task: {7B17B65A-28FC-4D86-9EC5-210919EE53F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN46LC31SP => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.) Task: {8C076803-D3B5-4303-BB69-0FD35D4F5322} - System32\Tasks\HP AR Program Upload - 3c2fccd32df24b139012254321a2bf6716884c90cc9047bb865af92b92245ec0 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>) Task: {9470D1B1-40DC-465B-B244-88C7085C1FCA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2BQCXHB9 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.) Task: {99CF1A14-2720-4804-9EA1-4BC763918838} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {9BE38C8C-94C4-4532-A8F7-04EDEA0AA35F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {9F1F99DA-F754-4F22-80E3-A5F0F99C0ADB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-12] (Dropbox, Inc.) Task: {A1002296-0D54-4ABF-87F4-7A07222F51C6} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe Task: {A951A7B4-FB49-46DD-A6F3-309AC7315436} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation) Task: {AE58FB1C-5A49-4B18-B67D-03BAB209B9E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {CE63ED5D-38BE-46AE-983F-9045BF66EE29} - System32\Tasks\G2MUploadTask-S-1-5-21-3302668231-1340561324-16488363-1001 => C:\Users\hauve\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.) Task: {DDB0ADD8-9230-44FC-A797-441361AE435B} - System32\Tasks\G2MUpdateTask-S-1-5-21-3302668231-1340561324-16488363-1001 => C:\Users\hauve\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.) Task: {E0D74F3D-150D-4EC9-B3E6-061AC03E77CC} - System32\Tasks\HP Photo Creations Communicator => C:\Users\hauve\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-06-27] () Task: {E3230770-38A6-4472-BFF8-EDE098E9B146} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.) Task: {F1024C29-38EA-441F-A898-B24CD1278812} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] () Task: {F96E5680-435F-4DEB-B2A6-D6F680C132E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.) Task: {FE460C5D-3636-4209-857D-C00D80602E46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3302668231-1340561324-16488363-1001.job => C:\Users\hauve\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3302668231-1340561324-16488363-1001.job => C:\Users\hauve\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\hauve\AppData\Roaming\HP Photo Creations\Communicator.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForhauvegas.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\RoamingTiles\-3785585100.lnk -> hxxp://www.hsn.com/ Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\RoamingTiles\-5507004110.lnk -> hxxp://lasvegasrealtor.biz/ Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\RoamingTiles\1497020950.lnk -> hxxp://www.yahoo.com/ Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\RoamingTiles\15040480010.lnk -> hxxp://t.acer13.us.msn.com/ Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-3785585100.lnk -> hxxp://www.hsn.com/ Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-5507004110.lnk -> hxxp://lasvegasrealtor.biz/ Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\1497020950.lnk -> hxxp://www.yahoo.com/ Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\15040480010.lnk -> hxxp://t.acer13.us.msn.com/ ShortcutWithArgument: C:\Users\hauve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-10-06 06:43 - 2016-09-15 09:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-08-17 17:11 - 2014-05-20 11:01 - 00054784 _____ () C:\WINDOWS\System32\sdtnpm.dll 2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-01-13 17:38 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2016-10-06 06:43 - 2016-09-15 09:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-20 19:28 - 2016-09-20 19:28 - 01864384 _____ () C:\Users\hauve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll 2016-09-20 18:39 - 2016-09-20 18:39 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-11-09 19:17 - 2016-11-02 02:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-09 19:16 - 2016-11-02 02:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 19:16 - 2016-11-02 02:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-09 19:16 - 2016-11-02 02:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-09 19:16 - 2016-11-02 02:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-11-09 19:16 - 2016-11-02 02:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 19:16 - 2016-11-02 02:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-11-09 17:12 - 2016-11-09 17:13 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-11-09 17:12 - 2016-11-09 17:13 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-11-09 17:12 - 2016-11-09 17:13 - 41608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-10-26 14:45 - 2016-10-20 00:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll 2016-10-26 14:45 - 2016-10-20 00:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll 2016-06-17 21:31 - 2016-06-17 21:31 - 53138944 _____ () C:\Program Files (x86)\Common Files\ffdshowEx\libcef.DLL 2016-04-27 20:03 - 2016-04-27 20:03 - 00851128 _____ () c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\Silverlight.ConfigurationUI.dll 2016-04-21 09:45 - 2016-04-21 09:45 - 00244752 _____ () C:\Program Files (x86)\VIPRE\unrar.dll 2016-07-15 13:46 - 2015-06-26 02:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll 2016-07-15 13:46 - 2015-06-26 02:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll 2016-09-20 19:27 - 2016-09-20 19:27 - 01383616 _____ () C:\Users\hauve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll 2016-09-20 19:30 - 2016-09-20 19:30 - 00118976 _____ () C:\Users\hauve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll 2016-09-01 17:13 - 2016-09-01 17:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-01 17:12 - 2016-09-01 17:12 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2016-08-24 09:46 - 2016-10-10 10:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-10-27 14:54 - 2016-10-10 10:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-10-27 14:54 - 2016-10-10 10:19 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-10-27 14:54 - 2016-10-10 10:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-08-24 09:46 - 2016-10-10 10:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-08-24 09:46 - 2016-10-10 10:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-08-24 09:46 - 2016-10-10 10:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-10-27 14:54 - 2016-10-24 05:15 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-08-24 09:46 - 2016-10-10 10:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-10-27 14:54 - 2016-10-24 05:15 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-10-27 14:54 - 2016-10-24 05:15 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2016-10-27 14:54 - 2016-10-24 05:15 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-10-27 14:54 - 2016-10-24 05:15 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-10-27 14:54 - 2016-10-10 10:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-10-27 14:54 - 2016-10-10 10:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-10-27 14:54 - 2016-10-24 05:15 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-10-27 14:54 - 2016-10-24 05:15 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-08-24 09:46 - 2016-10-10 10:20 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd 2016-10-27 14:54 - 2016-10-24 05:15 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-08-24 09:46 - 2016-10-10 10:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-10-27 14:54 - 2016-10-24 05:15 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-10-27 14:54 - 2016-10-10 10:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-10-27 14:54 - 2016-10-24 05:15 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2016-10-27 14:54 - 2016-10-24 05:06 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2016-10-27 14:54 - 2016-10-24 05:15 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-10-27 14:54 - 2016-10-24 05:15 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-08-24 09:46 - 2016-10-10 10:19 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-10-27 14:54 - 2016-10-24 05:16 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-10-27 14:54 - 2016-10-24 05:16 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-10-27 14:54 - 2016-10-24 05:15 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-10-27 14:54 - 2016-10-24 05:16 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-10-27 14:54 - 2016-10-24 05:16 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-10-27 14:54 - 2016-10-24 05:16 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd 2016-10-27 14:54 - 2016-10-10 10:24 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2016-10-27 14:54 - 2016-10-10 10:24 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2016-08-24 09:46 - 2016-10-10 10:21 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2016-08-24 09:46 - 2016-10-24 05:16 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2016-10-27 14:54 - 2016-10-24 05:16 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-10-27 14:54 - 2016-10-24 05:16 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2016-10-27 14:54 - 2016-10-24 05:16 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2016-10-27 14:54 - 2016-10-24 05:16 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 03:04 - 2016-07-26 15:40 - 00000828 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3302668231-1340561324-16488363-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hauve\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run32: => "HPMessageService" HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{1495DD26-C23E-4879-8F17-2A8DDC56EBF6}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe FirewallRules: [{D79E335F-70B1-4FA3-B13B-C845A097D4F0}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe FirewallRules: [{1417BE32-FD68-4B1F-B56F-BD259063986D}] => (Allow) C:\Program Files (x86)\MediaMall\PlayOn.exe FirewallRules: [{198F95E6-AA44-4A34-B313-3D76633C7EB6}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe FirewallRules: [{CA5A946D-EBD8-4CC0-BF77-9CA7E0FF8EC2}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServerLauncher.exe FirewallRules: [{DB03416C-327B-4D53-AE33-9E3F380D42CB}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe FirewallRules: [{87FC9192-009C-4103-B6C9-90939932AFE1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{B9EC3567-84F4-43E3-B61E-AF7A36D47C54}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe FirewallRules: [{BD1AF291-1D35-4304-80E4-D780C6E9CB12}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe FirewallRules: [{21A4C810-0F15-4805-B195-CA86CBB4D1B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe FirewallRules: [{423317FC-2299-47CC-B815-877CA46C7C46}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{59AD6486-7BE8-41C7-B2C4-2A035CC97788}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{1EF6D9E4-B014-46A4-B729-BC2F0099A089}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{73B7E129-7E90-4E25-9E44-2EFD237A0B18}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{F119DF44-5655-453A-99A0-087DD2A6EF8F}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{48122E36-0FFE-4F4D-8040-973E72BE95F1}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{00486895-8E9A-4EB3-AE1A-08CD82911B46}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{981F9271-88BB-4385-8717-C47B148B9BD5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{F8E5F145-6189-42E0-BC04-57B16FAED7D2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{8AABF36A-3AD8-4658-9077-754B104BB2A7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{1270D2C2-709A-4173-8F05-CD5B41F3219A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{AF422DFB-A354-4A5D-8BC9-E9DF4FD76280}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{7E34CA5E-5B31-45DA-A996-1203E88D994A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{216950FF-F9A5-41B6-9F65-1D577E10C840}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{ACF40B34-6FB2-4C97-ADE6-2B41489670B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{AFDAA52A-7BFC-48C8-BAFA-910762450512}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2AC52135-1F68-42FD-A4B7-08CECEF54612}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0C754123-407A-461C-9770-C3BC1F159E9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4BBCDD55-2582-4489-AA57-570D48E320E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A363C8E1-869E-4CC4-B027-58FE7432912C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{81F58B79-8819-42C3-85BE-E3710279BBF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FEC27AE3-557D-4A40-8F2C-7863ACF61E02}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9F26ED79-CD5F-49FC-95EF-E0783ABA2962}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe FirewallRules: [{BEF8821F-92DA-45E0-936B-30BB69B16ECC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe FirewallRules: [{233A92E6-F2D7-4787-94BB-C4F48CBBC5C8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe FirewallRules: [{803D54DC-431A-405E-BB8F-1B388AA59E55}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe FirewallRules: [{409E194D-9004-4CA1-9492-0C6C1D9D5331}] => (Allow) LPort=5357 FirewallRules: [{E94E1A04-C352-4E39-9B85-486DF7613183}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{2478AE4D-4A06-4612-8BD0-6F112383BA78}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{DE46C7D2-A1DB-4CE3-9135-334600747E07}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{77FEFB5B-04F3-4610-B353-C536E6A8582B}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 02-11-2016 19:53:19 Windows Modules Installer 09-11-2016 16:56:45 Windows Modules Installer 09-11-2016 22:34:54 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/10/2016 12:33:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-R38V4I4) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/09/2016 11:50:51 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified. Error: (11/09/2016 11:50:44 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673 Executing Function: PolicyBase::takeControlOfOsc Message: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Passive Policy [1] Error: (11/09/2016 11:50:44 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673 Executing Function: PolicyBase::takeControlOfOsc Message: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Critical Policy [0] Error: (11/09/2016 11:50:44 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\WIPolicyCreateAll.cpp @ line 59 Executing Function: WIPolicyCreateAll::execute Message: Unhandled exception caught during execution of work item Policy File Name: DptfPolicyActive.dll Framework Event: PolicyCreate [27] Exception Function: PolicyManager::createPolicy Exception Text: DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 457 Executing Function: EsifServices::primitiveExecuteGet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: GET_ACTIVE_RELATIONSHIP_TABLE [89] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Error: (11/09/2016 11:50:44 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 693 Executing Function: PolicyBase::releaseControlofOsc Message: Failed to release OSC: Failure during execution of _OSC: DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Active Policy [0] Error: (11/09/2016 11:50:43 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673 Executing Function: PolicyBase::takeControlOfOsc Message: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Active Policy [0] Error: (11/09/2016 11:35:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-R38V4I4) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/09/2016 11:17:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-R38V4I4) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/09/2016 11:05:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-R38V4I4) Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (11/09/2016 11:56:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8610. Error: (11/09/2016 10:37:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8610. Error: (11/09/2016 10:21:59 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY) Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity. Error: (11/09/2016 07:23:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8610. Error: (11/09/2016 07:20:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8610. Error: (11/09/2016 05:34:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/09/2016 05:28:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running. Error: (11/09/2016 05:28:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (11/09/2016 05:27:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (11/09/2016 05:27:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s). ==================== Memory info =========================== Processor: Intel® Pentium® CPU N3700 @ 1.60GHz Percentage of memory in use: 38% Total physical RAM: 8049.27 MB Available physical RAM: 4982.04 MB Total Virtual: 9329.27 MB Available Virtual: 6292.32 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:908.99 GB) (Free:785.74 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:21.21 GB) (Free:2.43 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 7F3DC23F) Partition: GPT. ==================== End of Addition.txt ============================
  22. laptop is running very slow. adwcleaner got rid of 172 items,ran TFC,JRT and malwarebytes.MB found and removed 33 PUP items. laptop still very slow. thanks for looking. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016 Ran by hauvegas (administrator) on DESKTOP-R38V4I4 (10-11-2016 00:40:29) Running from C:\Users\hauve\Downloads Loaded Profiles: hauvegas (Available Profiles: hauvegas & Home & GRETCHEN & hauve_000 & ghau & GRETHEN) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Two Pilots) C:\Windows\VPDAgent_x64.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\Silverlight.Configuration.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe (ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Microsoft) C:\Program Files (x86)\TrackOFF\TrackOFFApplication.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-07-06] (Realtek Semiconductor) HKLM\...\Run: [PrintDisp] => C:\WINDOWS\system32\PrintDisp.exe [588424 2015-08-03] (ActMask Co.,Ltd - hxxp://www.all2pdf.com) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-13] (Apple Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25424008 2016-10-24] (Dropbox, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [sBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3020816 2016-06-23] (ThreatTrack Security Inc.) HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1154560 2016-08-04] (Carbonite, Inc.) HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.) HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.) HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-10-05] (Apple Inc.) HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-10-05] (Apple Inc.) HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [Chromium] => c:\users\hauve\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors) HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [TrackOFF] => C:\Program