Jump to content
Sign in to follow this  
brownhornet

please review

Recommended Posts

laptop is running very slow. adwcleaner got rid of 172 items,ran TFC,JRT and malwarebytes.MB found and removed 33 PUP items. laptop still very slow. thanks for looking.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by hauvegas (administrator) on DESKTOP-R38V4I4 (10-11-2016 00:40:29)
Running from C:\Users\hauve\Downloads
Loaded Profiles: hauvegas (Available Profiles: hauvegas & Home & GRETCHEN & hauve_000 & ghau & GRETHEN)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Two Pilots) C:\Windows\VPDAgent_x64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\Silverlight.Configuration.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Microsoft) C:\Program Files (x86)\TrackOFF\TrackOFFApplication.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-07-06] (Realtek Semiconductor)
HKLM\...\Run: [PrintDisp] => C:\WINDOWS\system32\PrintDisp.exe [588424 2015-08-03] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-13] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25424008 2016-10-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3020816 2016-06-23] (ThreatTrack Security Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1154560 2016-08-04] (Carbonite, Inc.)
HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [Chromium] => c:\users\hauve\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [TrackOFF] => C:\Program Files (x86)\TrackOFF\TrackOFFStart.lnk [1956 2016-09-12] ()
HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-10-18] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9e25a1cc-bc48-486e-ab1a-9bec6a21e084}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ee932c9b-2bc2-4951-b565-0e38b4fa1950}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{f6a834f6-1e1c-43fd-b8e9-1863ed523594}: [DhcpNameServer] 40.20.1.11
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3302668231-1340561324-16488363-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-3302668231-1340561324-16488363-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-06-23] ()
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2016-06-23] ()
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-06-23] ()
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-06-23] ()
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-06-23] ()
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-06-23] ()
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-10-29] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3302668231-1340561324-16488363-1001: @citrixonline.com/appdetectorplugin -> C:\Users\hauve\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-3302668231-1340561324-16488363-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\hauve\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-27] (RocketLife, LLP)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default [2016-11-10]
CHR Extension: (Google Slides) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-08]
CHR Extension: (Google Docs) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-08]
CHR Extension: (Google Drive) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (DocuSign – Electronic Signature for Gmail) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkboeaihdlecgdjjgkcabbacndbjibc [2016-10-28]
CHR Extension: (YouTube) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-08]
CHR Extension: (Google Docs Offline) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (TrackOff) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfenjafnlicmamjnpoohobgpmldkpoj [2016-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (Gmail) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-08]
CHR Extension: (Chrome Media Router) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]
CHR Extension: (Top News Reporter) - C:\Users\hauve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkegnpefjjoklajpkeedhfpieononlnh [2016-08-10]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2014-05-20] (Two Pilots) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [9037824 2016-08-04] (Carbonite, Inc. (www.carbonite.com)) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-12] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [41576 2016-10-24] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-07-13] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-07-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [7917160 2016-11-07] (MediaMall Technologies, Inc.)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [26624 2015-07-14] (The Neat Company) [File not signed]
R2 Printer Control; C:\WINDOWS\system32\PrintCtrl.exe [127456 2013-11-01] (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-06] (Realtek Semiconductor)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [6515160 2016-06-23] (ThreatTrack Security Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [373264 2016-06-23] (ThreatTrack Security Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
S3 VipreEdgeProtection; C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe [2861584 2016-06-23] (ThreatTrack Security Inc.)
S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-28] (CyberLink Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [47096 2015-07-13] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-07-13] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-07-13] (Intel Corporation)
R3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
S3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [112640 2015-06-03] (Intel® Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5744568 2015-07-07] (Intel Corporation)
S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2016-01-13] (Realtek )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 sbapifs; C:\WINDOWS\System32\DRIVERS\sbapifs.sys [109632 2016-06-16] (ThreatTrack Security Inc.)
S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [63696 2016-02-23] (ThreatTrack Security)
R1 sbwfw; C:\WINDOWS\system32\DRIVERS\sbwfw.sys [345520 2016-01-11] (ThreatTrack Security)
R3 sbwtis; C:\WINDOWS\system32\DRIVERS\sbwtis.sys [95608 2016-01-11] (ThreatTrack Security)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R2 WebExaminer; C:\WINDOWS\system32\Drivers\WebExaminer64.sys [44736 2016-06-23] (ThreatTrack Security Inc.)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-10 00:40 - 2016-11-10 00:41 - 00026918 _____ C:\Users\hauve\Downloads\FRST.txt
2016-11-10 00:40 - 2016-11-10 00:40 - 00000000 ____D C:\FRST
2016-11-10 00:39 - 2016-11-10 00:40 - 00001527 _____ C:\Users\hauve\Desktop\FRST64 - Shortcut.lnk
2016-11-10 00:38 - 2016-11-10 00:40 - 02410496 _____ (Farbar) C:\Users\hauve\Downloads\FRST64.exe
2016-11-09 23:08 - 2016-11-09 23:08 - 00000420 _____ C:\Users\hauve\Desktop\This PC - Shortcut.lnk
2016-11-09 22:40 - 2016-11-09 22:40 - 00001046 _____ C:\Users\hauve\Desktop\JRT.txt
2016-11-09 21:03 - 2016-11-09 21:03 - 00001417 _____ C:\Users\hauve\Desktop\Auslogics Registry Cleaner.lnk
2016-11-09 21:03 - 2016-11-09 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-11-09 21:03 - 2016-11-09 21:03 - 00000000 ____D C:\ProgramData\Auslogics
2016-11-09 21:03 - 2016-11-09 21:03 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-11-09 21:02 - 2016-11-09 21:02 - 08111080 _____ (Auslogics Labs Pty Ltd ) C:\Users\hauve\Downloads\registry-cleaner-setup.exe
2016-11-09 19:49 - 2016-11-09 22:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-09 19:48 - 2016-11-09 19:48 - 22851472 _____ (Malwarebytes ) C:\Users\hauve\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-09 19:48 - 2016-11-09 19:48 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-09 19:48 - 2016-11-09 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-09 19:48 - 2016-11-09 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-09 19:48 - 2016-11-09 19:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-09 19:48 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-09 19:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-09 19:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-09 19:18 - 2016-11-02 04:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 19:18 - 2016-11-02 03:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 19:18 - 2016-11-02 03:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 19:18 - 2016-11-02 03:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-09 19:18 - 2016-11-02 03:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 19:18 - 2016-11-02 03:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-09 19:18 - 2016-11-02 03:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-09 19:18 - 2016-11-02 03:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 19:18 - 2016-11-02 03:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 19:18 - 2016-11-02 03:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 19:18 - 2016-11-02 03:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 19:18 - 2016-11-02 03:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-09 19:18 - 2016-11-02 03:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 19:18 - 2016-11-02 02:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 19:18 - 2016-11-02 02:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 19:18 - 2016-11-02 02:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-09 19:18 - 2016-11-02 02:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-09 19:18 - 2016-11-02 02:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 19:18 - 2016-11-02 02:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 19:18 - 2016-11-02 02:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 19:18 - 2016-11-02 02:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 19:18 - 2016-11-02 02:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 19:18 - 2016-11-02 02:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 19:18 - 2016-11-02 02:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-09 19:18 - 2016-11-02 02:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-09 19:18 - 2016-11-02 02:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 19:18 - 2016-11-02 02:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 19:18 - 2016-11-02 02:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 19:18 - 2016-11-02 02:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-09 19:18 - 2016-11-02 02:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 19:18 - 2016-11-02 02:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-09 19:18 - 2016-11-02 02:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 19:18 - 2016-11-02 02:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 19:18 - 2016-11-02 02:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 19:18 - 2016-11-02 02:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 19:18 - 2016-11-02 02:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 19:18 - 2016-11-02 02:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 19:18 - 2016-11-02 02:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 19:18 - 2016-11-02 02:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 19:18 - 2016-11-02 00:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 19:17 - 2016-11-02 04:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-09 19:17 - 2016-11-02 03:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-09 19:17 - 2016-11-02 03:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 19:17 - 2016-11-02 03:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 19:17 - 2016-11-02 03:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 19:17 - 2016-11-02 03:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 19:17 - 2016-11-02 03:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-09 19:17 - 2016-11-02 03:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 19:17 - 2016-11-02 03:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 19:17 - 2016-11-02 03:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-09 19:17 - 2016-11-02 03:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 19:17 - 2016-11-02 03:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 19:17 - 2016-11-02 03:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 19:17 - 2016-11-02 02:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 19:17 - 2016-11-02 02:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-09 19:17 - 2016-11-02 02:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-09 19:17 - 2016-11-02 02:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-09 19:17 - 2016-11-02 02:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-09 19:17 - 2016-11-02 02:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-09 19:17 - 2016-11-02 02:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-09 19:17 - 2016-11-02 02:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-09 19:17 - 2016-11-02 02:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-09 19:17 - 2016-11-02 02:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-09 19:17 - 2016-11-02 02:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-09 19:17 - 2016-11-02 02:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-09 19:17 - 2016-11-02 02:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-09 19:17 - 2016-11-02 02:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-09 19:17 - 2016-11-02 02:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 19:17 - 2016-11-02 02:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-09 19:17 - 2016-11-02 02:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 19:17 - 2016-11-02 02:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 19:17 - 2016-11-02 02:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 19:17 - 2016-11-02 02:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-09 19:17 - 2016-11-02 02:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 19:17 - 2016-11-02 02:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 19:17 - 2016-11-02 02:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 19:17 - 2016-11-02 02:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 19:17 - 2016-11-02 02:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-09 19:17 - 2016-11-02 02:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-09 19:17 - 2016-11-02 02:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 19:17 - 2016-11-02 02:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 