jacobi Posted January 28, 2017 Posted January 28, 2017 My chrome won't work. When I click on chrome it goes to task bar but not to desktop for me to view. I've tried to restore to an earlier date but no help. In file explorer I have hidden files shown.I also used unhide.exe. I uninstalled chrome a couple times and installed and rebooted.I right clicked on chrome and properties and on the stortcut tab I changed from run to maximum.I downloaded Farbor Service scanner,used that. Don't know what else to try. I did have 32 bit avg & chrome 32 bit I believe. I downloaded avg free 64 bit and also downloaded chrome 64 bit I got the same problem I'm using w-10 hP desktop.I also used adcleaner at bleeping.Can't find the trouble . Now I used spybotbeacon to see if that would help. Also once in awhile my email shows up in the taskbar chrome small minimized . Quote
KenB Posted January 29, 2017 Posted January 29, 2017 Hi and welcome to ExTS I will ask one of our security experts to take a look at your problem. Please be patient. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
ExTS Admin Starbuck Posted January 29, 2017 ExTS Admin Posted January 29, 2017 Hi jacobi, I also used unhide.exe. That wouldn't make any difference... that's not what that program is for. I downloaded Farbar Service scanner,used that. That wouldn't tell you what the problem is. In file explorer I have hidden files shown. Again... this wouldn't help. Normally the fixes for this are quite simple. Ok, you tried the first option: I right clicked on chrome and properties and on the shortcut tab I changed from run to maximum. But don't forget that applications will always open the same way that they are closed down. So if an application is minimized when closed down ... it'll open minimized. (these settings will over-ride the shortcut option to open maximized ) Is Chrome maximized when you close it? Another thing to try when closing Chrome is to make sure the screen is maximized and then close it down using the Exit option in the Chrome options. Either a spanner or a series of 3 vertical dots above one another.... depending on your version Quote Member of:UNITE
jacobi Posted January 29, 2017 Author Posted January 29, 2017 Thanks for the input I can't open chrome at all it just lets me view the small displays on top of the taskbar.One other thing I noticed sometimes when I click on chrome I get a small picture of my email. and then it's gone.My email icon I was using won't work either, so I use my own icon that works good.Kind of crazy ,right? Quote
ExTS Admin Starbuck Posted January 30, 2017 ExTS Admin Posted January 30, 2017 What about Edge or IE ... do they open normally? IE is under Start >> Windows Accessories >> Internet Explorer Quote Member of:UNITE
jacobi Posted February 1, 2017 Author Posted February 1, 2017 google chrome not opening What about Edge or IE ... do they open normally? IE is under Start >> Windows Accessories >> Internet Explorer All the other browsers work ok it's just Chrome not opening from taskbar. I can't close in max position because I cannot open it. Quote
ExTS Admin Starbuck Posted February 1, 2017 ExTS Admin Posted February 1, 2017 This is definitely an odd one. Maybe FRST can throw some light onto why this is happening. Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Make sure that Addition.txt is selected at the bottom Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. In your reply, please post both reports from FRST. Thanks Quote Member of:UNITE
KenB Posted February 2, 2017 Posted February 2, 2017 I don't want to confuse things by having two sets of advice running but this will only take one reply. Right click on the Chrome icon in the taskbar. Then right click on "Google Chrome" Now left click "Properties" What does it say in "Target" What does it say in "Start in" Does "Run as Administrator" work ? Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jacobi Posted February 3, 2017 Author Posted February 3, 2017 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" under target "C:\Program Files (x86)\Google\Chrome\Application" under start I believe run as admin works Quote
KenB Posted February 3, 2017 Posted February 3, 2017 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" under target "C:\Program Files (x86)\Google\Chrome\Application" under start These are correct. At least "Run as Admin" is a work around for the moment. Please do as Starbuck asks in post #7 Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jacobi Posted February 4, 2017 Author Posted February 4, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29 I've been having trouble sending my scan .I thought I sent it a couple times but didn't go. sent this1st pat now with advanced I thought. Should I us quick reply If his works I'll send the last half of the scan. Quote
ExTS Admin Starbuck Posted February 4, 2017 ExTS Admin Posted February 4, 2017 Hi jacobi, It may be because the reports are too large for one post. Either split them over a couple of posts or add them as attachments. After clicking on Reply to thread, You'll need to click on the Go Advanced button to be able to add attachments. Quote Member of:UNITE
jacobi Posted February 4, 2017 Author Posted February 4, 2017 chrome don't work Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29 (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-02 15:43 - 2016-08-29 14:17 - 00000462 _____ C:\Users\johnson\Desktop\Ixquick Search Engine.website 2017-02-02 14:56 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-02 13:02 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-02 11:34 - 2016-08-31 10:40 - 00000497 _____ C:\Users\johnson\Desktop\Midwest Auctions - Your Online Auction Guide auctions in Minnesota, North Dakota, South Dakota, Iowa and Wisconsin.website 2017-02-02 11:02 - 2016-09-01 10:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-02 10:54 - 2016-08-28 20:32 - 00000000 ____D C:\Users\johnson\AppData\Local\Google 2017-02-02 10:23 - 2016-08-28 20:32 - 00000000 ____D C:\Program Files (x86)\Google 2017-02-01 13:18 - 2016-08-28 20:39 - 00000000 ____D C:\ProgramData\PDFC 2017-02-01 13:09 - 2016-09-20 14:55 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjohnson.job 2017-02-01 13:04 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-01-29 15:12 - 2016-08-30 10:21 - 00000000 ____D C:\WINDOWS\hpoj4500g510g-m 2017-01-29 15:12 - 2016-08-28 20:44 - 00000000 ____D C:\ProgramData\truesuite 2017-01-29 15:12 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-01-28 12:41 - 2016-08-28 19:54 - 00000000 ____D C:\Users\johnson\AppData\LocalLow\AuthenTec 2017-01-28 10:27 - 2016-10-31 09:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-28 10:25 - 2016-08-30 10:24 - 00000000 ____D C:\Users\johnson\AppData\Roaming\Yahoo! 