Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Got a virus infection that crowded my computer screen

Started by lopez66 , Jan 21 2016 11:49 AM

  • Please log in to reply

#1
lopez66
Posted 21 January 2016 - 11:49 AM

lopez66

    Member

  • Member
  • PipPip
  • 48 posts

I was downloading a wifi password crack and got a lot of programs and pop ups all over my computer. Microsoft windows essential popped out and some blue screens with it, but icould not see it without bringing my pointer to the task bar. I called the number displayed on the MWE, and talked to someone. some how the connection was lost and when he called me back, the phone was a restricted number. He walk me through some steps so that I could get my computer to start on safe mode, but then i needed to leave the place where i was able to connect to internet. he was ale to do some checks a told me he was seeing a code red virus. I called microsoft, bet they wouldn't help without paying. I did uninstalled some programs i saw in the computer that were downloaded yesterday, but some did not wanted to be uninstalled. FiPCOptimizer and Zap Care pro gave an error saying that windows unistaller could not be found, Browser Air icon was showing after uninstall, but disappeared after, Geek dady, search module, windo weather, sunnyday were uninstalled and Sound+ send me to the internet, but I was not connected and after I closed the browser it disappeared from the programs list. i still did not know how to proceed to get my laptop cleaned, but luckily I found you guys. I started as requested and found the following.

 

I run the Farbar tool as requested on the post and I can see the two text files on my computer screen. your help would be greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by Ron Lopez (administrator) on RONLOPEZ-PC (21-01-2016 12:32:14)
Running from C:\Users\Ron Lopez\Desktop
Loaded Profiles: Ron Lopez (Available Profiles: Ron Lopez)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [dldfmon.exe] => C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe [455336 2009-04-27] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe [410280 2009-04-27] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [Dell AIO Printer 948] => C:\Program Files (x86)\Dell AIO Printer 948\fm3032.exe [311976 2009-04-27] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sun9] => [X]
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\Sound+\idscservice.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [Google Update] => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc.)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [BingSvc] => C:\Users\Ron Lopez\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [Windv] => C:\ProgramData\DataFile\Windv.exe [283648 2016-01-20] ()
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\RunOnce: [Uninstall C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FixPCOptimizer.exe.lnk [2016-01-20]
ShortcutTarget: FixPCOptimizer.exe.lnk -> C:\Windows\Installer\{A12BC961-A17E-4400-89E3-7939E082D827}\NewShortcut1_96BFA420FFA5411D9D742048D45EC0E2.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.1.70 65.32.1.65
Tcpip\..\Interfaces\{5b419b50-bd46-404a-9921-a6a648aa8844}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{77af3215-f3c5-41a2-ac84-b2c49f325010}: [DhcpNameServer] 65.32.1.70 65.32.1.65
Tcpip\..\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff}: [NameServer] 82.163.143.165,82.163.142.167
Tcpip\..\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff}: [DhcpNameServer] 65.32.1.70 65.32.1.65