19:17 - 2016-11-02 02:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-09 19:17 - 2016-11-02 02:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-09 19:17 - 2016-11-02 02:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-09 19:17 - 2016-11-02 02:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-09 19:17 - 2016-11-02 02:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 19:17 - 2016-11-02 02:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-09 19:17 - 2016-11-02 02:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-09 19:17 - 2016-11-02 02:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-09 19:17 - 2016-11-02 02:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 19:17 - 2016-11-02 02:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 19:17 - 2016-11-02 02:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 19:17 - 2016-11-02 02:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-09 19:17 - 2016-11-02 02:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 19:17 - 2016-11-02 02:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 19:17 - 2016-11-02 02:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 19:17 - 2016-11-02 02:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 19:17 - 2016-11-02 02:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 19:17 - 2016-11-02 02:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 19:17 - 2016-11-02 02:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 19:17 - 2016-11-02 02:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 19:17 - 2016-11-02 02:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 19:17 - 2016-11-02 02:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 19:17 - 2016-11-02 02:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 19:17 - 2016-11-02 02:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 19:17 - 2016-11-02 02:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 19:17 - 2016-11-02 02:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 19:17 - 2016-11-02 02:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 19:17 - 2016-11-02 02:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 19:17 - 2016-11-02 02:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 19:17 - 2016-11-02 02:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 19:17 - 2016-11-02 02:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 19:16 - 2016-11-02 03:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-09 19:16 - 2016-11-02 03:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 19:16 - 2016-11-02 03:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 19:16 - 2016-11-02 03:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-09 19:16 - 2016-11-02 03:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-09 19:16 - 2016-11-02 03:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 19:16 - 2016-11-02 02:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 19:16 - 2016-11-02 02:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-09 19:16 - 2016-11-02 02:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-09 19:16 - 2016-11-02 02:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-09 19:16 - 2016-11-02 02:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-09 19:16 - 2016-11-02 02:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 19:16 - 2016-11-02 02:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-09 19:16 - 2016-11-02 02:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 19:16 - 2016-11-02 02:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 19:16 - 2016-11-02 02:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-09 19:16 - 2016-11-02 02:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 19:16 - 2016-11-02 02:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 19:16 - 2016-11-02 02:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 19:16 - 2016-11-02 02:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 19:16 - 2016-11-02 02:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 19:16 - 2016-11-02 02:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-09 19:16 - 2016-11-02 02:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 19:16 - 2016-11-02 02:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 19:16 - 2016-11-02 02:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-09 19:16 - 2016-11-02 02:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 19:16 - 2016-11-02 02:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 19:16 - 2016-11-02 02:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 19:16 - 2016-11-02 02:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 19:16 - 2016-11-02 02:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 19:16 - 2016-11-02 02:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 19:16 - 2016-11-02 02:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 19:16 - 2016-11-02 02:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 19:16 - 2016-11-02 02:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 19:16 - 2016-11-02 02:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 19:16 - 2016-11-02 02:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 19:16 - 2016-11-02 02:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 19:16 - 2016-11-02 02:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 19:16 - 2016-11-02 02:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 19:16 - 2016-11-02 02:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 19:16 - 2016-11-02 02:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 19:16 - 2016-11-02 02:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 19:16 - 2016-11-02 02:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 19:16 - 2016-11-02 02:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 19:16 - 2016-11-02 02:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 19:16 - 2016-11-02 02:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 19:16 - 2016-11-02 02:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 19:16 - 2016-11-02 02:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 19:16 - 2016-11-02 02:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-09 19:16 - 2016-11-02 02:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 19:16 - 2016-11-02 02:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 19:16 - 2016-11-02 02:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 19:16 - 2016-11-02 02:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 19:16 - 2016-11-02 02:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 19:15 - 2016-11-02 03:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 19:15 - 2016-11-02 03:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 19:15 - 2016-11-02 03:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 19:15 - 2016-11-02 03:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 19:15 - 2016-11-02 03:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 19:15 - 2016-11-02 03:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 19:15 - 2016-11-02 03:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 19:15 - 2016-11-02 03:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-09 19:15 - 2016-11-02 03:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-09 19:15 - 2016-11-02 03:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-09 19:15 - 2016-11-02 03:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 19:15 - 2016-11-02 03:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-09 19:15 - 2016-11-02 03:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 19:15 - 2016-11-02 03:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 19:15 - 2016-11-02 03:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 19:15 - 2016-11-02 03:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 19:15 - 2016-11-02 03:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 19:15 - 2016-11-02 03:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 19:15 - 2016-11-02 02:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 19:15 - 2016-11-02 02:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 19:15 - 2016-11-02 02:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 19:15 - 2016-11-02 02:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 19:15 - 2016-11-02 02:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 19:15 - 2016-11-02 02:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 19:15 - 2016-11-02 02:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-09 19:15 - 2016-11-02 02:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-09 19:15 - 2016-11-02 02:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 19:15 - 2016-11-02 02:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-09 19:15 - 2016-11-02 02:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-09 19:15 - 2016-11-02 02:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-09 19:15 - 2016-11-02 02:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-09 19:15 - 2016-11-02 02:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-09 19:15 - 2016-11-02 02:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 19:15 - 2016-11-02 02:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-09 19:15 - 2016-11-02 02:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 19:15 - 2016-11-02 02:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-09 19:15 - 2016-11-02 02:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 19:15 - 2016-11-02 02:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-09 19:15 - 2016-11-02 02:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 19:15 - 2016-11-02 02:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-09 19:15 - 2016-11-02 02:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-09 19:15 - 2016-11-02 02:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 19:15 - 2016-11-02 02:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-09 19:15 - 2016-11-02 02:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-09 19:15 - 2016-11-02 02:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 19:15 - 2016-11-02 02:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 19:15 - 2016-11-02 02:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 19:15 - 2016-11-02 02:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 19:15 - 2016-11-02 02:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 19:15 - 2016-11-02 02:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 19:15 - 2016-11-02 02:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 19:15 - 2016-11-02 02:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 19:15 - 2016-11-02 02:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-09 19:15 - 2016-11-02 02:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 19:15 - 2016-11-02 02:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 19:15 - 2016-11-02 02:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 19:15 - 2016-11-02 02:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 19:15 - 2016-11-02 02:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 19:15 - 2016-11-02 02:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 19:15 - 2016-11-02 02:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 19:15 - 2016-11-02 02:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 19:15 - 2016-11-02 02:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 19:15 - 2016-11-02 02:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 19:15 - 2016-11-02 02:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-09 19:15 - 2016-11-02 02:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 19:15 - 2016-11-02 02:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-09 19:15 - 2016-11-02 02:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 19:15 - 2016-11-02 02:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 19:15 - 2016-11-02 02:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 19:15 - 2016-11-02 02:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-09 19:15 - 2016-11-02 02:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 19:15 - 2016-11-02 02:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 19:15 - 2016-11-02 02:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 19:15 - 2016-11-02 02:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-09 19:15 - 2016-11-02 02:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 19:15 - 2016-11-02 02:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 19:15 - 2016-11-02 02:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 19:15 - 2016-11-02 02:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 19:15 - 2016-11-02 02:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 19:15 - 2016-11-02 02:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 19:15 - 2016-11-02 02:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 19:15 - 2016-11-02 02:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 19:15 - 2016-11-02 02:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 19:15 - 2016-11-02 02:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 19:15 - 2016-11-02 02:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 19:15 - 2016-11-02 02:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 19:15 - 2016-11-02 01:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-09 19:15 - 2016-11-02 01:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-09 19:15 - 2016-08-01 20:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 17:51 - 2016-11-09 17:51 - 00000000 ____D C:\Users\hauve\AppData\Roaming\SUPERAntiSpyware.com
2016-11-09 17:50 - 2016-11-10 00:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-11-09 17:50 - 2016-11-09 17:50 - 00001856 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-11-09 17:50 - 2016-11-09 17:50 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-11-09 17:50 - 2016-11-09 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-11-09 17:49 - 2016-11-09 17:50 - 28301192 _____ (SUPERAntiSpyware) C:\Users\hauve\Downloads\SUPERAntiSpyware.exe
2016-11-09 17:19 - 2016-11-09 17:31 - 00000000 ____D C:\AdwCleaner
2016-11-09 17:18 - 2016-11-09 22:34 - 01631928 _____ (Malwarebytes) C:\Users\hauve\Downloads\JRT.exe
2016-11-09 17:18 - 2016-11-09 17:18 - 00001565 _____ C:\Users\hauve\Desktop\AdwCleaner.exe - Shortcut.lnk
2016-11-09 17:18 - 2016-11-09 17:18 - 00001496 _____ C:\Users\hauve\D