2017-01-28 10:25 - 2016-08-30 10:24 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2017-01-27 12:44 - 2016-10-30 15:57 - 00000000 ____D C:\ProgramData\Avg 2017-01-27 10:48 - 2016-10-30 16:50 - 00000000 ____D C:\Users\johnson\AppData\Roaming\AVG 2017-01-27 10:47 - 2016-10-30 15:57 - 00000000 ____D C:\Users\johnson\AppData\Local\AvgSetupLog 2017-01-27 10:45 - 2016-10-30 16:12 - 00000000 ____D C:\Program Files (x86)\AVG 2017-01-26 11:40 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-26 10:02 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF 2017-01-24 18:02 - 2016-10-30 15:57 - 00000000 ____D C:\Users\johnson\AppData\Local\Avg 2017-01-21 18:50 - 2016-07-16 05:47 - 00000000 __RSD C:\WINDOWS\Media 2017-01-21 18:49 - 2016-08-28 20:33 - 00000000 ____D C:\ProgramData\RoxioNow 2017-01-21 18:35 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\registration 2017-01-15 11:00 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache 2017-01-15 00:04 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-01-15 00:04 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-01-15 00:04 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-01-15 00:04 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-01-15 00:04 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\Provisioning 2017-01-14 11:41 - 2016-09-08 09:14 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-01-14 11:36 - 2016-09-08 09:12 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-01-07 09:45 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\appcompat 2017-01-06 17:47 - 2017-01-02 17:57 - 00000000 ____D C:\Users\johnson\Documents\jan.3 electronics + osciioscopes 2017-01-06 10:20 - 2016-08-28 20:24 - 00000000 ____D C:\Program Files (x86)\Intel 2017-01-06 07:30 - 2016-07-16 05:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2017-01-06 07:24 - 2016-07-16 05:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\system32\F12 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ___RD C:\Program Files\Windows Defender 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\setup 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\migwiz 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\et-EE 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\es-MX 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\en-GB 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\bcastdvr 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-01-06 07:24 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-01-06 07:24 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2017-01-06 07:24 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Dism 2017-01-06 07:24 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\servicing 2017-01-06 07:09 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2017-01-06 07:08 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2017-01-06 07:08 - 2016-07-16 05:44 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll 2017-01-06 07:08 - 2016-07-16 05:44 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll 2017-01-06 07:08 - 2016-07-16 05:44 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll 2017-01-06 07:08 - 2016-07-16 05:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll 2017-01-06 07:08 - 2016-07-16 05:44 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll 2017-01-06 07:08 - 2016-07-16 05:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb 2017-01-06 07:08 - 2016-07-16 05:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb 2017-01-06 07:08 - 2016-07-16 05:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb 2017-01-06 07:08 - 2016-07-16 05:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll 2017-01-06 07:08 - 2016-07-16 05:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb 2017-01-06 07:08 - 2016-07-16 05:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll 2017-01-06 07:08 - 2016-07-16 05:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe 2017-01-06 07:08 - 2016-07-16 05:44 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll 2017-01-06 07:08 - 2016-07-16 05:44 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll 2017-01-06 07:08 - 2016-07-16 05:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll 2017-01-06 07:08 - 2016-07-16 05:44 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof 2017-01-06 07:08 - 2016-07-16 05:43 - 01414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys 2017-01-06 07:08 - 2016-07-16 05:43 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb 2017-01-06 07:08 - 2016-07-16 05:43 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb 2017-01-06 07:08 - 2016-07-16 05:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb 2017-01-06 07:08 - 2016-07-16 05:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe 2017-01-06 07:08 - 2016-07-16 05:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb 2017-01-06 07:08 - 2016-07-16 05:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe 2017-01-06 07:08 - 2016-07-16 05:43 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe 2017-01-06 07:08 - 2016-07-16 05:43 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll 2017-01-06 07:08 - 2016-07-16 05:43 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof 2017-01-06 05:47 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\USOPrivate 2017-01-06 05:47 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-01-06 05:46 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2017-01-06 05:46 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2017-01-06 05:46 - 2009-07-13 21:20 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2017-01-06 05:45 - 2016-07-16 05:47 - 00000000 ___RD C:\Users\Public\Libraries 2017-01-06 05:43 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\spool 2017-01-06 05:43 - 2009-07-13 21:20 - 00000000 ____D C:\Users\Default.migrated 2017-01-06 05:41 - 2016-11-01 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2017-01-06 05:41 - 2016-09-08 02:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-01-06 05:41 - 2016-09-01 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2017-01-06 05:41 - 2016-08-28 21:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services 2017-01-06 05:41 - 2016-08-28 20:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2017-01-06 05:41 - 2016-08-28 20:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2017-01-06 05:41 - 2016-08-28 20:41 - 00000000 ____D C:\WINDOWS\en 2017-01-06 05:41 - 2016-08-28 20:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers 2017-01-06 05:41 - 2016-08-28 20:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos 2017-01-06 05:41 - 2016-08-28 20:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager 2017-01-06 05:41 - 2016-08-28 20:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2017-01-06 05:41 - 2016-08-28 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2017-01-06 05:41 - 2016-08-28 20:28 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools 2017-01-06 05:41 - 2016-08-28 20:14 - 00000000 ____D C:\WINDOWS\SysWOW64\%COREALLUSERPATH% 2017-01-06 05:41 - 2016-08-28 19:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services 2017-01-06 05:41 - 2016-08-28 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics 2017-01-06 05:41 - 2016-08-28 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP User Manuals 2017-01-06 05:41 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-01-06 05:38 - 2016-09-13 14:47 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information 2017-01-06 05:38 - 2016-08-30 10:22 - 00000000 ____D C:\WINDOWS\SysWOW64\spool 2017-01-06 05:38 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-01-06 05:38 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME 2017-01-06 05:38 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-01-06 05:38 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-01-06 05:38 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\IME 2017-01-06 05:38 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\schemas 2017-01-06 05:37 - 2016-09-21 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series 2017-01-06 05:37 - 2016-08-28 20:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2017-01-06 05:37 - 2016-08-28 20:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat 2017-01-06 05:37 - 2016-07-16 05:47 - 00000000 __SHD C:\Program Files\Windows Sidebar 2017-01-06 05:37 - 2016-07-16 05:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar 2017-01-06 05:37 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\Help 2017-01-06 05:37 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-01-06 05:37 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Microsoft Games 2017-01-06 05:37 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\DVD Maker 2017-01-06 05:37 - 2009-07-13 21:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-01-06 05:35 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2017-01-06 05:34 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\PrintDialog 2017-01-06 05:34 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\MiracastView 2017-01-06 04:55 - 2009-07-13 22:45 - 00016976 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-06 04:55 - 2009-07-13 22:45 - 00016976 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-06 04:34 - 2016-10-14 12:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-01-05 17:44 - 2016-09-17 14:57 - 00000000 ____D C:\Users\johnson\AppData\Local\CrashDumps ==================== Files in the root of some directories ======= 2016-08-28 20:43 - 2011-06-09 17:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011 Some files in TEMP: ==================== 2017-01-29 10:22 - 2017-01-29 10:22 - 0006144 _____ () C:\Users\johnson\AppData\Local\Temp\-j61psnc.dll 2017-01-26 10:01 - 2017-01-26 10:02 - 6187064 _____ (PC Drivers HeadQuarters LP) C:\Users\johnson\AppData\Local\Temp\DriverSupport.exe 2017-02-02 10:06 - 2017-02-02 10:06 - 0094208 _____ () C:\Users\johnson\AppData\Local\Temp\fjy9bice.dll 2017-02-02 10:06 - 2017-02-02 10:06 - 0006144 _____ () C:\Users\johnson\AppData\Local\Temp\iid-exne.dll 2017-01-28 10:13 - 2017-01-28 10:13 - 0010752 _____ () C:\Users\johnson\AppData\Local\Temp\vim9tu59.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-26 14:29 ==================== End of FRST.txt ============================ Quote
jacobi Posted February 4, 2017 Author Posted February 4, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017 Ran by johnson (administrator) on JOHNSON-HP (02-02-2017 18:09:20) Running from C:\Users\johnson\Desktop Loaded Profiles: johnson (Available Profiles: johnson & norman) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (PC Drivers Headquarters LP) C:\Program Files (x86)\Driver Support\DriverSupport.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (PC Drivers HeadQuarters LP) C:\Program Files (x86)\Driver Support\svc\DriverSupportAOsvc.exe (PC Drivers HeadQuarters LP) C:\Program Files (x86)\Driver Support\svc\DriverSupportAO.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\WindowsApps\11361JustinChase.Clipboard_1.6.0.18_neutral__aahkhnxzpwnc4\Clipboard.exe (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-01-09] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe [9523496 2017-01-27] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\...\Run: [Google Update] => C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2017-02-02] (Google Inc.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{fd14d3f5-d522-41a4-b3a1-b81b8aaf5e44}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {6B1C1C7C-C622-41F0-A32A-55162A248E22} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {6B1C1C7C-C622-41F0-A32A-55162A248E22} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> {6B1C1C7C-C622-41F0-A32A-55162A248E22} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-28] (Google Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-28] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-28] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-28] (Google Inc.) Toolbar: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FireFox: ======== FF DefaultProfile: 51bsi5gn.default FF ProfilePath: C:\Users\johnson\AppData\Roaming\Mozilla\Firefox\Profiles\51bsi5gn.default [2017-02-02] FF Extension: (Search for Fire Fox) - C:\Users\johnson\AppData\Roaming\Mozilla\Firefox\Profiles\51bsi5gn.default\Extensions\{58f9a1bb-0635-4b79-bb41-166c3e810329}.xpi [2017-01-26] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-11-06] [not signed] FF HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin HKU\S-1-5-21-1299748725-2840673240-3181589748-1001: @tools.google.com/Google Update;version=3 -> C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-1299748725-2840673240-3181589748-1001: @tools.google.com/Google Update;version=9 -> C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-02] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default [2017-02-02] CHR Extension: (Google Slides) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-06] CHR Extension: (Google Docs) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-06] CHR Extension: (Google Drive) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-28] CHR Extension: (YouTube) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-28] CHR Extension: (Google Sheets) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-06] CHR Extension: (Google Docs Offline) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-06] CHR Extension: (FromDocToPDF) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchmmhlbahnilgeflhdciiobdnmjgiag [2016-09-17] CHR Extension: (Website Logon) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe [2016-11-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21] CHR Extension: (Gmail) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-28] CHR Extension: (Chrome Media Router) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-26] CHR Profile: C:\Users\johnson\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-03] CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [260080 2017-01-27] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [6183576 2017-01-27] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1255272 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 DSAO; C:\Program Files (x86)\driver support\svc\DriverSupportAOsvc.exe [2033104 2016-10-22] (PC Drivers HeadQuarters LP) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2016-11-12] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [165624 2017-01-27] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [311592 2017-01-27] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192096 2017-01-27] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336920 2017-01-27] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [50848 2017-01-27] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39288 2017-01-27] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [127072 2017-01-27] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [101624 2017-01-27] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [75664 2017-01-27] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [992488 2017-01-27] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [555152 2017-01-27] (AVG Technologies CZ, s.r.o.) R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [163512 2017-01-27] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [311472 2017-01-27] (AVG Technologies CZ, s.r.o.) R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider) R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2016-08-28] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved Quote
jacobi Posted February 4, 2017 Author Posted February 4, 2017 chrom don't work Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017 Ran by johnson (administrator) on JOHNSON-HP (02-02-2017 18:09:20) Running from C:\Users\johnson\Desktop Loaded Profiles: johnson (Available Profiles: johnson & norman) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (PC Drivers Headquarters LP) C:\Program Files (x86)\Driver Support\DriverSupport.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (PC Drivers HeadQuarters LP) C:\Program Files (x86)\Driver Support\svc\DriverSupportAOsvc.exe (PC Drivers HeadQuarters LP) C:\Program Files (x86)\Driver Support\svc\DriverSupportAO.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\WindowsApps\11361JustinChase.Clipboard_1.6.0.18_neutral__aahkhnxzpwnc4\Clipboard.exe (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-01-09] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe [9523496 2017-01-27] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\...\Run: [Google Update] => C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2017-02-02] (Google Inc.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{fd14d3f5-d522-41a4-b3a1-b81b8aaf5e44}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {6B1C1C7C-C622-41F0-A32A-55162A248E22} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {6B1C1C7C-C622-41F0-A32A-55162A248E22} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> {6B1C1C7C-C622-41F0-A32A-55162A248E22} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-28] (Google Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-28] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-28] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-28] (Google Inc.) Toolbar: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FireFox: ======== FF DefaultProfile: 51bsi5gn.default FF ProfilePath: C:\Users\johnson\AppData\Roaming\Mozilla\Firefox\Profiles\51bsi5gn.default [2017-02-02] FF Extension: (Search for Fire Fox) - C:\Users\johnson\AppData\Roaming\Mozilla\Firefox\Profiles\51bsi5gn.default\Extensions\{58f9a1bb-0635-4b79-bb41-166c3e810329}.xpi [2017-01-26] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-11-06] [not signed] FF HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin HKU\S-1-5-21-1299748725-2840673240-3181589748-1001: @tools.google.com/Google Update;version=3 -> C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-1299748725-2840673240-3181589748-1001: @tools.google.com/Google Update;version=9 -> C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-02] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default [2017-02-02] CHR Extension: (Google Slides) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-06] CHR Extension: (Google Docs) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-06] CHR Extension: (Google Drive) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-28] CHR Extension: (YouTube) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-28] CHR Extension: (Google Sheets) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-06] CHR Extension: (Google Docs Offline) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-06] CHR Extension: (FromDocToPDF) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchmmhlbahnilgeflhdciiobdnmjgiag [2016-09-17] CHR Extension: (Website Logon) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe [2016-11-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21] CHR Extension: (Gmail) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-28] CHR Extension: (Chrome Media Router) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-26] CHR Profile: C:\Users\johnson\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-03] CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [260080 2017-01-27] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [6183576 