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-714211835-398583104-3702693888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,&vp=ch&prd=set_ie
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-714211835-398583104-3702693888-1000 -> {C880509E-753B-4A7C-9E2C-3F88E996D58B} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-08] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
FF DefaultSearchEngine: Search Module
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Ron Lopez\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ron Lopez\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF SearchPlugin: C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\searchplugins\smod.xml [2016-01-20]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\extensions\[email protected] [2015-12-01]
FF Extension: Ghostery - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\[email protected] [2016-01-01]
FF Extension: Self-Destructing Cookies - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\[email protected] [2015-12-11]
FF Extension: Adblock Plus - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5 [2016-01-20] [not signed]
FF HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TV) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-01-29]
CHR Extension: (YouTube) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-22]
CHR Extension: (Bing) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2016-01-20]
CHR Extension: (Do Not Track) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdcpbflcbeillmamogkpmdhnbeggfja [2013-03-31]
CHR Extension: (Google Search) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Google Docs Offline) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (Do Not Track) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgaaifcfojgbncceneicipolopapchl [2013-03-31]
CHR Extension: (Search Module Plus v2) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2016-01-20]
CHR Extension: (KIDO'Z TV) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokdeafnhahffanabnbjjjjmoechjklc [2014-01-29]
CHR Extension: (Gmail) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-08]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S4 dldfCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dldfserv.exe [33416 2007-06-26] ()
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-12-10] (Windows ® Win 7 DDK provider)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-29] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-16] (Malwarebytes)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-31] (Toshiba Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-21 12:32 - 2016-01-21 12:32 - 00022890 _____ C:\Users\Ron Lopez\Desktop\FRST.txt
2016-01-21 12:31 - 2016-01-21 12:32 - 00000000 ____D C:\FRST
2016-01-21 12:30 - 2016-01-21 10:38 - 02370560 _____ (Farbar) C:\Users\Ron Lopez\Desktop\FRST64.exe
2016-01-21 11:17 - 2016-01-21 11:17 - 00000000 ____D C:\Program Files (x86)\ExploreTech
2016-01-20 17:29 - 2016-01-20 17:29 - 00000101 _____ C:\Users\Ron Lopez\Desktop\MS.txt
2016-01-20 17:05 - 2016-01-20 17:30 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-01-20 17:05 - 2016-01-20 17:05 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Citrix
2016-01-20 16:49 - 2016-01-21 12:31 - 00165782 _____ C:\WINDOWS\ntbtlog.txt
2016-01-20 15:48 - 2016-01-20 15:48 - 00000036 _____ C:\Users\Ron Lopez\AppData\Local\housecall.guid.cache
2016-01-20 15:48 - 2016-01-20 15:48 - 00000000 ___HD C:\OneDriveTemp
2016-01-20 15:48 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-01-20 15:41 - 2016-01-21 10:57 - 00000000 ____D C:\Program Files\COMODO
2016-01-20 15:41 - 2016-01-20 15:42 - 00000000 ____D C:\ProgramData\COMODO
2016-01-20 15:41 - 2016-01-20 15:41 - 00003534 _____ C:\WINDOWS\System32\Tasks\ZapCarePro_Popup
2016-01-20 15:41 - 2016-01-20 15:41 - 00003312 _____ C:\WINDOWS\System32\Tasks\ZapCarePro_Start
2016-01-20 15:40 - 2016-01-20 16:41 - 00000000 ____D C:\Users\Ron Lopez\Documents\ZapCarePro
2016-01-20 15:40 - 2016-01-20 15:40 - 00001055 _____ C:\Users\Public\Desktop\Zap Care Pro.lnk
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Arieana LLC
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Arieana_LLC
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zap Care Pro
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\Program Files (x86)\Zap Care Pro
2016-01-20 15:39 - 2016-01-20 16:44 - 00000490 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000.job
2016-01-20 15:39 - 2016-01-20 15:49 - 00000000 ____D C:\ProgramData\DataFile
2016-01-20 15:39 - 2016-01-20 15:39 - 00003730 _____ C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000
2016-01-20 15:39 - 2016-01-20 15:39 - 00003612 _____ C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000
2016-01-20 15:39 - 2016-01-20 15:39 - 00002631 _____ C:\Users\Public\Desktop\FixPCOptimizer.exe.lnk
2016-01-20 15:39 - 2016-01-20 15:39 - 00000524 _____ C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000.job
2016-01-20 15:39 - 2016-01-20 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wix pc optimizer
2016-01-20 15:39 - 2016-01-20 15:39 - 00000000 ____D C:\Program Files (x86)\WinPCOptimizer
2016-01-20 15:39 - 2016-01-20 15:39 - 00000000 ____D C:\Program Files (x86)\execnowait
2016-01-20 15:38 - 2016-01-21 10:55 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2016-01-20 15:38 - 2016-01-20 16:36 - 00002622 _____ C:\Users\Ron Lopez\Desktop\BrowserAir.lnk
2016-01-20 15:38 - 2016-01-20 15:38 - 00003970 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2016-01-20 15:38 - 2016-01-20 15:38 - 00003738 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2016-01-20 15:38 - 2016-01-20 15:38 - 00003666 _____ C:\WINDOWS\System32\Tasks\IBUpd
2016-01-20 15:38 - 2016-01-20 15:38 - 00003412 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2016-01-20 15:38 - 2016-01-20 15:38 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2016-01-20 15:37 - 2016-01-21 10:54 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\BrowserAir
2016-01-20 15:37 - 2016-01-20 16:35 - 00023208 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2016-01-20 15:37 - 2016-01-20 15:38 - 00002155 _____ C:\Users\Ron Lopez\Desktop\Hotmail.lnk
2016-01-20 15:37 - 2016-01-20 15:37 - 00003522 _____ C:\WINDOWS\System32\Tasks\RSPro
2016-01-20 15:36 - 2016-01-21 11:52 - 00000000 ____D C:\Program Files\Sound+
2016-01-20 15:36 - 2016-01-20 15:36 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-01-20 15:36 - 2016-01-20 15:36 - 00026420 _____ C:\WINDOWS\System32\Tasks\DNSLAFAYETTE
2016-01-20 15:36 - 2016-01-20 15:36 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2016-01-20 15:35 - 2016-01-20 16:36 - 00001661 _____ C:\Users\Ron Lopez\Desktop\Continue installation .lnk
2016-01-20 15:33 - 2016-01-20 15:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\WinRAR
2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-20 15:31 - 2016-01-20 15:32 - 00000000 ____D C:\Program Files\WinRAR
2016-01-20 05:35 - 2016-01-20 15:30 - 00000000 ___RD C:\Users\Ron Lopez\Downloads\DeviceDoctor.RAROpener_mkdtfchztkfbm!App
2016-01-20 05:22 - 2016-01-20 05:22 - 01076068 _____ C:\Users\Ron Lopez\Downloads\Wifi Password Hacker v5 Download Full version For pc__13150_i1827824625_il6253.rar
2016-01-16 20:21 - 2016-01-16 20:21 - 00115424 ____T C:\Users\Ron Lopez\Desktop\House rental search expenses visa.pdf
2016-01-13 23:13 - 2016-01-13 23:15 - 00034304 _____ C:\Users\Ron Lopez\Desktop\CEM-S Expense report Template.xls
2016-01-13 21:16 - 2016-01-13 21:16 - 08416278 _____ C:\Users\Ron Lopez\Desktop\R. Lopez lease 1.13.160001.pdf
2016-01-13 09:57 - 2016-01-13 09:58 - 00000000 ____D C:\Users\Ron Lopez\Documents\Safety At Work Videos