Share this post


Link to post
Share on other sites
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016

Ran by hauvegas (10-11-2016 00:44:13)

Running from C:\Users\hauve\Downloads

Windows 10 Home Version 1607 (X64) (2016-09-21 02:57:54)

Boot Mode: Normal

==========================================================



==================== Accounts: =============================


Administrator (S-1-5-21-3302668231-1340561324-16488363-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3302668231-1340561324-16488363-503 - Limited - Disabled)

ghau (S-1-5-21-3302668231-1340561324-16488363-1011 - Limited - Enabled) => C:\Users\ghau.DESKTOP-R38V4I4

GRETCHEN (S-1-5-21-3302668231-1340561324-16488363-1007 - Limited - Enabled) => C:\Users\GRETCHEN.DESKTOP-R38V4I4

GRETHEN (S-1-5-21-3302668231-1340561324-16488363-1013 - Limited - Enabled) => C:\Users\GRETHEN.DESKTOP-R38V4I4

Guest (S-1-5-21-3302668231-1340561324-16488363-501 - Limited - Disabled)

hauvegas (S-1-5-21-3302668231-1340561324-16488363-1001 - Administrator - Enabled) => C:\Users\hauve

hauve_000 (S-1-5-21-3302668231-1340561324-16488363-1009 - Limited - Enabled) => C:\Users\hauve_000.DESKTOP-R38V4I4

Home (S-1-5-21-3302668231-1340561324-16488363-1005 - Limited - Enabled) => C:\Users\Home.DESKTOP-R38V4I4

HomeGroupUser$ (S-1-5-21-3302668231-1340561324-16488363-1003 - Limited - Enabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: ThreatTrack Security VIPRE (Enabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ThreatTrack Security VIPRE (Enabled - Up to date) {18492914-0484-A154-17E2-57F84B0E5CB7}

FW: ThreatTrack Security VIPRE (Enabled) {9B1349D5-68D1-AF82-060D-C5BFCE5A5171}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)

Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 6.1.0.0 - Auslogics Labs Pty Ltd)

Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden

Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Carbonite (HKLM-x32\...\{D0D08FBC-6D5F-482C-B2ED-32E67D8FFAFF}) (Version: 6.0.1 build 6421 (Aug-04-2016) - Carbonite)

Chromium (HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Chromium) (Version: 51.0.2683.0 - Chromium)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)

Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)

Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden

CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)

CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden

CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)

CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)

CyberLink PowerDirector 12 (Version: 12.0.5.4601 - CyberLink Corp.) Hidden

CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)

Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden

DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden

DocBox Printer by Instanet Solutions (HKLM-x32\...\DocBox Printer by Instanet Solutions) (Version: - Instanet Solutions)

Dropbox (HKLM-x32\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.)

Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)

Dropbox Update Helper (x32 Version: 1.3.57.1 - Dropbox, Inc.) Hidden

Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)

Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden

Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)

Family Vacation 2: Road Trip (x32 Version: 3.0.2.59 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)

Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)

Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden

HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)

HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)

HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)

HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)

HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)

HP Photo Creations (HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\HP Photo Creations) (Version: 1.0.0.21292 - HP)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)

HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.32.37 - Hewlett-Packard Company)

HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)

IGT Slots: Paradise Garden (x32 Version: 3.0.2.59 - WildTangent) Hidden

Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden

Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden

Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)

Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)

iTunes (HKLM\...\{F11677B7-0D8E-4F34-BEBB-6869FE861CDF}) (Version: 12.5.2.36 - Apple Inc.)

Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden

Living Legends: Frozen Beauty Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden

Lost Lands: Dark Overlord Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden

Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden

Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden

Neat (HKLM-x32\...\Neat) (Version: 5.7.1.474 - The Neat Company)

Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.5 - The Neat Company)

Neat Core Files (x32 Version: 5.7.1.474 - The Neat Company) Hidden

Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)

NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)

Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden

PlayOn (HKLM-x32\...\{2f99dc4c-1233-46da-9e2a-b9150230601f}) (Version: 4.2.30.16062 - MediaMall Technologies, Inc.)