2017-01-27] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1255272 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 DSAO; C:\Program Files (x86)\driver support\svc\DriverSupportAOsvc.exe [2033104 2016-10-22] (PC Drivers HeadQuarters LP) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2016-11-12] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [165624 2017-01-27] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [311592 2017-01-27] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192096 2017-01-27] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336920 2017-01-27] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [50848 2017-01-27] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39288 2017-01-27] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [127072 2017-01-27] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [101624 2017-01-27] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [75664 2017-01-27] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [992488 2017-01-27] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [555152 2017-01-27] (AVG Technologies CZ, s.r.o.) R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [163512 2017-01-27] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [311472 2017-01-27] (AVG Technologies CZ, s.r.o.) R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider) R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2016-08-28] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved Quote
ExTS Admin Starbuck Posted February 4, 2017 ExTS Admin Posted February 4, 2017 Hi jacobi, Could you also post the addition.txt There will be a copy of this on your Desktop. I need to double check a few things and the addition.txt will have the info I need. Thanks Quote Member of:UNITE
jacobi Posted February 5, 2017 Author Posted February 5, 2017 Hi jacobi, Could you also post the addition.txt There will be a copy of this on your Desktop. I need to double check a few things and the addition.txt will have the info I need. Thanks[/quoteAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017 Ran by johnson (02-02-2017 18:11:01) Running from C:\Users\johnson\Desktop Windows 10 Home Version 1607 (X64) (2017-01-06 15:59:29) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1299748725-2840673240-3181589748-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1299748725-2840673240-3181589748-503 - Limited - Disabled) Guest (S-1-5-21-1299748725-2840673240-3181589748-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1299748725-2840673240-3181589748-1002 - Limited - Enabled) johnson (S-1-5-21-1299748725-2840673240-3181589748-1001 - Administrator - Enabled) => C:\Users\johnson norman (S-1-5-21-1299748725-2840673240-3181589748-1004 - Limited - Enabled) => C:\Users\norman ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden AuthenTec TrueAPI (Version: 1.3.0.116 - AuthenTec, Inc.) Hidden AVG (HKLM\...\AvgZen) (Version: 1.126.2.56387 - AVG Technologies) AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.1.3006 - AVG Technologies) AVG Zen (Version: 1.126.7 - AVG Technologies) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version: - Canon Inc.) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.4.37 - PC Drivers HeadQuarters LP) <==== ATTENTION Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden FMW 1 (Version: 1.152.5 - AVG Technologies) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\...\Google Chrome SxS) (Version: 58.0.3000.0 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP) HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company) HP SimplePass PE 2011 (HKLM-x32\...\{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}) (Version: 5.3.0.194 - Hewlett-Packard) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.50.9 - HP Inc.) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{E7F7C2F3-0BEF-471A-A6F3-4B43002034F4}) (Version: 12.5.32.203 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard) HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden VIP Access SDK (1.0.1.4) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.) Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden Windows Driver Package - Alcor Micro, Corp. (AmUStor) USB (04/11/2016 1.0.145.40103) (HKLM\...\7DBA26E9A80D98472F1CF95A0767EB4949C8885D) (Version: 04/11/2016 1.0.145.40103 - Alcor Micro, Corp.) Windows Driver Package - INTEL System (08/17/2016 10.1.1.35) (HKLM\...\451728D2C184D2660B74B647371687CAE06458A6) (Version: 08/17/2016 10.1.1.35 - INTEL) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\johnson\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\johnson\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= Quote
jacobi Posted February 5, 2017 Author Posted February 5, 2017 chrome don';t work in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02294D0B-7700-48E0-B608-47C6F972F368} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1299748725-2840673240-3181589748-1001UA => C:\Users\johnson\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-02] (Google Inc.) Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {100106ED-7309-4442-9A51-7B981E818C7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.) Task: {16148B58-7BE7-40A9-9301-F4316CA0586E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {1DBE1DA8-EC4D-43A8-9211-7A79ADAD6EB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.) Task: {2C7382A3-B92A-42F8-9B47-17343C731095} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {3BA58CD2-6D3D-4691-B39F-A8A256308857} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated) Task: {44050269-0D2D-4143-A83A-BBB00844F8E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {487439A5-8857-4FAF-9176-1319ED8B7CDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.) Task: {4D0B003D-84DF-41CB-B93E-AFFA3BE19081} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-01-12] (PC Drivers Headquarters LP) Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {60FDD1C0-3CB4-43EC-9585-EF06480EF0EE} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-01-12] (PC Drivers Headquarters LP) Task: {629D44A3-0E4C-41DE-B7A4-319A4230C94C} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-01-27] (AVG Technologies CZ, s.r.o.) Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7653EF50-8645-4345-90D9-8F0370DD4E61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.) Task: {7C08363C-3BE1-497D-8E46-535B389248BE} - \DriverUpdate Plus Autostart -> No File <==== ATTENTION Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B37F7684-87C2-4FCE-8C4D-D8B2743C2C3B} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-01-12] (PC Drivers Headquarters LP) Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BE689D5B-151D-45B7-A75A-6A0EEDF5EF24} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-01-12] (PC Drivers Headquarters LP) Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C4441B81-D463-4334-8DDB-1B8A21A73015} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-20] (CyberLink) Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CB49B405-8F58-47A1-94EA-456AD3BA1F3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.) Task: {CCC8BAFB-1D8E-47BC-907B-2389BE8FDB55} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {CCE5B268-A298-41E1-BA53-F4D66D7502F0} - \DriverAssist.AutoScheduledFirstWeek -> No File <==== ATTENTION Task: {EC84A4E7-8BD0-4933-93A1-3B310E9FA9E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.) Task: {ECFBE5E3-A68A-4F64-B21F-F9CD2D4ED7C0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1299748725-2840673240-3181589748-1001Core => C:\Users\johnson\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-02] (Google Inc.) Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F0347D40-49C4-46F6-AFB5-FE3AEBBE61A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F69D18AD-122F-4E94-A268-6B205067FE5F} - \DriverUpdate Startup.job -> No File <==== ATTENTION Task: {FE359D52-B96F-4580-9929-3CFDC7A49C65} - System32\Tasks\HPCeeScheduleForjohnson => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForjohnson.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-01-06 07:21 - 2017-01-06 07:21 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2017-01-06 07:21 - 2017-01-06 07:21 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-01-06 07:21 - 2017-01-06 07:21 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2017-01-06 07:21 - 2017-01-06 07:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-12 16:00 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-22 17:11 - 2017-01-22 17:16 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-01-22 17:11 - 2017-01-22 17:16 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-01-22 17:11 - 2017-01-22 17:16 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-01-06 11:06 - 2017-01-06 11:12 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll 2016-08-24 22:19 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2017-01-12 15:59 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-02-02 10:54 - 2017-02-02 04:47 - 02927448 _____ () C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\58.0.3000.0\libglesv2.dll 2017-02-02 10:54 - 2017-02-02 04:47 - 00099672 _____ () C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\58.0.3000.0\libegl.dll 2017-02-02 13:02 - 2017-02-02 13:02 - 00051200 _____ () C:\Program Files\WindowsApps\11361JustinChase.Clipboard_1.6.0.18_neutral__aahkhnxzpwnc4\Clipboard.exe 2017-01-12 15:59 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-12 15:59 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-12 15:59 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-12 15:59 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-12 15:59 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-01-27 10:44 - 2016-06-23 13:07 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2017-01-27 10:46 - 2017-01-27 10:46 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll 2017-01-27 10:46 - 2017-01-27 10:46 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll 2017-01-27 10:46 - 2017-01-27 10:46 - 00656040 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\...\driversupport.com -> hxxp://apps.driversupport.com IE trusted site: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\...\driversupport.com -> hxxps://apps.driversupport.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808 FirewallRules: [{A81BE6D1-9FC2-49D4-ABEF-E7CA78D547DE}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{2FD0A9CE-980E-4661-ADC0-D07973EAD8A7}] => C:\Program Files (x86)\Hp\Digital Imaging\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}\setup\hpznui40.exe FirewallRules: [{D2D1B519-5DBD-4F8B-8CA5-62BD55E299F6}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{2426393F-F255-46CD-9EC8-CF3A8A57618E}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{5DAE54BF-4AA2-4FF1-8893-10CB1A807D8B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{096C0F49-F393-47C5-BC9C-1815C2EEFF17}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{6C078DC6-5AF6-41E6-B9B4-BE32C8150DF4}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{322150F3-C1FA-42AA-BDA8-64BFB51158DD}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{03E99B30-302D-4F03-8B48-576566D9EB0E}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{944C7E56-CD3A-4529-9F47-E56DD16711C3}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{F77EB284-377B-4320-9818-4C40FAD133A6}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{46D98D2B-4A66-4544-BB38-DB0E4FCEB86B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{D5E943A3-4A55-40C5-9A48-0047AFFAAC89}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{E75DF3F8-FADF-4660-9A78-F934809EAC12}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{6535EA71-42F8-415B-987A-0DF84F8754FF}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{E3C19609-967B-4D90-ACAF-DC4BE5BD9369}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{E1E0DBE9-77DC-489F-B5A6-F85183FCA402}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{7A0C14FC-1305-41BC-B5EF-A431C16AF19D}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{A782FABD-079B-4A74-8E60-EDA87336BDF2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{C91FCFB3-087D-48FF-90C7-9B55A18C7A97}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{03F22F3A-C91B-4E75-B325-C0A4DBE1E174}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{D665488B-EBFB-4A35-996C-4E1160FDB93A}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{3B7C8279-D99D-4E1F-80CD-1824008F8ACF}] => LPort=1900 FirewallRules: [{53B52E56-D397-4C05-88EF-CCAE1AE63643}] => LPort=2869 FirewallRules: [{AF0D52D7-6AAE-447C-A3A6-E41FACB7381A}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{DFD7E7A2-B708-496E-9D86-F7CDBF438B9A}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{DA5A5D75-D938-4A04-99E8-21CB5247BFB4}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{C9D9E761-EBB1-416E-9669-2E607DEA7DE5}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{D0085E91-5B44-45E4-861B-1543975156E9}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{5E16F775-92FB-46B4-9870-8D63E5655937}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{86879568-8B09-4BDA-BA98-06C955D564FE}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{D2C704D8-F71D-4129-BF28-3ABFEE82A4F9}] => C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{549735BC-F0C7-4594-BB84-CA86D2BFF562}] => C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{3CF5FC88-A39D-4F23-8415-C65CEDFB626F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{945A8407-F877-4D34-BFB1-98146404BA53}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{96397100-2473-47EE-9587-298A64C74CF8}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 15-01-2017 23:40:48 W-10 working good 21-01-2017 18:28:45 Restore Operation 26-01-2017 11:40:08 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/02/2017 05:49:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHNSON-HP) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (02/02/2017 05:13:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOHNSON-HP) Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (02/02/2017 11:08:17 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2aec Start Time: 01d27d76ab733f3d Termination Time: 15 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 2d929a74-e96a-11e6-9fde-3860779ec705 Faulting package full name: Faulting package-relative application ID: Error: (02/01/2017 01:02:51 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (01/29/2017 03:18:57 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (01/29/2017 03:18:57 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (01/29/2017 03:12:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290 Faulting module name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290 Exception code: 0xc0000417 Fault offset: 0x0001280a Faulting process id: 0x554 Faulting application start time: 0x01d27a747104934a Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Report Id: 9ccf4a3f-f151-4dc0-b1bd-2f4dd2b8ea08 Faulting package full name: Faulting package-relative application ID: Error: (01/28/2017 02:45:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290 Faulting module name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290 Exception code: 0xc0000417 Fault offset: 0x0001280a Faulting process id: 0x564 Faulting application start time: 0x01d279a77d174219 Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Report Id: 835da7d8-1473-4bb4-9cfa-f7e780c66dda Faulting package full name: Faulting package-relative application ID: Error: (01/28/2017 01:39:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290 Faulting module name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290 Exception code: 0xc0000417 Fault offset: 0x0001280a Faulting process id: 0x534 Faulting application start time: 0x01d2799e40b27a92 Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Report Id: 28b7e621-c935-4683-9a0f-37bf8c157b94 Faulting package full name: Faulting package-relative application ID: Error: (01/28/2017 12:42:23 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. System errors: ============= Error: (02/02/2017 05:49:14 PM) (Source: DCOM) (EventID: 10010) (User: JOHNSON-HP) Description: The server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout. Error: (02/02/2017 01:01:19 PM) (Source: DCOM) (EventID: 10016) (User: JOHNSON-HP) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user johnson-HP\johnson SID (S-1-5-21-1299748725-2840673240-3181589748-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool. Error: (02/02/2017 10:05:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/02/2017 12:16:47 AM) (Source: DCOM) (EventID: 10010) (User: JOHNSON-HP) Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error: (02/01/2017 05:18:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/01/2017 01:49:35 PM) (Source: DCOM) (EventID: 10010) (User: JOHNSON-HP) Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error: (02/01/2017 01:03:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/29/2017 11:09:42 PM) (Source: DCOM) (EventID: 10010) (User: JOHNSON-HP) Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error: (01/29/2017 03:32:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/29/2017 03:31:08 PM) (Source: DCOM) (EventID: 10016) (User: johnson-HP) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user johnson-HP\norman SID (S-1-5-21-1299748725-2840673240-3181589748-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-01-23 13:02:38.027 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-23 13:02:38.024 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-23 13:02:38.020 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-23 13:02:38.011 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-23 13:02:37.992 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-23 13:02:37.771 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-23 13:02:37.768 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-23 13:02:37.764 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-23 13:02:37.751 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-23 13:02:37.729 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i3-2120 CPU @ 3.30GHz Percentage of memory in use: 61% Total physical RAM: 4002.51 MB Available physical RAM: 1548.29 MB Total Virtual: 8098.51 MB Available Virtual: 4811.26 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:919.45 GB) (Free:870.62 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:11.52 GB) (Free:1.4 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3D85BFBF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=919.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Quote