2016-01-12 15:00 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-12 15:00 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-12 14:59 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 14:59 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 14:59 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 14:59 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 14:59 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 14:59 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 14:59 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 14:59 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 14:59 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 14:59 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 14:59 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 14:59 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 14:59 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 14:59 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 14:59 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 14:59 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-12 14:59 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 14:59 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 14:59 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 14:59 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 14:59 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 14:59 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 14:59 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 14:59 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 14:59 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 14:59 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 14:59 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 14:59 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 14:59 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 14:59 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 14:59 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 14:59 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 14:59 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 14:59 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 14:59 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 14:59 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-12 14:59 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 14:59 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 14:59 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 14:59 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 14:59 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 14:59 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 14:59 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 14:59 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 14:59 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 14:59 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 14:59 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 09:17 - 2016-01-12 09:18 - 00000000 ____D C:\Users\Ron Lopez\Documents\CEM Solutions Trainning info
2016-01-11 14:34 - 2016-01-11 14:34 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-11 12:48 - 2016-01-11 12:48 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\WinBatch
2016-01-11 12:25 - 2016-01-11 12:25 - 00280316 _____ C:\WINDOWS\Minidump\011116-38187-01.dmp
2016-01-10 13:57 - 2016-01-10 13:57 - 00653083 _____ C:\Users\Ron Lopez\Downloads\i-130.pdf
2016-01-10 10:37 - 2016-01-10 16:15 - 00000000 ____D C:\Users\Ron Lopez\Downloads\US Travel History 2012 to 2016
2016-01-09 14:35 - 2016-01-09 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-09 10:16 - 2016-01-09 10:17 - 00000000 ____D C:\Users\Ron Lopez\Documents\Casio Pathfinder
2016-01-09 10:15 - 2016-01-09 10:15 - 00048017 _____ C:\Users\Ron Lopez\Desktop\Honda US EPA & DOT Complience Letter.pdf
2015-12-23 22:20 - 2016-01-11 12:25 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-23 22:20 - 2015-12-23 22:22 - 00280308 _____ C:\WINDOWS\Minidump\122315-21812-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-21 12:31 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-21 12:30 - 2015-12-10 01:52 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-21 12:30 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-21 10:56 - 2013-07-10 22:26 - 00001970 _____ C:\WINDOWS\wininit.ini
2016-01-20 17:00 - 2012-12-02 23:15 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\ElevatedDiagnostics
2016-01-20 16:49 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-20 16:44 - 2015-12-10 02:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-20 16:43 - 2015-07-31 22:58 - 00000000 ___RD C:\Users\Ron Lopez\OneDrive
2016-01-20 16:42 - 2015-11-29 21:05 - 00000450 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2016-01-20 16:37 - 2012-09-27 19:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-20 16:36 - 2015-11-29 21:05 - 00002264 _____ C:\Users\Ron Lopez\Desktop\HP Photo Creations.lnk
2016-01-20 16:35 - 2012-09-08 21:38 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-20 15:58 - 2012-10-26 22:55 - 00000000 ____D C:\ProgramData\TEMP
2016-01-20 15:50 - 2012-09-08 21:38 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-20 15:47 - 2015-07-31 22:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-20 15:38 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\DMCache
2016-01-20 15:36 - 2013-03-31 23:52 - 00001356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-20 15:33 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-20 15:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-20 15:33 - 2015-07-31 22:54 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Packages
2016-01-20 15:12 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Compressed
2016-01-20 14:46 - 2015-11-29 21:07 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC034D0D-4F01-48CB-BB42-1B359780544B}
2016-01-20 05:24 - 2015-11-29 01:24 - 00000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRon Lopez.job
2016-01-20 05:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-19 22:38 - 2012-09-12 12:19 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\vlc
2016-01-18 22:31 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Video
2016-01-14 21:22 - 2012-09-08 22:12 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Skype
2016-01-13 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-13 12:26 - 2015-02-03 21:07 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job
2016-01-13 10:47 - 2015-11-07 21:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 10:47 - 2014-12-23 20:07 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 10:43 - 2011-04-25 14:54 - 00000000 ____D C:\Users\Ron Lopez\Documents\2011 Mortgage Renewal Forms
2016-01-13 10:41 - 2012-11-19 01:11 - 00000000 ___RD C:\Users\Ron Lopez\Documents\Documents (3)
2016-01-13 10:41 - 2012-11-19 01:08 - 00000000 ___RD C:\Users\Ron Lopez\Documents\My Documents1
2016-01-13 10:19 - 2015-05-24 16:53 - 00000000 ____D C:\Users\Ron Lopez\Documents\Cell Phone info
2016-01-13 09:47 - 2013-11-02 18:29 - 00000000 ____D C:\Users\Ron Lopez\Documents\2013 Callsellect
2016-01-12 16:48 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-12 16:47 - 2013-08-17 07:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 16:42 - 2012-09-27 20:30 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-11 19:02 - 2015-09-06 16:24 - 00000000 ____D C:\Users\Ron Lopez\Documents\Bills 2015
2016-01-11 14:34 - 2015-12-10 01:53 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-11 12:49 - 2012-05-08 14:10 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-01-11 12:30 - 2015-12-10 01:53 - 00000000 ____D C:\Users\Ron Lopez
2016-01-11 12:24 - 2015-07-19 21:53 - 648511574 _____ C:\WINDOWS\MEMORY.DMP
2016-01-10 11:54 - 2013-03-31 23:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-10 09:38 - 2014-08-23 18:38 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Adobe
2016-01-10 09:37 - 2012-09-27 19:07 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-09 14:35 - 2015-03-08 17:35 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Skype
2016-01-09 14:35 - 2015-03-08 17:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-09 14:35 - 2012-05-08 14:40 - 00000000 ____D C:\ProgramData\Skype
2016-01-06 22:02 - 2015-11-24 20:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-01-20 15:48 - 2016-01-20 15:48 - 0000036 _____ () C:\Users\Ron Lopez\AppData\Local\housecall.guid.cache
2012-09-27 19:10 - 2015-12-15 13:23 - 0017287 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Ron Lopez\AppData\Local\Temp\brastub_amobl_inst.exe
C:\Users\Ron Lopez\AppData\Local\Temp\FreeYouTubeDownloader.exe
C:\Users\Ron Lopez\AppData\Local\Temp\hib9C5B.exe
C:\Users\Ron Lopez\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ron Lopez\AppData\Local\Temp\UK3YBBS8O4.exe
C:\Users\Ron Lopez\AppData\Local\Temp\Uninstall.exe
C:\Users\Ron Lopez\AppData\Local\Temp\Wifi Password Hacker v5 Download Full version For pc__13150_i1827824625_il6253.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-12 09:01