PlayOn (x32 Version: 4.2.30 - MediaMall Technologies, Inc.) Hidden

PlayOn Dependencies (x32 Version: 1.0.0.0 - MediaMall Technologies, Inc.) Hidden

Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden

Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.91 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.62 - REALTEK Semiconductor Corp.)

Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden

Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden

Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)

Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)

TrackOFF - Privacy Software (HKLM-x32\...\TrackOFF) (Version: 3.2.0.0 - Praetorian Technologies, LLC)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 10.0.1.17 - ThreatTrack Security Inc.)

VIPRE Internet Security (x32 Version: 10.0.1.17 - ThreatTrack Security, Inc.) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App for HP (x32 Version: 4.0.11.16 - WildTangent) Hidden

Windows Driver Package - Intel Corporation (iagpioe) System (05/21/2015 604.10120.2652.361) (HKLM\...\AF9226384B030787C4D0F761A23F48F7649D6D17) (Version: 05/21/2015 604.10120.2652.361 - Intel Corporation)

Windows Driver Package - Intel Corporation (iai2ce) System (05/21/2015 604.10120.2654.367) (HKLM\...\B37036F6A0766DAC3E418F6CAE67005C5F3A8C40) (Version: 05/21/2015 604.10120.2654.367 - Intel Corporation)

Windows Driver Package - Intel Corporation (iauarte) System (05/21/2015 604.10120.2653.391) (HKLM\...\1D4FF76A05A14FF5BA3636A41E0AB237F3A55E14) (Version: 05/21/2015 604.10120.2653.391 - Intel Corporation)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\hauve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\hauve\AppData\Local\Citrix\GoToMeeting\4911\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {029F7117-1A4B-4B11-8301-CC33C8DD9CD6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe [2016-10-31] (Adobe Systems Incorporated)

Task: {074E8C94-7BF8-4D16-8E2B-0F7C1C0B2893} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)

Task: {1E303AA0-E427-4090-B5A2-D181B5FC28E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)

Task: {1F914AFE-B5F4-44CD-A105-D187BAFBA3E8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-31] (Adobe Systems Incorporated)

Task: {26FF72EE-6714-4826-B298-FAC048CFF577} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)

Task: {3553A306-F3D0-4B53-9889-8B9F8D7780ED} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)

Task: {384AB60A-9D91-4063-8C75-0C34236CE463} - System32\Tasks\HPCeeScheduleForhauvegas => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

Task: {3DC0B2FA-9C25-4D8C-8321-AB9E9E82CDE0} - System32\Tasks\HP AR Program Upload - 2d2d0c01e581402db7185173d195e5101afceb10265f46438fc3ef3271eb0619 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)

Task: {5561CAF2-B898-4744-B58F-3C7404FDFFB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {5A103220-B9CC-4A75-8CAE-8FD096A3D2C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)

Task: {5B46BD1C-78A1-4DD5-9A5F-561EF48F861B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)

Task: {68DE9836-04A8-45FC-8141-23D43B4B69C9} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-10-05] (Apple Inc.)

Task: {705F34E1-57CE-44DC-B61B-496E29B80A92} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-12] (Dropbox, Inc.)

Task: {74AB8666-AA3B-4195-BA67-B61F47ADF9ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)

Task: {7B17B65A-28FC-4D86-9EC5-210919EE53F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN46LC31SP => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)

Task: {8C076803-D3B5-4303-BB69-0FD35D4F5322} - System32\Tasks\HP AR Program Upload - 3c2fccd32df24b139012254321a2bf6716884c90cc9047bb865af92b92245ec0 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)

Task: {9470D1B1-40DC-465B-B244-88C7085C1FCA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2BQCXHB9 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)

Task: {99CF1A14-2720-4804-9EA1-4BC763918838} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)

Task: {9BE38C8C-94C4-4532-A8F7-04EDEA0AA35F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)

Task: {9F1F99DA-F754-4F22-80E3-A5F0F99C0ADB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-12] (Dropbox, Inc.)

Task: {A1002296-0D54-4ABF-87F4-7A07222F51C6} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe

Task: {A951A7B4-FB49-46DD-A6F3-309AC7315436} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)

Task: {AE58FB1C-5A49-4B18-B67D-03BAB209B9E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)

Task: {CE63ED5D-38BE-46AE-983F-9045BF66EE29} - System32\Tasks\G2MUploadTask-S-1-5-21-3302668231-1340561324-16488363-1001 => C:\Users\hauve\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {DDB0ADD8-9230-44FC-A797-441361AE435B} - System32\Tasks\G2MUpdateTask-S-1-5-21-3302668231-1340561324-16488363-1001 => C:\Users\hauve\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {E0D74F3D-150D-4EC9-B3E6-061AC03E77CC} - System32\Tasks\HP Photo Creations Communicator => C:\Users\hauve\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-06-27] ()

Task: {E3230770-38A6-4472-BFF8-EDE098E9B146} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)

Task: {F1024C29-38EA-441F-A898-B24CD1278812} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()

Task: {F96E5680-435F-4DEB-B2A6-D6F680C132E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)

Task: {FE460C5D-3636-4209-857D-C00D80602E46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3302668231-1340561324-16488363-1001.job => C:\Users\hauve\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe

Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3302668231-1340561324-16488363-1001.job => C:\Users\hauve\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\hauve\AppData\Roaming\HP Photo Creations\Communicator.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForhauvegas.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\RoamingTiles\-3785585100.lnk -> hxxp://www.hsn.com/

Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\RoamingTiles\-5507004110.lnk -> hxxp://lasvegasrealtor.biz/

Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\RoamingTiles\1497020950.lnk -> hxxp://www.yahoo.com/

Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\RoamingTiles\15040480010.lnk -> hxxp://t.acer13.us.msn.com/

Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-3785585100.lnk -> hxxp://www.hsn.com/

Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-5507004110.lnk -> hxxp://lasvegasrealtor.biz/

Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\1497020950.lnk -> hxxp://www.yahoo.com/

Shortcut: C:\Users\hauve\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\15040480010.lnk -> hxxp://t.acer13.us.msn.com/


ShortcutWithArgument: C:\Users\hauve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square


==================== Loaded Modules (Whitelisted) ==============


2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2016-10-06 06:43 - 2016-09-15 09:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-08-17 17:11 - 2014-05-20 11:01 - 00054784 _____ () C:\WINDOWS\System32\sdtnpm.dll

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2016-01-13 17:38 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2016-10-06 06:43 - 2016-09-15 09:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll

2016-09-20 19:28 - 2016-09-20 19:28 - 01864384 _____ () C:\Users\hauve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll

2016-09-20 18:39 - 2016-09-20 18:39 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll

2016-11-09 19:17 - 2016-11-02 02:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll

2016-11-09 19:16 - 2016-11-02 02:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-11-09 19:16 - 2016-11-02 02:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-11-09 19:16 - 2016-11-02 02:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll

2016-11-09 19:16 - 2016-11-02 02:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll

2016-11-09 19:16 - 2016-11-02 02:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-11-09 19:16 - 2016-11-02 02:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2016-11-09 17:12 - 2016-11-09 17:13 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2016-11-09 17:12 - 2016-11-09 17:13 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2016-11-09 17:12 - 2016-11-09 17:13 - 41608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2016-10-26 14:45 - 2016-10-20 00:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll

2016-10-26 14:45 - 2016-10-20 00:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll

2016-06-17 21:31 - 2016-06-17 21:31 - 53138944 _____ () C:\Program Files (x86)\Common Files\ffdshowEx\libcef.DLL

2016-04-27 20:03 - 2016-04-27 20:03 - 00851128 _____ () c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\Silverlight.ConfigurationUI.dll

2016-04-21 09:45 - 2016-04-21 09:45 - 00244752 _____ () C:\Program Files (x86)\VIPRE\unrar.dll

2016-07-15 13:46 - 2015-06-26 02:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll

2016-07-15 13:46 - 2015-06-26 02:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll

2016-09-20 19:27 - 2016-09-20 19:27 - 01383616 _____ () C:\Users\hauve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll

2016-09-20 19:30 - 2016-09-20 19:30 - 00118976 _____ () C:\Users\hauve\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll

2016-09-01 17:13 - 2016-09-01 17:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2016-09-01 17:12 - 2016-09-01 17:12 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2016-08-24 09:46 - 2016-10-10 10:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd

2016-10-27 14:54 - 2016-10-10 10:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd

2016-10-27 14:54 - 2016-10-10 10:19 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd

2016-10-27 14:54 - 2016-10-10 10:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll

2016-08-24 09:46 - 2016-10-10 10:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd

2016-08-24 09:46 - 2016-10-10 10:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd

2016-08-24 09:46 - 2016-10-10 10:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd

2016-10-27 14:54 - 2016-10-24 05:15 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd

2016-08-24 09:46 - 2016-10-10 10:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd

2016-10-27 14:54 - 2016-10-24 05:15 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd

2016-10-27 14:54 - 2016-10-24 05:15 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd

2016-10-27 14:54 - 2016-10-24 05:15 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd

2016-10-27 14:54 - 2016-10-24 05:15 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd

2016-10-27 14:54 - 2016-10-10 10:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll

2016-10-27 14:54 - 2016-10-10 10:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd

2016-10-27 14:54 - 2016-10-24 05:15 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd

2016-10-27 14:54 - 2016-10-24 05:15 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd

2016-08-24 09:46 - 2016-10-10 10:20 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd

2016-10-27 14:54 - 2016-10-24 05:15 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd

2016-08-24 09:46 - 2016-10-10 10:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd

2016-10-27 14:54 - 2016-10-24 05:15 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd

2016-10-27 14:54 - 2016-10-10 10:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll

2016-10-27 14:54 - 2016-10-24 05:15 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd

2016-10-27 14:54 - 2016-10-24 05:06 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll

2016-10-27 14:54 - 2016-10-24 05:15 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL

2016-10-27 14:54 - 2016-10-24 05:15 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd

2016-08-24 09:46 - 2016-10-10 10:19 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd

2016-10-27 14:54 - 2016-10-24 05:16 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd

2016-10-27 14:54 - 2016-10-24 05:16 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd

2016-10-27 14:54 - 2016-10-24 05:15 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd

2016-10-27 14:54 - 2016-10-24 05:16 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd

2016-10-27 14:54 - 2016-10-24 05:16 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd

2016-10-27 14:54 - 2016-10-24 05:16 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd

2016-10-27 14:54 - 2016-10-10 10:24 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll

2016-10-27 14:54 - 2016-10-10 10:24 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll

2016-08-24 09:46 - 2016-10-10 10:21 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd

2016-08-24 09:46 - 2016-10-24 05:16 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

2016-10-27 14:54 - 2016-10-24 05:16 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd

2016-10-27 14:54 - 2016-10-24 05:16 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd

2016-10-27 14:54 - 2016-10-24 05:16 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd

2016-10-27 14:54 - 2016-10-24 05:16 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)



==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)



==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)



==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2015-07-10 03:04 - 2016-07-26 15:40 - 00000828 ____A C:\WINDOWS\system32\Drivers\etc\hosts



==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-3302668231-1340561324-16488363-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hauve\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


HKLM\...\StartupApproved\Run: => "SynTPEnh"

HKLM\...\StartupApproved\Run32: => "HPMessageService"

HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{1495DD26-C23E-4879-8F17-2A8DDC56EBF6}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe

FirewallRules: [{D79E335F-70B1-4FA3-B13B-C845A097D4F0}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe

FirewallRules: [{1417BE32-FD68-4B1F-B56F-BD259063986D}] => (Allow) C:\Program Files (x86)\MediaMall\PlayOn.exe

FirewallRules: [{198F95E6-AA44-4A34-B313-3D76633C7EB6}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe

FirewallRules: [{CA5A946D-EBD8-4CC0-BF77-9CA7E0FF8EC2}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServerLauncher.exe

FirewallRules: [{DB03416C-327B-4D53-AE33-9E3F380D42CB}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe

FirewallRules: [{87FC9192-009C-4103-B6C9-90939932AFE1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe

FirewallRules: [{B9EC3567-84F4-43E3-B61E-AF7A36D47C54}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe

FirewallRules: [{BD1AF291-1D35-4304-80E4-D780C6E9CB12}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe

FirewallRules: [{21A4C810-0F15-4805-B195-CA86CBB4D1B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe

FirewallRules: [{423317FC-2299-47CC-B815-877CA46C7C46}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe

FirewallRules: [{59AD6486-7BE8-41C7-B2C4-2A035CC97788}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe

FirewallRules: [{1EF6D9E4-B014-46A4-B729-BC2F0099A089}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe

FirewallRules: [{73B7E129-7E90-4E25-9E44-2EFD237A0B18}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe

FirewallRules: [{F119DF44-5655-453A-99A0-087DD2A6EF8F}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe

FirewallRules: [{48122E36-0FFE-4F4D-8040-973E72BE95F1}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe

FirewallRules: [{00486895-8E9A-4EB3-AE1A-08CD82911B46}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{981F9271-88BB-4385-8717-C47B148B9BD5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

FirewallRules: [{F8E5F145-6189-42E0-BC04-57B16FAED7D2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe

FirewallRules: [{8AABF36A-3AD8-4658-9077-754B104BB2A7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe

FirewallRules: [{1270D2C2-709A-4173-8F05-CD5B41F3219A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe

FirewallRules: [{AF422DFB-A354-4A5D-8BC9-E9DF4FD76280}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe

FirewallRules: [{7E34CA5E-5B31-45DA-A996-1203E88D994A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe

FirewallRules: [{216950FF-F9A5-41B6-9F65-1D577E10C840}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe

FirewallRules: [{ACF40B34-6FB2-4C97-ADE6-2B41489670B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{AFDAA52A-7BFC-48C8-BAFA-910762450512}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{2AC52135-1F68-42FD-A4B7-08CECEF54612}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{0C754123-407A-461C-9770-C3BC1F159E9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{4BBCDD55-2582-4489-AA57-570D48E320E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A363C8E1-869E-4CC4-B027-58FE7432912C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{81F58B79-8819-42C3-85BE-E3710279BBF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{FEC27AE3-557D-4A40-8F2C-7863ACF61E02}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{9F26ED79-CD5F-49FC-95EF-E0783ABA2962}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe

FirewallRules: [{BEF8821F-92DA-45E0-936B-30BB69B16ECC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe

FirewallRules: [{233A92E6-F2D7-4787-94BB-C4F48CBBC5C8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe

FirewallRules: [{803D54DC-431A-405E-BB8F-1B388AA59E55}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe

FirewallRules: [{409E194D-9004-4CA1-9492-0C6C1D9D5331}] => (Allow) LPort=5357

FirewallRules: [{E94E1A04-C352-4E39-9B85-486DF7613183}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{2478AE4D-4A06-4612-8BD0-6F112383BA78}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{DE46C7D2-A1DB-4CE3-9135-334600747E07}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

FirewallRules: [{77FEFB5B-04F3-4610-B353-C536E6A8582B}] => (Allow) C:\Program Files\iTunes\iTunes.exe


==================== Restore Points =========================


02-11-2016 19:53:19 Windows Modules Installer

09-11-2016 16:56:45 Windows Modules Installer

09-11-2016 22:34:54 JRT Pre-Junkware Removal


==================== Faulty Device Manager Devices =============



==================== Event log errors: =========================


Application errors:

==================

Error: (11/10/2016 12:33:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-R38V4I4)

Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


Error: (11/09/2016 11:50:51 PM) (Source: DbxSvc) (EventID: 320) (User: )

Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


Error: (11/09/2016 11:50:44 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR


DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673

Executing Function: PolicyBase::takeControlOfOsc

Message: Failed to acquire OSC: Failure during execution of _OSC:

DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473

Executing Function: EsifServices::primitiveExecuteSet

Message: Error returned from ESIF services interface function call

Participant: NoParticipant

Domain: NoDomain

ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]

ESIF Instance: 255

ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]



Policy: Passive Policy [1]


Error: (11/09/2016 11:50:44 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR


DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673

Executing Function: PolicyBase::takeControlOfOsc

Message: Failed to acquire OSC: Failure during execution of _OSC:

DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473

Executing Function: EsifServices::primitiveExecuteSet

Message: Error returned from ESIF services interface function call

Participant: NoParticipant

Domain: NoDomain

ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]

ESIF Instance: 255

ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]



Policy: Critical Policy [0]


Error: (11/09/2016 11:50:44 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR


DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\WIPolicyCreateAll.cpp @ line 59

Executing Function: WIPolicyCreateAll::execute

Message: Unhandled exception caught during execution of work item

Policy File Name: DptfPolicyActive.dll

Framework Event: PolicyCreate [27]

Exception Function: PolicyManager::createPolicy

Exception Text:


DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 457

Executing Function: EsifServices::primitiveExecuteGet

Message: Error returned from ESIF services interface function call

Participant: NoParticipant

Domain: NoDomain

ESIF Primitive: GET_ACTIVE_RELATIONSHIP_TABLE [89]

ESIF Instance: 255

ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Error: (11/09/2016 11:50:44 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR


DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 693

Executing Function: PolicyBase::releaseControlofOsc

Message: Failed to release OSC: Failure during execution of _OSC:

DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473

Executing Function: EsifServices::primitiveExecuteSet

Message: Error returned from ESIF services interface function call

Participant: NoParticipant

Domain: NoDomain

ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]

ESIF Instance: 255

ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]



Policy: Active Policy [0]


Error: (11/09/2016 11:50:43 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR


DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673

Executing Function: PolicyBase::takeControlOfOsc

Message: Failed to acquire OSC: Failure during execution of _OSC:

DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473

Executing Function: EsifServices::primitiveExecuteSet

Message: Error returned from ESIF services interface function call

Participant: NoParticipant

Domain: NoDomain

ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]

ESIF Instance: 255

ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]



Policy: Active Policy [0]


Error: (11/09/2016 11:35:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-R38V4I4)

Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


Error: (11/09/2016 11:17:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-R38V4I4)

Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


Error: (11/09/2016 11:05:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-R38V4I4)

Description: Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.



System errors:

=============

Error: (11/09/2016 11:56:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8610.


Error: (11/09/2016 10:37:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8610.


Error: (11/09/2016 10:21:59 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)

Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.


Error: (11/09/2016 07:23:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8610.


Error: (11/09/2016 07:20:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8610.


Error: (11/09/2016 05:34:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

and APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (11/09/2016 05:28:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:

An instance of the service is already running.


Error: (11/09/2016 05:28:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

An instance of the service is already running.


Error: (11/09/2016 05:27:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


Error: (11/09/2016 05:27:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).



==================== Memory info ===========================


Processor: Intel® Pentium® CPU N3700 @ 1.60GHz

Percentage of memory in use: 38%

Total physical RAM: 8049.27 MB

Available physical RAM: 4982.04 MB

Total Virtual: 9329.27 MB

Available Virtual: 6292.32 MB


==================== Drives ================================


Drive c: (Windows) (Fixed) (Total:908.99 GB) (Free:785.74 GB) NTFS

Drive d: (RECOVERY) (Fixed) (Total:21.21 GB) (Free:2.43 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================


========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 7F3DC23F)


Partition: GPT.


==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

not sure if this is needed but i ran it anyways:

 

 

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ThreatTrack Security VIPRE
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Auslogics Registry Cleaner
Google Chrome (53.0.2785.143)
Google Chrome (54.0.2840.71)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
MediaMall MediaMallServer.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Let's give this a try

 

Running from C:\Users\hauve\Downloads

 

Please go to hauve\Downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT

Go to an open spot on your desktop, right click and select PASTE

You should now have Farbar Recovery Scan Tool on your desktop.

 

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

FRSTfix.JPG

 

 

start

CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

GroupPolicy: Restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-21-3302668231-1340561324-16488363-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

C:\Users\hauve\AppData\Local\Temp\libeay32.dll

C:\Users\hauve\AppData\Local\Temp\msvcr120.dll

C:\Users\hauve\AppData\Local\Temp\sqlite3.dll

ShortcutWithArgument: C:\Users\hauve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~~~~~~~~~`

 

Please download Emsisoft Emergency Kit and save it to your desktop.

Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

  • Leave all settings as they are and click the Extract button at the bottom.
  • A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
  • Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options.
  • If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and copy it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

Share this post


Link to post
Share on other sites
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016

Ran by hauvegas (10-11-2016 04:58:14) Run:1

Running from C:\Users\hauve\Downloads

Loaded Profiles: hauvegas (Available Profiles: hauvegas & Home & GRETCHEN & hauve_000 & ghau & GRETHEN)

Boot Mode: Normal

==============================================


fixlist content:

*****************

start

CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

GroupPolicy: Restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-21-3302668231-1340561324-16488363-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

C:\Users\hauve\AppData\Local\Temp\libeay32.dll

C:\Users\hauve\AppData\Local\Temp\msvcr120.dll

C:\Users\hauve\AppData\Local\Temp\sqlite3.dll

ShortcutWithArgument: C:\Users\hauve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

Hosts:

End

*****************


Restore point was successfully created.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully

HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully

HKU\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

C:\Users\hauve\AppData\Local\Temp\libeay32.dll => moved successfully

C:\Users\hauve\AppData\Local\Temp\msvcr120.dll => moved successfully

C:\Users\hauve\AppData\Local\Temp\sqlite3.dll => moved successfully

C:\Users\hauve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk => Shortcut argument removed successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk => Shortcut argument removed successfully.


========= ipconfig /flushdns =========



Windows IP Configuration


Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========



========= netsh winsock reset all =========



Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.



========= End of CMD: =========



========= netsh int ipv4 reset =========


Resetting Global, OK!

Resetting Interface, OK!

Resetting Unicast Address, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.


Resetting , OK!

Restart the computer to complete this action.



========= End of CMD: =========



========= netsh int ipv6 reset =========


Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.