Files (x86)\TrackOFF\TrackOFFStart.lnk [1956 2016-09-12] () HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-10-18] (SUPERAntiSpyware) ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.) GroupPolicy: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9e25a1cc-bc48-486e-ab1a-9bec6a21e084}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{ee932c9b-2bc2-4951-b565-0e38b4fa1950}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{f6a834f6-1e1c-43fd-b8e9-1863ed523594}: [DhcpNameServer] 40.20.1.11 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3302668231-1340561324-16488363-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP SearchScopes: HKU\S-1-5-21-3302668231-1340561324-16488363-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-06-23] () BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2016-06-23] () BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-06-23] () Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-06-23] () Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-06-23] () Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-06-23] () FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-10-29] (MediaMall Technologies, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3302668231-1340561324-16488363-1001: @citrixonline.com/appdetectorplugin -> C:\Users\hauve\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-27] (Citrix Online) FF Plugin HKU\S-1-5-21-3302668231-1340561324-16488363-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\hauve\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-27] (RocketLife, LLP) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Profile: C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default [2016-11-10] CHR Extension: (Google Slides) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-08] CHR Extension: (Google Docs) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-08] CHR Extension: (Google Drive) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20] CHR Extension: (DocuSign – Electronic Signature for Gmail) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkboeaihdlecgdjjgkcabbacndbjibc [2016-10-28] CHR Extension: (YouTube) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Google Search) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Sheets) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-08] CHR Extension: (Google Docs Offline) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (TrackOff) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfenjafnlicmamjnpoohobgpmldkpoj [2016-07-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09] CHR Extension: (Gmail) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-08] CHR Extension: (Chrome Media Router) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27] CHR Extension: (Top News Reporter) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkegnpefjjoklajpkeedhfpieononlnh [2016-08-10] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2014-05-20] (Two Pilots) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [9037824 2016-08-04] (Carbonite, Inc. (www.carbonite.com)) [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-12] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-12] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [41576 2016-10-24] (Dropbox, Inc.) R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-07-13] (Intel Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-07-07] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation) R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [7917160 2016-11-07] (MediaMall Technologies, Inc.) R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [26624 2015-07-14] (The Neat Company) [File not signed] R2 Printer Control; C:\WINDOWS\system32\PrintCtrl.exe [127456 2013-11-01] (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed] R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-06] (Realtek Semiconductor) R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [6515160 2016-06-23] (ThreatTrack Security Inc.) R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [373264 2016-06-23] (ThreatTrack Security Inc.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated) S3 VipreEdgeProtection; C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe [2861584 2016-06-23] (ThreatTrack Security Inc.) S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-28] (CyberLink Corporation) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [47096 2015-07-13] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-07-13] (Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-07-13] (Intel Corporation) R3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security) S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security) S3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [112640 2015-06-03] (Intel® Corporation) R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5744568 2015-07-07] (Intel Corporation) S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.) R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2016-01-13] (Realtek ) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R2 sbapifs; C:\WINDOWS\System32\DRIVERS\sbapifs.sys [109632 2016-06-16] (ThreatTrack Security Inc.) S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [63696 2016-02-23] (ThreatTrack Security) R1 sbwfw; C:\WINDOWS\system32\DRIVERS\sbwfw.sys [345520 2016-01-11] (ThreatTrack Security) R3 sbwtis; C:\WINDOWS\system32\DRIVERS\sbwtis.sys [95608 2016-01-11] (ThreatTrack Security) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-07] (Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated) R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R2 WebExaminer; C:\WINDOWS\system32\Drivers\WebExaminer64.sys [44736 2016-06-23] (ThreatTrack Security Inc.) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-10 00:40 - 2016-11-10 00:41 - 00026918 _____ C:\Users\hauve\Downloads\FRST.txt 2016-11-10 00:40 - 2016-11-10 00:40 - 00000000 ____D C:\FRST 2016-11-10 00:39 - 2016-11-10 00:40 - 00001527 _____ C:\Users\hauve\Desktop\FRST64 - Shortcut.lnk 2016-11-10 00:38 - 2016-11-10 00:40 - 02410496 _____ (Farbar) C:\Users\hauve\Downloads\FRST64.exe 2016-11-09 23:08 - 2016-11-09 23:08 - 00000420 _____ C:\Users\hauve\Desktop\This PC - Shortcut.lnk 2016-11-09 22:40 - 2016-11-09 22:40 - 00001046 _____ C:\Users\hauve\Desktop\JRT.txt 2016-11-09 21:03 - 2016-11-09 21:03 - 00001417 _____ C:\Users\hauve\Desktop\Auslogics Registry Cleaner.lnk 2016-11-09 21:03 - 2016-11-09 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2016-11-09 21:03 - 2016-11-09 21:03 - 00000000 ____D C:\ProgramData\Auslogics 2016-11-09 21:03 - 2016-11-09 21:03 - 00000000 ____D C:\Program Files (x86)\Auslogics 2016-11-09 21:02 - 2016-11-09 21:02 - 08111080 _____ (Auslogics Labs Pty Ltd ) C:\Users\hauve\Downloads\registry-cleaner-setup.exe 2016-11-09 19:49 - 2016-11-09 22:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-11-09 19:48 - 2016-11-09 19:48 - 22851472 _____ (Malwarebytes ) C:\Users\hauve\Downloads\mbam-setup-2.2.1.1043.exe 2016-11-09 19:48 - 2016-11-09 19:48 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-11-09 19:48 - 2016-11-09 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-11-09 19:48 - 2016-11-09 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-11-09 19:48 - 2016-11-09 19:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-11-09 19:48 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-11-09 19:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-11-09 19:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-11-09 19:18 - 2016-11-02 04:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-11-09 19:18 - 2016-11-02 03:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2016-11-09 19:18 - 2016-11-02 03:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2016-11-09 19:18 - 2016-11-02 03:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2016-11-09 19:18 - 2016-11-02 03:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-11-09 19:18 - 2016-11-02 03:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2016-11-09 19:18 - 2016-11-02 03:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll 2016-11-09 19:18 - 2016-11-02 03:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-11-09 19:18 - 2016-11-02 03:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2016-11-09 19:18 - 2016-11-02 03:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll 2016-11-09 19:18 - 2016-11-02 03:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-11-09 19:18 - 2016-11-02 03:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-11-09 19:18 - 2016-11-02 03:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-11-09 19:18 - 2016-11-02 02:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-11-09 19:18 - 2016-11-02 02:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-11-09 19:18 - 2016-11-02 02:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-11-09 19:18 - 2016-11-02 02:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll 2016-11-09 19:18 - 2016-11-02 02:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe 2016-11-09 19:18 - 2016-11-02 02:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2016-11-09 19:18 - 2016-11-02 02:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2016-11-09 19:18 - 2016-11-02 02:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-11-09 19:18 - 2016-11-02 02:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-11-09 19:18 - 2016-11-02 02:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll 2016-11-09 19:18 - 2016-11-02 02:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll 2016-11-09 19:18 - 2016-11-02 02:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2016-11-09 19:18 - 2016-11-02 02:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll 2016-11-09 19:18 - 2016-11-02 02:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-11-09 19:18 - 2016-11-02 02:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2016-11-09 19:18 - 2016-11-02 02:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll 2016-11-09 19:18 - 2016-11-02 02:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2016-11-09 19:18 - 2016-11-02 02:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-11-09 19:18 - 2016-11-02 02:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll 2016-11-09 19:18 - 2016-11-02 02:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll 2016-11-09 19:18 - 2016-11-02 02:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys 2016-11-09 19:18 - 2016-11-02 02:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-11-09 19:18 - 2016-11-02 02:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll 2016-11-09 19:18 - 2016-11-02 02:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-11-09 19:18 - 2016-11-02 02:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-11-09 19:18 - 2016-11-02 02:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll 2016-11-09 19:18 - 2016-11-02 00:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml 2016-11-09 19:17 - 2016-11-02 04:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-11-09 19:17 - 2016-11-02 03:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-11-09 19:17 - 2016-11-02 03:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-11-09 19:17 - 2016-11-02 03:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-11-09 19:17 - 2016-11-02 03:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-11-09 19:17 - 2016-11-02 03:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-11-09 19:17 - 2016-11-02 03:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-11-09 19:17 - 2016-11-02 03:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-11-09 19:17 - 2016-11-02 03:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-11-09 19:17 - 2016-11-02 03:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-11-09 19:17 - 2016-11-02 03:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2016-11-09 19:17 - 2016-11-02 03:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-11-09 19:17 - 2016-11-02 03:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2016-11-09 19:17 - 2016-11-02 02:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-11-09 19:17 - 2016-11-02 02:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-11-09 19:17 - 2016-11-02 02:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-11-09 19:17 - 2016-11-02 02:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-11-09 19:17 - 2016-11-02 02:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll 2016-11-09 19:17 - 2016-11-02 02:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-11-09 19:17 - 2016-11-02 02:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll 2016-11-09 19:17 - 2016-11-02 02:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2016-11-09 19:17 - 2016-11-02 02:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-11-09 