==================== End of FRST.txt ============================


Edited by lopez66, 21 January 2016 - 12:11 PM.

  • 0

Advertisements

#2
RKinner
Posted 21 January 2016 - 11:56 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Copy and paste your FRST.txt and Addition.txt files into separate replies.  That's easier than trying to attach them  plus it makes them easier to work with.


  • 0

#3
lopez66
Posted 22 January 2016 - 08:14 AM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Copy and paste your FRST.txt and Addition.txt files into separate replies.  That's easier than trying to attach them  plus it makes them easier to work with.

Thanks for your response RKinner. The first FRST text file is on my first request, I didn't added the additional text, the additional text file info is on this replay. Thanks again.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Ron Lopez (2016-01-21 12:33:07)
Running from C:\Users\Ron Lopez\Desktop
Windows 10 Home (X64) (2015-12-10 07:22:36)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-714211835-398583104-3702693888-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-714211835-398583104-3702693888-503 - Limited - Disabled)
Guest (S-1-5-21-714211835-398583104-3702693888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-714211835-398583104-3702693888-1004 - Limited - Enabled)
Ron Lopez (S-1-5-21-714211835-398583104-3702693888-1000 - Administrator - Enabled) => C:\Users\Ron Lopez

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
A1Click Ultra PC Cleaner 1.01 (Registered Version) (HKLM-x32\...\A1Click Ultra PC Cleaner (Registered Version)_is1) (Version:  - Super Win Software, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
BabylonObjectInstaller (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C309a (x32 Version: 140.0.846.000 - Hewlett-Packard) Hidden
ChromecastApp (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell AIO Printer 948 (HKLM\...\Dell AIO Printer 948) (Version:  - Dell, Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )
FixPCOptimizer (HKLM-x32\...\{A12BC961-A17E-4400-89E3-7939E082D827}) (Version: 1.00.1000 - Fix PC Optimizer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\HP Photo Creations) (Version: 1.0.0.19522 - HP)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{F089B734-1356-484F-A7B8-1B78F1616A15}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.855.000 - Hewlett-Packard) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
Your Uninstaller! 2008 Version 6.0 (HKLM-x32\...\Your Uninstaller! 2008_is1) (Version: 6.0 - URSoft, Inc.)
Zap Care Pro (HKLM-x32\...\{F96D3483-1580-480A-A04B-C659D7F180EF}) (Version: 2.9.5 - Arieana LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02C2860B-0E0F-4229-B5AF-C7EC0F7C25F9} - System32\Tasks\IBUpd2 => C:\Users\Ron
Task: {082D8856-33F2-4943-AC63-0576E60DD020} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {117EE88D-2B9C-4FCD-B789-59FC2B7C9330} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {188A0DB7-2998-4E66-824C-DE7EF52064CD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {188CFCC5-9913-4ADA-B558-60BA708A0E6F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {18BE8D1D-5327-4F91-B16B-271D354CA5D5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {1C91856B-30AB-4F1D-B55D-B31CD295D4A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {20EF7BF6-0A02-4B31-975E-2886F3FAC175} - System32\Tasks\DNSLAFAYETTE => C:\Program Files (x86)\DNS Unlocker\dnslafayette.exe [2016-01-18] ()
Task: {231D17C6-27AD-4698-AA75-F3ED98748F6A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {289164AB-EB0B-41F5-B06D-3684ACC50F20} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-10] (Adobe Systems Incorporated)
Task: {315505BA-559A-4F44-A379-BD65E27BEB5D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {33EDEEEE-7972-4B2E-9BBF-FBF639AC368C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {38295757-5846-423E-BB17-4B2232DAFBB0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3F3876F3-66AC-45AD-9312-F622FFADC767} - System32\Tasks\{35B5F52C-26ED-4E2C-8E60-F7C411993AC9} => pcalua.exe -a "C:\Users\Ron Lopez\Downloads\Programs\windirstat1_1_2_setup.exe" -d "C:\Users\Ron Lopez\Downloads\Programs"
Task: {49E12424-0118-49A5-BD08-CDD9F000632F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {513FC424-F0F2-41E6-93FA-416B81535F0B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {566E726A-00C5-455C-BFDF-06B9FA28D3C0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5840F276-4A45-467F-87DD-AD8E17527868} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {592AF5CA-085A-46CB-A2C6-971A5151740D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5F582E55-4F89-489F-A0FF-CC5E8B53A356} - System32\Tasks\IBUpd => C:\Users\Ron
Task: {6000AA56-F0B7-4813-AC3E-7C49CC66162F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6016E8DB-1A52-4466-99C8-D05102442BF9} - System32\Tasks\ZapCarePro_Start => C:\Program Files (x86)\Zap Care Pro\ZapCarePro.exe [2015-06-15] (Arieana LLC)
Task: {60509D4F-B370-4131-AB56-09CE3B3C5509} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {66507A0E-CDC5-48E8-B263-094513B66582} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6733E2DB-6224-40AF-A331-47CE23E95C2C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {6CDC4299-555F-4F68-8E0B-FD255842455C} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe [2015-11-29] ()
Task: {7621C7D6-2CF9-47E5-A1D4-E07A0CC9B352} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7655B98F-5E9C-4B58-9B70-A70EB1C6E589} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {7FDD35BD-5E1B-4DDF-8209-3470696EEED7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {877222ED-D868-4904-A6BB-8FD380167338} - System32\Tasks\ZapCarePro_Popup => C:\Program Files (x86)\Zap Care Pro\Splash.exe [2015-06-15] ()