Resetting , OK!

Resetting , OK!

Restart the computer to complete this action.



========= End of CMD: =========


C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.


=========== EmptyTemp: ==========


BITS transfer queue => 5514068 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82990993 B

Java, Flash, Steam htmlcache => 0 B

Windows/system/drivers => 2962510 B

Edge => 113110139 B

Chrome => 87726359 B

Firefox => 0 B

Opera => 0 B


Temp, IE cache, history, cookies, recent:

Default => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 0 B

LocalService => 135124 B

NetworkService => 6190 B

hauve => 854950723 B

Home.DESKTOP-R38V4I4 => 0 B

GRETCHEN.DESKTOP-R38V4I4 => 0 B

hauve_000.DESKTOP-R38V4I4 => 0 B

ghau.DESKTOP-R38V4I4 => 0 B

GRETHEN.DESKTOP-R38V4I4 => 0 B


RecycleBin => 0 B

EmptyTemp: => 1.1 GB temporary data Removed.


================================



The system needed a reboot.


==== End of Fixlog 05:01:05 ====

Share this post


Link to post
Share on other sites
Emsisoft Emergency Kit - Version 11.9

Last update: 11/10/2016 5:20:25 AM

User account: DESKTOP-R38V4I4\hauvegas

Computer name: DESKTOP-R38V4I4

OS version: Windows 10x64


Scan settings:


Scan type: Malware Scan

Objects: Rootkits, Memory, Traces, Files


Detect PUPs: On

Scan archives: Off

ADS Scan: On

File extension filter: Off

Advanced caching: On

Direct disk access: Off


Scan start: 11/10/2016 5:22:47 AM


Scanned 82842

Found 0


Scan end: 11/10/2016 5:30:15 AM

Scan time: 0:07:28

Share this post


Link to post
Share on other sites

the pic i posted pops up as soon as i get to the desktop,like i said clicking on any link does nothing.not sure if it is something bad but she said it wasnt there before.have to close that then open a new browser to get on the net. that pop up from pic at the bottom says ''facebook chromium'' and she doesnt know what it is...

Edited by brownhornet

Share this post


Link to post
Share on other sites

"Aw, Snap!" page crashes
I hope, and I mean all fingers and toes are crossed with this is that it's all related to a broken part of this Chromium app.
https://support.google.com/chrome/answer/95669?hl=en

You'll need to uninstall Chromium from the add/remove programs list
Chromium (HKU\S-1-5-21-3302668231-1340561324-16488363-1001\...\Chromium) (Version: 51.0.2683.0 - Chromium)

 

Try that, reboot, see what happens.

Share this post


Link to post
Share on other sites

im worried now..i removed it last night but it still would load on start up.then i found a short cut.removed it then rebooted,didnt pop up as soon as it did before but it started up as before.what is it and should i be very worried. would this chromium thing have anything to do with 100% disk usage?

Share this post


Link to post
Share on other sites

im worried now..i removed it last night but it still would load on start up.then i found a short cut.removed it then rebooted,didnt pop up as soon as it did before but it started up as before.what is it and should i be very worried. would this chromium thing have anything to do with 100% disk usage?

What app or .exe in task manager is using the most disk?

I don't know how it got downloaded, maybe bundled with something else....

 

Did you try Revo?

 

If it's still there

 

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following quote box into the main textfield:

    :folderfind

    Chromium

    :filefind

    Chromium

    :regfind

    Chromium

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

i did a search again and found a folder and some shortcuts and removed them...BUT i see its in the registry.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 18:17 on 10/11/2016 by hauvegas
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "Chromium"
No folders found.

========== filefind ==========

Searching for "Chromium"
No files found.

========== regfind ==========

Searching for "Chromium"
[HKEY_CURRENT_USER\SOFTWARE\Chromium]
[HKEY_CURRENT_USER\SOFTWARE\Chromium\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\hauve\AppData\Local\Chromium\Application\51.0.2683.0\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
@="Chromium"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities]
"ApplicationDescription"="Chromium is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Chromium."
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities]
"ApplicationIcon"="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities]
"ApplicationName"="Chromium"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".htm"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".html"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".shtml"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".xht"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".xhtml"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".webp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu]
"StartMenuInternet"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"ftp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"http"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"https"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"irc"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"mailto"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"mms"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"news"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"nntp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"sms"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"smsto"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"tel"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"urn"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"webcal"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon]
@="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo]
"ReinstallCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --make-default-browser"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo]
"HideIconsCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --hide-icons"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo]
"ShowIconsCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --show-icons"
[HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]
@=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\17ba52b3_0]
@="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0282&subsys_103c809d&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume3\Users\hauve\AppData\Local\Chromium\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chromium"=""c:\users\hauve\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{13807D4F-B44B-40BF-9F92-E4289D42368E}\RecentItems\{B247C7CC-A5E1-4E1C-9D3E-3552F1529E1D}]
"Path"="microsoft-edge:https://www.bing.com/search?q=chromium+browser&form=WNSGPH&qs=LS&cvid=90e61c21b2e54e0ebc24ddcae67be78a&pq=chromium&nclid=A48804F2DE604CEA8D2639E5A08E9C0F&ts=1478827585336&nclidts=1478827585&tsms=336&cc=US&setlang=en-US"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{13807D4F-B44B-40BF-9F92-E4289D42368E}\RecentItems\{B247C7CC-A5E1-4E1C-9D3E-3552F1529E1D}]
"DisplayName"="microsoft-edge:https://www.bing.com/search?q=chromium+browser&form=WNSGPH&qs=LS&cvid=90e61c21b2e54e0ebc24ddcae67be78a&pq=chromium&nclid=A48804F2DE604CEA8D2639E5A08E9C0F&ts=1478827585336&nclidts=1478827585&tsms=336&cc=US&setlang=en-US"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{15966E5F-B8B8-4F56-AC7B-0C460728312B}]
"AppId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\RegisteredApplications]
"Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="Software\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities"
[HKEY_CURRENT_USER\SOFTWARE\Classes\.webp\OpenWithProgids]
"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=""
[HKEY_CURRENT_USER\SOFTWARE\Classes\.xht\OpenWithProgids]
"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=""
[HKEY_CURRENT_USER\SOFTWARE\Classes\.xhtml\OpenWithProgids]
"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=""
[HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
[HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
@="Chromium HTML Document"
[HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
"AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"ApplicationIcon"="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"ApplicationName"="Chromium"
[HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"ApplicationCompany"="Chromium"
[HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon]
@="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]
@=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium]
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\hauve\AppData\Local\Chromium\Application\51.0.2683.0\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
@="Chromium"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities]
"ApplicationDescription"="Chromium is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Chromium."
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities]
"ApplicationIcon"="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities]
"ApplicationName"="Chromium"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".htm"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".html"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".shtml"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".xht"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".xhtml"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
".webp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu]
"StartMenuInternet"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"ftp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"http"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"https"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"irc"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"mailto"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"mms"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"news"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"nntp"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"sms"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"smsto"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"tel"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"urn"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
"webcal"="ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon]
@="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo]
"ReinstallCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --make-default-browser"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo]
"HideIconsCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --hide-icons"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo]
"ShowIconsCommand"=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" --show-icons"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]
@=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe""
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\17ba52b3_0]
@="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0282&subsys_103c809d&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume3\Users\hauve\AppData\Local\Chromium\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chromium"=""c:\users\hauve\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{13807D4F-B44B-40BF-9F92-E4289D42368E}\RecentItems\{B247C7CC-A5E1-4E1C-9D3E-3552F1529E1D}]
"Path"="microsoft-edge:https://www.bing.com/search?q=chromium+browser&form=WNSGPH&qs=LS&cvid=90e61c21b2e54e0ebc24ddcae67be78a&pq=chromium&nclid=A48804F2DE604CEA8D2639E5A08E9C0F&ts=1478827585336&nclidts=1478827585&tsms=336&cc=US&setlang=en-US"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{13807D4F-B44B-40BF-9F92-E4289D42368E}\RecentItems\{B247C7CC-A5E1-4E1C-9D3E-3552F1529E1D}]
"DisplayName"="microsoft-edge:https://www.bing.com/search?q=chromium+browser&form=WNSGPH&qs=LS&cvid=90e61c21b2e54e0ebc24ddcae67be78a&pq=chromium&nclid=A48804F2DE604CEA8D2639E5A08E9C0F&ts=1478827585336&nclidts=1478827585&tsms=336&cc=US&setlang=en-US"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{15966E5F-B8B8-4F56-AC7B-0C460728312B}]
"AppId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\RegisteredApplications]
"Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"="Software\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.webp\OpenWithProgids]
"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=""
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xht\OpenWithProgids]
"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=""
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xhtml\OpenWithProgids]
"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=""
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
@="Chromium HTML Document"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
"AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"ApplicationIcon"="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"ApplicationName"="Chromium"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"ApplicationCompany"="Chromium"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon]
@="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]
@=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\.webp\OpenWithProgids]
"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=""
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\.xht\OpenWithProgids]
"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=""
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\.xhtml\OpenWithProgids]
"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=""
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
@="Chromium HTML Document"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
"AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"AppUserModelId"="Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"ApplicationIcon"="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"ApplicationName"="Chromium"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
"ApplicationCompany"="Chromium"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon]
@="C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]
@=""C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" -- "%1""