ExTS Admin Starbuck Posted February 5, 2017 ExTS Admin Posted February 5, 2017 Hi jacobi, I'm becoming confused here now. You seem to be concentrating on Chrome .... when It's not your default browser: Internet Explorer Version 11 (Default browser: Edge) or is Edge now the default because there's problems with Chrome. I thought these processes looked odd.... (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\johnson\AppData\Local\Google\Chrome SxS\Application\chrome.exe These are not from the normal Google Chrome. These are from Chrome Canary. This is a normal Chrome process: (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe So why have both installed: Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\...\Google Chrome SxS) (Version: 58.0.3000.0 - Google Inc.) You do realise that Canary is a nightly build...... meaning that it's updated every night. Google Chrome Canary is the nightly build of the browser, which means that just like Windows 10, it's an early version of the application and could come with a number of bugs and issues too. Because of those processes showing... it means that Canary is running and not the normal Chrome. Step 1 Recommendation. Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.4.37 - PC Drivers HeadQuarters LP) <==== ATTENTION FRST has flagged this because these types of programs are not recommended. Reg cleaners/optimizers etc can cause more problems than they cure. I recommend that you uninstall this program. I really advise that you uninstall Google Chrome Canary Unless you are used to running and testing beta software I'd stay away from it. Step 2 Nothing serious showing in the reports.... just a little cleaning to do. Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. In your next reply, please submit: Fixlog.txt and confirm whether those programs were removed or not. If Chrome still doesn't open normally, we'll look into there being a restriction set in the registry. Thanks.fixlist.txt Quote Member of:UNITE
jacobi Posted February 6, 2017 Author Posted February 6, 2017 I have microsoft Edge for my default browser but that also quit working just like google chrome did .But it's working again now. When google chrome quit working I downloaded chrome canary and it worked ok. On my google chrome icon on my desktop a smaller version of malwarebyts icon is impressed on the google chrome desktop icon. How does that happen? When I get time I'll try that fix. That small malwarebytes icon is also on the Fist64.exe. Quote
jacobi Posted February 6, 2017 Author Posted February 6, 2017 When I click on fix I get this.Not sure what to do. No fixlist found The fixlist.txt should be in the same folder/directory the tool is located Quote
ExTS Admin Starbuck Posted February 6, 2017 ExTS Admin Posted February 6, 2017 (edited) The fixlist.txt should be in the same folder/directory the tool is located Yes, that is very true. Take a look at the 'Header' information: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017 Ran by johnson (administrator) on JOHNSON-HP (02-02-2017 18:09:20) Running from C:\Users\johnson\Desktop Loaded Profiles: johnson (Available Profiles: johnson & norman) So as long as the fixlist is saved to C:\Users\johnson\Desktop and you use the johnson profile, the fix will work. For example.... when both are on the Desktop: http://i.imgur.com/ohqQ6Xi.png The fixlist attachment in my previous post is showing 0 views.... did you download it correctly? On my google chrome icon on my desktop a smaller version of malwarebyts icon is impressed on the google chrome desktop icon. How does that happen? When I get time I'll try that fix. That small malwarebytes icon is also on the Fist64.exe. Ok, uninstall MalwareBytes for now. Something odd going on there. Edited February 6, 2017 by Starbuck Quote Member of:UNITE
jacobi Posted February 6, 2017 Author Posted February 6, 2017 I only have first 64 on desktop icon where you show fixit on there to. when I r click on the icon I got on the desktop I get the fix to click on but I gort the message Don't have a fixlog I took out megabytes and still same thing Quote
ExTS Admin Starbuck Posted February 6, 2017 ExTS Admin Posted February 6, 2017 Hi jacobi I took out megabytes and still same thing I've been thinking about this. Is this the icon you see: http://i.imgur.com/6JNo13o.png If so, this is nothing to do with MalwareBytes. That yellow/blue shield just tells you that the program needs to be run with Admin privileges. It's just a part of Win10..... nothing to worry about at all. I only have first 64 on desktop icon where you show fixit on there to. when I r click on the icon I got on the desktop I get the fix to click on but I gort the message Don't have a fixlog Ok, let's run through this in an easy way. Go back to post#19 Scroll to the bottom of the post. click on the fixlist. In the window that appears, change the option to Save File. Then click OK. http://i.imgur.com/XFDiRd7.png If by any chance the fixlist isn't downloaded to your Desktop ..... it'll be in the Download folder. But if FRST downloaded to the Desktop, then the fixlist should as well. If it is in the Download folder, it'll need to be moved to the Desktop. Go to the Download folder. Right click on the fixlist.txt ..... keep holding the right click down and drag the file to the Desktop. (anywhere on the Desktop is fine) http://i.imgur.com/ItebUD6.png Now when you release the right click another menu will appear.... click Move Here. http://i.imgur.com/hALngmF.png The fixlist.txt will now be on the Desktop. Once you have FRST and the fixlist.txt on the Desktop. Click on FRST to start it. When it opens just click on the Fix button. http://i.imgur.com/8KsuIJN.png Quote Member of:UNITE
jacobi Posted February 7, 2017 Author Posted February 7, 2017 CloseProcesses: HKLM-x32\...\Run: [] => [X] ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Toolbar: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File CHR Extension: (Website Logon) - C:\Users\johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlagl aciobe [2016-11-06] U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath 2017-01-29 10:22 - 2017-01-29 10:22 - 0006144 _____ () C:\Users\johnson\AppData\Local\Temp\-j61psnc.dll 2017-01-26 10:01 - 2017-01-26 10:02 - 6187064 _____ (PC Drivers HeadQuarters LP) C:\Users\johnson\AppData\Local\Temp\DriverSupport. exe 2017-02-02 10:06 - 2017-02-02 10:06 - 0094208 _____ () C:\Users\johnson\AppData\Local\Temp\fjy9bice.dll 2017-02-02 10:06 - 2017-02-02 10:06 - 0006144 _____ () C:\Users\johnson\AppData\Local\Temp\iid-exne.dll 2017-01-28 10:13 - 2017-01-28 10:13 - 0010752 _____ () C:\Users\johnson\AppData\Local\Temp\vim9tu59.dll CustomCLSID: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\johnson\AppData\Local\Google\Update\1.3.3 1.5\psuser_64.dll => No File Task: {7C08363C-3BE1-497D-8E46-535B389248BE} - \DriverUpdate Plus Autostart -> No File <==== ATTENTION Task: {CCE5B268-A298-41E1-BA53-F4D66D7502F0} - \DriverAssist.AutoScheduledFirstWeek -> No File <==== ATTENTION Task: {F69D18AD-122F-4E94-A268-6B205067FE5F} - \DriverUpdate Startup.job -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125] IE trusted site: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\...\driversupport.com -> hxxp://apps.driversupport.com IE trusted site: HKU\S-1-5-21-1299748725-2840673240-3181589748-1001\...\driversupport.com -> hxxps://apps.driversupport.com CMD: ipconfig /flushdns Hosts: EmptyTemp: Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.