Task: {8CEB5F28-F252-4DB8-A1CB-411CD363BE0C} - System32\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {9112876E-824C-47AC-930F-CBE603E967C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {97C485FB-209A-45C7-8C37-85A6A7D433D2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {9C8B0ED5-634C-48EB-A5B2-91AA71A2C53A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {9FDC9A1A-89D5-43F1-A497-800366FEF598} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A041F8B5-1969-4F30-A4F3-74BC2A6529C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A1BCBA8C-711A-42DD-899E-F33BCE63D3FC} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {A3702B25-4101-4BAB-93FD-A758C0F908DA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A38E6F35-8069-4627-9480-D24288F9FBBB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A84EBF53-3DF5-43A6-8B8A-6AF9AF6C6EAC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A9B114C4-935E-4B39-BD1E-11284CF8639A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {AA904EC8-6F58-4B50-8822-B260C6BE7DAE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B1EBF3A1-A27B-466C-8B89-5CF636D3119F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {BA149601-5DFA-4FD3-A6FD-9B4196342EB8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BDC9240A-0E39-4BE9-B926-51AD111C6188} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BEA39325-01D4-47EC-927A-A62EEAC31FFD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {C6B8C798-BDB7-48F5-A9E7-7C9862D936DA} - System32\Tasks\HPCeeScheduleForRon Lopez => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: {CC9CEDFA-E891-45B5-943F-67899450D800} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D6C6FEBE-0FF5-4EE6-80DA-0431285B9FF2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DD36F0F8-DD68-4383-8EE4-086E659CD678} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {E0EEC116-711C-40A0-9055-2780DA105F7A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E3282E60-F62B-46B1-B527-A762C80703FB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {E33B7302-9B6B-480D-ABD4-892445DA1069} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E70CCFBC-3BC6-487E-ADF7-F94BD3E2E7B5} - \ConfigFree Startup Programs -> No File <==== ATTENTION
Task: {EAE1F38D-68A2-446B-92EC-5D75E57A9803} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {EB6384A2-321E-42C3-A1D8-B5D836B783C4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F229D88A-08DB-4520-B0F9-344DD877ECDA} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {F2DCDA2B-CB0C-4097-8442-AF0C9494F112} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F5F236A6-4B42-4ECC-941C-916679B6538F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F6D800A3-F463-4050-B1D3-12814DA55482} - System32\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {FA805EBD-05FA-471E-A5D7-761BD9C2F881} - System32\Tasks\RSPro => C:\Users\Ron
Task: {FF458E8B-5E82-4E0D-944F-119B55235E1C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRon Lopez.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ron Lopez\Desktop\Hotmail.lnk -> C:\Users\Ron Lopez\AppData\Local\BrowserAir\Application\BrowserAir.exe (Goobzo) -> hxxp://live.com
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,"
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 02:35 - 2015-12-10 02:35 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-10 02:35 - 2015-12-10 02:35 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-08 19:30 - 2016-01-08 19:30 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 19:17 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 19:17 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 14:59 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 15:00 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-12 14:59 - 2016-01-04 20:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-12 14:59 - 2016-01-04 20:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-08 19:30 - 2016-01-08 19:30 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-08 19:30 - 2016-01-08 19:30 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5ccaa-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5ccab-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d112-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d113-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d2dd-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d2de-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d3f2-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d3f3-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d445-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d446-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d546-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d547-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d58d-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d58e-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-02 16:56 - 2015-05-03 14:23 - 00001468 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1                   skip
127.0.0.1                   onhax.net
127.0.0.1                   www.onhax.net
127.0.0.1                   forum.onhax.net
127.0.0.1                   https://forum.onhax.net
127.0.0.1                   labs.onhax.net
127.0.0.1                   do2dear.net
127.0.0.1                   p30world.com
127.0.0.1                   brarstuff.com
127.0.0.1                   rsload.net
127.0.0.1                   unicrack.com
127.0.0.1                   keyscity.net
127.0.0.1                   idm-crack-patch.blogspot.in