-= EOF =-

Share this post


Link to post
Share on other sites

Geeees!

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

FRSTfix.JPG

 

 

start

CreateRestorePoint:

CloseProcesses:

C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe

C:\Users\hauve\AppData\Local\Chromium

Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Chromium]

Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]

Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu]

Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]

Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]

Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]

Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium]

Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]

Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities]

Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]

Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu]

Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon]

Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo]

Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]

Reg: reg delete [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Chromium"=-

Reg: reg delete [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xhtml\OpenWithProgids]

"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=-

Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]

Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by hauvegas (11-11-2016 05:29:18) Run:2
Running from C:\Users\hauve\Downloads
Loaded Profiles: hauvegas (Available Profiles: hauvegas & Home & GRETCHEN & hauve_000 & ghau & GRETHEN)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe
C:\Users\hauve\AppData\Local\Chromium
Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Chromium]
Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu]
Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]
Reg: reg delete [-HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium]
Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities]
Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu]
Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon]
Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo]
Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]
Reg: reg delete [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chromium"=-
Reg: reg delete [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xhtml\OpenWithProgids]
"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=-
Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
Reg: reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Users\hauve\AppData\Local\Chromium\Application\chrome.exe" => not found.
"C:\Users\hauve\AppData\Local\Chromium" => not found.

========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Chromium] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========

"Chromium"=- => Error: No automatic fix found for this entry.

========= reg delete [HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xhtml\OpenWithProgids] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========

"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=- => Error: No automatic fix found for this entry.

========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete [-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 3022745 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14871646 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 609389 B
Edge => 0 B
Chrome => 7250477 B
Firefox => 18588500 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
hauve => 31659127 B
Home.DESKTOP-R38V4I4 => 0 B
GRETCHEN.DESKTOP-R38V4I4 => 0 B
hauve_000.DESKTOP-R38V4I4 => 0 B
ghau.DESKTOP-R38V4I4 => 0 B
GRETHEN.DESKTOP-R38V4I4 => 0 B

RecycleBin => 122666 B
EmptyTemp: => 72.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 05:31:04 ====

Share this post


Link to post
Share on other sites

grrrrrrr

I did something wrong

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

FRSTfix.JPG

 

 

start

CreateRestorePoint:

CloseProcesses:

StartRegedit:

[-HKEY_CURRENT_USER\SOFTWARE\Chromium]

[-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]

[-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu]

[-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]

[-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]

[-HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]

[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium]

[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]

[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities]

[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]

[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu]

[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon]

[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo]

[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]

[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Chromium"=-

[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xhtml\OpenWithProgids]

"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=-

[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]

[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]

EndRegedit:

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by hauvegas (11-11-2016 13:01:16) Run:3
Running from C:\Users\hauve\Downloads
Loaded Profiles: hauvegas (Available Profiles: hauvegas & Home & GRETCHEN & hauve_000 & ghau & GRETHEN)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
StartRegedit:
[-HKEY_CURRENT_USER\SOFTWARE\Chromium]
[-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
[-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu]
[-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\URLAssociations]
[-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]
[-HKEY_CURRENT_USER\SOFTWARE\Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Chromium]
[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities]
[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\FileAssociations]
[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Capabilities\Startmenu]
[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\DefaultIcon]
[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\InstallInfo]
[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Clients\StartMenuInternet\Chromium.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\shell\open\command]
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chromium"=-
[HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001\SOFTWARE\Classes\.xhtml\OpenWithProgids]
"ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ"=-
[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ]
[-HKEY_USERS\S-1-5-21-3302668231-1340561324-16488363-1001_Classes\ChromiumHTM.TCRSHKLJ4QOSHG2MBUAZSTZJBQ\Application]
EndRegedit:
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.

====> Registry
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 308208 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12852056 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 606973 B
Edge => 0 B
Chrome => 0 B
Firefox => 11389502 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 822 B
NetworkService => 0 B
hauve => 542480 B
Home.DESKTOP-R38V4I4 => 0 B
GRETCHEN.DESKTOP-R38V4I4 => 0 B
hauve_000.DESKTOP-R38V4I4 => 0 B
ghau.DESKTOP-R38V4I4 => 0 B
GRETHEN.DESKTOP-R38V4I4 => 0 B

RecycleBin => 4353 B
EmptyTemp: => 24.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:02:34 ====

Share this post


Link to post
Share on other sites

seems to be ok,kinda slow opening a browser.and the CPU usage keeps going from 70%-100% and all i can see using any resource is carbonite and cortana and anti maleware service...so how bad was it..

Share this post


Link to post
Share on other sites

seems to be ok,kinda slow opening a browser.and the CPU usage keeps going from 70%-100% and all i can see using any resource is carbonite and cortana and anti maleware service...so how bad was it..

If it's carbonite it's making a backup

Now cortana is new and comes with windows 10 (Many don't care for it)

https://en.wikipedia.org/wiki/Cortana_(software)

And it can be disabled

http://www.pcworld.com/article/2949759/windows/killing-cortana-how-to-disable-windows-10s-info-hungry-digital-assistant.html

 

anti malware service should update and scan out if it's setup with those directions.

then the computer should settle a bit.

 

Let it run an hour or so, see if it improves.

Share this post


Link to post
Share on other sites

Is this a work computer that it needs a daily backup?

I think for an average user, every couple of days or once a week would suffice.

 

From what we've done it appears to be clear but, the user is my best detective.

Share this post


Link to post
Share on other sites

she is a realtor agent so once a day should be fine..having the laptop for the past 2 days i can say that i see a big difference...thanks again

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...