19:17 - 2016-11-02 02:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll 2016-11-09 19:17 - 2016-11-02 02:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2016-11-09 19:17 - 2016-11-02 02:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-11-09 19:17 - 2016-11-02 02:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-11-09 19:17 - 2016-11-02 02:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-11-09 19:17 - 2016-11-02 02:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll 2016-11-09 19:17 - 2016-11-02 02:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2016-11-09 19:17 - 2016-11-02 02:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-11-09 19:17 - 2016-11-02 02:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-11-09 19:17 - 2016-11-02 02:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2016-11-09 19:17 - 2016-11-02 02:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-11-09 19:17 - 2016-11-02 02:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2016-11-09 19:17 - 2016-11-02 02:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2016-11-09 19:17 - 2016-11-02 02:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll 2016-11-09 19:17 - 2016-11-02 02:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-11-09 19:17 - 2016-11-02 02:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll 2016-11-09 19:17 - 2016-11-02 02:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll 2016-11-09 19:17 - 2016-11-02 02:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2016-11-09 19:17 - 2016-11-02 02:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-11-09 19:17 - 2016-11-02 02:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll 2016-11-09 19:17 - 2016-11-02 02:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2016-11-09 19:17 - 2016-11-02 02:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll 2016-11-09 19:17 - 2016-11-02 02:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2016-11-09 19:17 - 2016-11-02 02:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2016-11-09 19:17 - 2016-11-02 02:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2016-11-09 19:17 - 2016-11-02 02:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-11-09 19:17 - 2016-11-02 02:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-11-09 19:17 - 2016-11-02 02:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll 2016-11-09 19:17 - 2016-11-02 02:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2016-11-09 19:17 - 2016-11-02 02:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll 2016-11-09 19:17 - 2016-11-02 02:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-11-09 19:17 - 2016-11-02 02:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-11-09 19:17 - 2016-11-02 02:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-11-09 19:17 - 2016-11-02 02:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-11-09 19:17 - 2016-11-02 02:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-11-09 19:17 - 2016-11-02 02:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-11-09 19:17 - 2016-11-02 02:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll 2016-11-09 19:17 - 2016-11-02 02:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll 2016-11-09 19:17 - 2016-11-02 02:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2016-11-09 19:17 - 2016-11-02 02:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-11-09 19:17 - 2016-11-02 02:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2016-11-09 19:17 - 2016-11-02 02:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2016-11-09 19:17 - 2016-11-02 02:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll 2016-11-09 19:17 - 2016-11-02 02:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2016-11-09 19:17 - 2016-11-02 02:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll 2016-11-09 19:17 - 2016-11-02 02:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-11-09 19:17 - 2016-11-02 02:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll 2016-11-09 19:17 - 2016-11-02 02:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll 2016-11-09 19:17 - 2016-11-02 02:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2016-11-09 19:17 - 2016-11-02 02:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-11-09 19:16 - 2016-11-02 03:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2016-11-09 19:16 - 2016-11-02 03:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-11-09 19:16 - 2016-11-02 03:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-11-09 19:16 - 2016-11-02 03:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2016-11-09 19:16 - 2016-11-02 03:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2016-11-09 19:16 - 2016-11-02 03:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-11-09 19:16 - 2016-11-02 02:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2016-11-09 19:16 - 2016-11-02 02:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll 2016-11-09 19:16 - 2016-11-02 02:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2016-11-09 19:16 - 2016-11-02 02:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-11-09 19:16 - 2016-11-02 02:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2016-11-09 19:16 - 2016-11-02 02:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-11-09 19:16 - 2016-11-02 02:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-11-09 19:16 - 2016-11-02 02:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-11-09 19:16 - 2016-11-02 02:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-11-09 19:16 - 2016-11-02 02:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2016-11-09 19:16 - 2016-11-02 02:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll 2016-11-09 19:16 - 2016-11-02 02:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-11-09 19:16 - 2016-11-02 02:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-11-09 19:16 - 2016-11-02 02:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2016-11-09 19:16 - 2016-11-02 02:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-11-09 19:16 - 2016-11-02 02:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2016-11-09 19:16 - 2016-11-02 02:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-11-09 19:16 - 2016-11-02 02:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-11-09 19:16 - 2016-11-02 02:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-11-09 19:16 - 2016-11-02 02:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-11-09 19:16 - 2016-11-02 02:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll 2016-11-09 19:16 - 2016-11-02 02:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-11-09 19:16 - 2016-11-02 02:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-11-09 19:16 - 2016-11-02 02:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-11-09 19:16 - 2016-11-02 02:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2016-11-09 19:16 - 2016-11-02 02:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-11-09 19:16 - 2016-11-02 02:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-11-09 19:16 - 2016-11-02 02:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-11-09 19:16 - 2016-11-02 02:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-11-09 19:16 - 2016-11-02 02:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2016-11-09 19:16 - 2016-11-02 02:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-11-09 19:16 - 2016-11-02 02:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-11-09 19:16 - 2016-11-02 02:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2016-11-09 19:16 - 2016-11-02 02:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-11-09 19:16 - 2016-11-02 02:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll 2016-11-09 19:16 - 2016-11-02 02:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll 2016-11-09 19:16 - 2016-11-02 02:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-11-09 19:16 - 2016-11-02 02:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-11-09 19:16 - 2016-11-02 02:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-11-09 19:16 - 2016-11-02 02:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-11-09 19:16 - 2016-11-02 02:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-11-09 19:16 - 2016-11-02 02:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-11-09 19:16 - 2016-11-02 02:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-11-09 19:16 - 2016-11-02 02:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2016-11-09 19:16 - 2016-11-02 02:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2016-11-09 19:16 - 2016-11-02 02:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-11-09 19:16 - 2016-11-02 02:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2016-11-09 19:16 - 2016-11-02 02:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll 2016-11-09 19:15 - 2016-11-02 03:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-11-09 19:15 - 2016-11-02 03:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-11-09 19:15 - 2016-11-02 03:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-11-09 19:15 - 2016-11-02 03:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-11-09 19:15 - 2016-11-02 03:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-11-09 19:15 - 2016-11-02 03:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-11-09 19:15 - 2016-11-02 03:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-11-09 19:15 - 2016-11-02 03:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-11-09 19:15 - 2016-11-02 03:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-11-09 19:15 - 2016-11-02 03:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-11-09 19:15 - 2016-11-02 03:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-11-09 19:15 - 2016-11-02 03:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll 2016-11-09 19:15 - 2016-11-02 03:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-11-09 19:15 - 2016-11-02 03:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-11-09 19:15 - 2016-11-02 03:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll 2016-11-09 19:15 - 2016-11-02 03:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-11-09 19:15 - 2016-11-02 03:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-11-09 19:15 - 2016-11-02 03:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-11-09 19:15 - 2016-11-02 02:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2016-11-09 19:15 - 2016-11-02 02:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2016-11-09 19:15 - 2016-11-02 02:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-11-09 19:15 - 2016-11-02 02:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-11-09 19:15 - 2016-11-02 02:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll 2016-11-09 19:15 - 2016-11-02 02:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys 2016-11-09 19:15 - 2016-11-02 02:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2016-11-09 19:15 - 2016-11-02 02:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll 2016-11-09 19:15 - 2016-11-02 02:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2016-11-09 19:15 - 2016-11-02 02:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-11-09 19:15 - 2016-11-02 02:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2016-11-09 19:15 - 2016-11-02 02:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-11-09 19:15 - 2016-11-02 02:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll 2016-11-09 19:15 - 2016-11-02 02:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-11-09 19:15 - 2016-11-02 02:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2016-11-09 19:15 - 2016-11-02 02:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll 2016-11-09 19:15 - 2016-11-02 02:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2016-11-09 19:15 - 2016-11-02 02:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-11-09 19:15 - 2016-11-02 02:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2016-11-09 19:15 - 2016-11-02 02:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-11-09 19:15 - 2016-11-02 02:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll 2016-11-09 19:15 - 2016-11-02 02:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2016-11-09 19:15 - 2016-11-02 02:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll 2016-11-09 19:15 - 2016-11-02 02:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll 2016-11-09 19:15 - 2016-11-02 02:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll 2016-11-09 19:15 - 2016-11-02 02:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe 2016-11-09 19:15 - 2016-11-02 02:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-11-09 19:15 - 2016-11-02 02:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-11-09 19:15 - 2016-11-02 02:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-11-09 19:15 - 2016-11-02 02:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll 2016-11-09 19:15 - 2016-11-02 02:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-11-09 19:15 - 2016-11-02 02:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-11-09 19:15 - 2016-11-02 02:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2016-11-09 19:15 - 2016-11-02 02:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll 2016-11-09 19:15 - 2016-11-02 02:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll 2016-11-09 19:15 - 2016-11-02 02:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2016-11-09 19:15 - 2016-11-02 02:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2016-11-09 19:15 - 2016-11-02 02:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-11-09 19:15 - 2016-11-02 02:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2016-11-09 19:15 - 2016-11-02 02:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll 2016-11-09 19:15 - 2016-11-02 02:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-11-09 19:15 - 2016-11-02 02:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll 2016-11-09 19:15 - 2016-11-02 02:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll 2016-11-09 19:15 - 2016-11-02 02:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-11-09 19:15 - 2016-11-02 02:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-11-09 19:15 - 2016-11-02 02:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-11-09 19:15 - 2016-11-02 02:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-11-09 19:15 - 2016-11-02 02:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-11-09 19:15 - 2016-11-02 02:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll 2016-11-09 19:15 - 2016-11-02 02:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-11-09 19:15 - 2016-11-02 02:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-11-09 19:15 - 2016-11-02 02:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll 2016-11-09 19:15 - 2016-11-02 02:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2016-11-09 19:15 - 2016-11-02 02:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-11-09 19:15 - 2016-11-02 02:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll 2016-11-09 19:15 - 2016-11-02 02:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2016-11-09 19:15 - 2016-11-02 02:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll 2016-11-09 19:15 - 2016-11-02 02:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe 2016-11-09 19:15 - 2016-11-02 02:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-11-09 19:15 - 2016-11-02 02:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll 2016-11-09 19:15 - 2016-11-02 02:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-11-09 19:15 - 2016-11-02 02:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-11-09 19:15 - 2016-11-02 02:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-11-09 19:15 - 2016-11-02 02:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-11-09 19:15 - 2016-11-02 02:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-11-09 19:15 - 2016-11-02 02:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-11-09 19:15 - 2016-11-02 02:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-11-09 19:15 - 2016-11-02 02:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2016-11-09 19:15 - 2016-11-02 01:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls 2016-11-09 19:15 - 2016-11-02 01:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls 2016-11-09 19:15 - 2016-08-01 20:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-11-09 17:51 - 2016-11-09 17:51 - 00000000 ____D C:\Users\hauve\AppData\Roaming\SUPERAntiSpyware.com 2016-11-09 17:50 - 2016-11-10 00:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-11-09 17:50 - 2016-11-09 17:50 - 00001856 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2016-11-09 17:50 - 2016-11-09 17:50 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2016-11-09 17:50 - 2016-11-09 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-11-09 17:49 - 2016-11-09 17:50 - 28301192 _____ (SUPERAntiSpyware) C:\Users\hauve\Downloads\SUPERAntiSpyware.exe 2016-11-09 17:19 - 2016-11-09 17:31 - 00000000 ____D C:\AdwCleaner 2016-11-09 17:18 - 2016-11-09 22:34 - 01631928 _____ (Malwarebytes) C:\Users\hauve\Downloads\JRT.exe 2016-11-09 17:18 - 2016-11-09 17:18 - 00001565 _____ C:\Users\hauve\Desktop\AdwCleaner.exe - Shortcut.lnk 2016-11-09 17:18 - 2016-11-09 17:18 - 00001496 _____ C:\Users\hauve\D
  23. i just worked on a friends laptop this weekend which had some malware which im trying to clear up now...also the laptop has not been updated since 2013 and updates werent working for me..tried a few things that worked before but even now thats 50/50..what i did today was use a program I've been using for years.... http://www.auslogics.com/en/software/registry-cleaner/ some say programs like it dont work much but i ran a scan on the laptop which had over 800 items..after that i tried the program that is in the first video i linked you to (kb3135445) rebooted and now im installing 147 updates...run kb3135445 and if it works reboot and try again..took 45min but the updates showed up EDIT: when you install the program do a custom install and un check the boot speed thingy
  24. http://www.newegg.com/Product/Product.aspx?Item=N82E16819117649 http://www.newegg.com/Product/Product.aspx?Item=9SIA2F84D69132 http://www.newegg.com/Product/Product.aspx?Item=N82E16814126109 http://www.newegg.com/Product/Product.aspx?Item=N82E16817438018 http://www.newegg.com/Product/Product.aspx?Item=N82E16822236624&ignorebbr=1 http://www.newegg.com/Product/Product.aspx?Item=9SIA12K2GN1585 http://www.newegg.com/Product/Product.aspx?Item=N82E16820104681 http://www.newegg.com/Product/Product.aspx?item=N82E16835181090 http://www.newegg.com/Product/Product.aspx?Item=N82E16811854003&ignorebbr=1 for $1935 this thing will last for years and will cut through anything,can also upgrade when needed...i switched to the H100i gtx cooler since its the same price and its a nice cooler i just put in my sons rig
  25. the programs he listed plus 15 tabs opened in no way needs an i7 terry,sorry to say..at the most an 1151 i5 would be more than enuff and still overkill...a $2000 build is getting up into hardcore editing/gaming both of which he doesnt do.. but if its a $2000 build then i will make a list,just hate to see money go to waste..
×
×
  • Create New...