127.0.0.1                   parth8641.blogspot.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-714211835-398583104-3702693888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dldfCATSCustConnectService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{A2B08CE2-4B5E-4732-8110-39120F9EB519}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{267ECF6F-D4A5-4DA8-9BDF-ECFF29DC473E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{168E9FA8-3A69-4FBA-8021-F21C03279449}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D0D2F209-C094-45FA-8208-7BB9E1D97A33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{5CF38611-E7DE-4FCA-9EB0-D9B387DD324F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{4044ED16-0936-4E16-92E6-980E628964B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{664F206A-0242-4B92-BE4C-E09F5E6B19C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{3B0F062D-F234-4BAD-82FE-B7DEFDA923FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{016FF8A2-0AFE-4993-B947-FDB275E05379}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{B4D5A6F7-2DB9-4958-B5CB-EC68A7BD1747}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{9D4EEF51-589E-4E25-BF75-C2590A8B524B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{8FEBEE5D-2FC0-4EA9-90A6-D3FB8EB1275D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C6C3B690-6F32-4B60-A1C9-0F17E49E7A7B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{B2529BEF-E237-4DE7-BDAA-E5CAF121BC4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{6EE0D823-067A-4B63-A3F3-458D60D63105}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{96E12954-8804-4C72-B91D-041929778827}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{38EBBD24-8A79-43C4-BE48-288F8BBE247E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{9C6566EF-1B73-4493-9046-BA74047A9BEF}] => (Allow) C:\Users\Ron Lopez\AppData\Local\Temp\7zS0B8C\setup\hpznui40.exe
FirewallRules: [{BDB8CD46-ACB9-42FF-904C-569AE0A23B31}] => (Allow) C:\Users\Ron Lopez\AppData\Local\Temp\7zS70F6\HPDiagnosticCoreUI.exe
FirewallRules: [{E5DC79A0-C805-46B9-9540-850B466F482F}] => (Allow) C:\Users\Ron Lopez\AppData\Local\Temp\7zS70F6\HPDiagnosticCoreUI.exe
FirewallRules: [{A574BCF0-6CBD-4B96-AA83-4751A31F0ADA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31FA03FA-7878-44C1-9D9B-24CF61173063}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5504428-2C4A-46F6-9B95-5293C24967BB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2BDD3AEA-B1EB-4B26-BD27-418D80BD187D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E72577AB-FDAE-4238-84CF-619D9A443A17}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DB7B64F-ECAC-4B63-A286-9D0A6548A232}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01404980-DAEE-40E0-A6CB-706391A9FE46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5E6106CE-0498-4F85-B8A5-E2DD36AEC3F4}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{0C7A577A-0D86-4BB9-8B1E-66186175AE61}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{AE431B1C-0037-477A-AE97-6D46DA812D11}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{5916ED1F-D90C-4FE5-AC80-66313C52B522}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{6CB7D15F-37BC-4566-B677-71C7E26CBE5B}C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe] => (Block) C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe
FirewallRules: [UDP Query User{20ECB769-328B-4CD8-BC86-342120A4BD8A}C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe] => (Block) C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe
FirewallRules: [{03FED3EC-8073-4A1B-AC8F-DFF95D7C978D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AB878EC4-C257-4A3F-BFBE-D1DCF8F916D2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
FirewallRules: [{F8182B73-3FA9-4231-8927-5E53B96D28F2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
FirewallRules: [{0D757440-7EE9-42C0-95EC-45BC1FCE68B2}] => (Allow) C:\Windows\System32\dldfcoms.exe
FirewallRules: [{019FAEE0-E661-4B5D-A63A-536E355AC42D}] => (Allow) C:\Windows\System32\dldfcoms.exe
FirewallRules: [{3A638C66-6224-49D5-87AB-991B938A7FC6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
FirewallRules: [{894C119B-D914-4D9C-A524-A5FEBBFBBB37}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
FirewallRules: [{CF700503-C32C-4D57-97C6-46ED5C1538E8}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
FirewallRules: [{740CA2CA-A367-4BCD-88CD-26138453F415}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
FirewallRules: [{A05C5D85-F1FD-483D-A0A2-3D539C7C6225}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldfpswx.exe
FirewallRules: [{362E6EA6-00E3-4F52-A9DF-4D70DACD2D8B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldfpswx.exe
FirewallRules: [{F2D8E542-015B-45F5-B791-61431AFF8D56}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
FirewallRules: [{2C836EC4-B94A-4D12-BA3A-3A4D51D1CE51}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
FirewallRules: [{F97C6AAD-921D-4A0C-9F39-03ACA3C0DFCB}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
FirewallRules: [{57C6C3F3-4489-485B-8F85-B86E3F9444F6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
FirewallRules: [{D54FD245-205A-4B12-BEB3-B0127BEEF7E6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
FirewallRules: [{93CA90CC-C4DD-4318-A5B9-4BF5EB38E42B}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
FirewallRules: [TCP Query User{6582934D-40C8-48AA-B4DB-34711760F6D2}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
FirewallRules: [UDP Query User{C93CB074-4AA8-45C0-9789-0839172FAFB3}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
FirewallRules: [{8A3C10C9-C97A-4E49-9070-983D9567FF45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{648B9738-3263-47E0-B329-004EB8BD7AAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4804FBC5-4E22-4E74-9B0F-0156C94092F6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2AB3EBBA-ADFA-4C72-B1E7-6918402F59A4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3CACF432-173C-42CE-81C3-8314280BE9B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{5CD5ACC8-11A8-46E0-8490-F9664CA1F4F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{605A7806-16AD-47EF-9042-0ADEEA547903}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{CFD84ACD-140A-4E99-8F1F-AD7CE214AA2B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{05850765-4695-4EFF-9045-48F446333050}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{61B7E7B0-4090-4186-B118-DA3562EEE447}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{63F77B3D-9B85-4B35-AC77-EF25BC219C19}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{F7A2F823-B1EE-41DE-8CD6-C47DEDBCD226}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6DFEC436-FB5A-4896-BF7A-DCD15F4949CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5158E30A-F241-4A7D-B5B8-DED372D9D455}] => (Allow) C:\Users\Ron Lopez\AppData\Local\BrowserAir\Application\BrowserAir.exe

==================== Restore Points =========================

30-12-2015 18:39:37 Scheduled Checkpoint
06-01-2016 08:55:45 Windows Update
11-01-2016 12:23:35 Removed TOSHIBA eco Utility.

==================== Faulty Device Manager Devices =============

Name: HP LaserJet P2035n
Description: HP LaserJet P2035n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet 600 M601
Description: HP LaserJet 600 M601
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2016 09:24:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/21/2016 09:24:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/21/2016 08:41:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/21/2016 08:41:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/21/2016 08:41:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/21/2016 08:41:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/21/2016 08:41:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/21/2016 08:41:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/21/2016 08:40:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/21/2016 08:40:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/21/2016 12:33:49 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084EventSystemUnavailable{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/21/2016 12:33:14 PM) (Source: DCOM) (EventID: 10005) (User: RonLopez-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/21/2016 12:33:08 PM) (Source: DCOM) (EventID: 10005) (User: RonLopez-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/21/2016 12:33:08 PM) (Source: DCOM) (EventID: 10005) (User: RonLopez-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/21/2016 12:33:03 PM) (Source: DCOM) (EventID: 10005) (User: RonLopez-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/21/2016 12:33:03 PM) (Source: DCOM) (EventID: 10005) (User: RonLopez-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/21/2016 12:33:03 PM) (Source: DCOM) (EventID: 10005) (User: RonLopez-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/21/2016 12:32:15 PM) (Source: DCOM) (EventID: 10005) (User: RonLopez-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/21/2016 12:32:15 PM) (Source: DCOM) (EventID: 10005) (User: RonLopez-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/21/2016 12:32:15 PM) (Source: DCOM) (EventID: 10005) (User: RonLopez-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


CodeIntegrity:
===================================
  Date: 2016-01-21 05:16:41.093
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:41.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:41.071
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:29.245
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:29.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:29.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:29.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:23.541
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:23.479
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:23.416
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 19%
Total physical RAM: 6091.86 MB
Available physical RAM: 4908.19 MB
Total Virtual: 12235.86 MB
Available Virtual: 11280.87 MB

==================== Drives ================================

Drive c: (S3A4489D001) (Fixed) (Total:682.23 GB) (Free:531.7 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 57F24026)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=789 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13.4 GB) - (Type=17)

==================== End of Addition.txt ============================


  • 0

#4
RKinner
Posted 22 January 2016 - 09:05 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Uninstall any of these that will let you uninstall them:
 
A1Click Ultra PC Cleaner 1.01 
BabylonObjectInstaller
FixPCOptimizer 
Java™ 6 Update 20 
Skype Click to Call
Zap Care Pro (HKLM-x32
 
 

Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that.  (Multiple Replies are probably easier so Reply each time you get a log rather than waiting until you have all of them)
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
Download aswMBR.exe 
to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
 
 
 
 
 
 Run FRST again, check the Addition.txt box and then Scan.  You will get two logs.  Post them both.

  • 0

#5
lopez66
Posted 22 January 2016 - 10:36 AM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

 

Uninstall any of these that will let you uninstall them:
 
A1Click Ultra PC Cleaner 1.01 
BabylonObjectInstaller
FixPCOptimizer 
Java™ 6 Update 20 
Skype Click to Call
Zap Care Pro (HKLM-x32
 
 

Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that.  (Multiple Replies are probably easier so Reply each time you get a log rather than waiting until you have all of them)
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
Download aswMBR.exe 
to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
 
 
 
 
 
 Run FRST again, check the Addition.txt box and then Scan.  You will get two logs.  Post them both.

 

This is the log I got after running the FRST fix. I will run the ADW cleaner now and add the result on my next post.

 

By the way out of the programs yo asked me to uninstall, only the A1Click Ultra PC Cleaner 1.01 was uninstalled, the other ones got a message saying that there was no uninstaller working.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Ron Lopez (2016-01-22 11:25:34) Run:1
Running from C:\Users\Ron Lopez\Desktop
Loaded Profiles: Ron Lopez (Available Profiles: Ron Lopez)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM-x32\...\Run: [sun9] => [X]
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\Sound+\idscservice.exe
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [Windv] => C:\ProgramData\DataFile\Windv.exe [283648 2016-01-20] ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FixPCOptimizer.exe.lnk [2016-01-20]
ShortcutTarget: FixPCOptimizer.exe.lnk -> C:\Windows\Installer\{A12BC961-A17E-4400-89E3-7939E082D827}\NewShortcut1_96BFA420FFA5411D9D742048D45EC0E2.exe (Flexera Software LLC)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,&vp=ch&prd=set_ie
SearchScopes: HKU\S-1-5-21-714211835-398583104-3702693888-1000 -> {C880509E-753B-4A7C-9E2C-3F88E996D58B} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-08] (Sun Microsystems, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
FF DefaultSearchEngine: Search Module
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5 [2016-01-20] [not signed]
FF HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Extension: (Search Module Plus v2) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2016-01-20]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
U3 idsvc; no ImagePath
2016-01-20 15:41 - 2016-01-20 15:41 - 00003534 _____ C:\WINDOWS\System32\Tasks\ZapCarePro_Popup
2016-01-20 15:41 - 2016-01-20 15:41 - 00003312 _____ C:\WINDOWS\System32\Tasks\ZapCarePro_Start
2016-01-20 15:40 - 2016-01-20 16:41 - 00000000 ____D C:\Users\Ron Lopez\Documents\ZapCarePro
2016-01-20 15:40 - 2016-01-20 15:40 - 00001055 _____ C:\Users\Public\Desktop\Zap Care Pro.lnk
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Arieana LLC
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Arieana_LLC
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zap Care Pro
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\Program Files (x86)\Zap Care Pro
2016-01-20 15:39 - 2016-01-20 16:44 - 00000490 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000.job
2016-01-20 15:39 - 2016-01-20 15:49 - 00000000 ____D C:\ProgramData\DataFile
2016-01-20 15:39 - 2016-01-20 15:39 - 00003730 _____ C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000
2016-01-20 15:39 - 2016-01-20 15:39 - 00003612 _____ C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000
2016-01-20 15:39 - 2016-01-20 15:39 - 00002631 _____ C:\Users\Public\Desktop\FixPCOptimizer.exe.lnk
2016-01-20 15:39 - 2016-01-20 15:39 - 00000524 _____ C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000.job
2016-01-20 15:39 - 2016-01-20 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wix pc optimizer
2016-01-20 15:39 - 2016-01-20 15:39 - 00000000 ____D C:\Program Files (x86)\WinPCOptimizer
2016-01-20 15:39 - 2016-01-20 15:39 - 00000000 ____D C:\Program Files (x86)\execnowait
2016-01-20 15:38 - 2016-01-21 10:55 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2016-01-20 15:38 - 2016-01-20 16:36 - 00002622 _____ C:\Users\Ron Lopez\Desktop\BrowserAir.lnk
2016-01-20 15:38 - 2016-01-20 15:38 - 00003970 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2016-01-20 15:38 - 2016-01-20 15:38 - 00003738 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2016-01-20 15:38 - 2016-01-20 15:38 - 00003666 _____ C:\WINDOWS\System32\Tasks\IBUpd
2016-01-20 15:38 - 2016-01-20 15:38 - 00003412 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2016-01-20 15:38 - 2016-01-20 15:38 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2016-01-20 15:37 - 2016-01-21 10:54 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\BrowserAir
2016-01-20 15:37 - 2016-01-20 16:35 - 00023208 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2016-01-20 15:37 - 2016-01-20 15:37 - 00003522 _____ C:\WINDOWS\System32\Tasks\RSPro
2016-01-20 15:36 - 2016-01-21 11:52 - 00000000 ____D C:\Program Files\Sound+
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {02C2860B-0E0F-4229-B5AF-C7EC0F7C25F9} - System32\Tasks\IBUpd2 => C:\Users\Ron
Task: {20EF7BF6-0A02-4B31-975E-2886F3FAC175} - System32\Tasks\DNSLAFAYETTE => C:\Program Files (x86)\DNS Unlocker\dnslafayette.exe [2016-01-18] ()
Task: {49E12424-0118-49A5-BD08-CDD9F000632F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5840F276-4A45-467F-87DD-AD8E17527868} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {5F582E55-4F89-489F-A0FF-CC5E8B53A356} - System32\Tasks\IBUpd => C:\Users\Ron
Task: {6000AA56-F0B7-4813-AC3E-7C49CC66162F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6016E8DB-1A52-4466-99C8-D05102442BF9} - System32\Tasks\ZapCarePro_Start => C:\Program Files (x86)\Zap Care Pro\ZapCarePro.exe [2015-06-15] (Arieana LLC)
Task: {7621C7D6-2CF9-47E5-A1D4-E07A0CC9B352} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7FDD35BD-5E1B-4DDF-8209-3470696EEED7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {877222ED-D868-4904-A6BB-8FD380167338} - System32\Tasks\ZapCarePro_Popup => C:\Program Files (x86)\Zap Care Pro\Splash.exe [2015-06-15] ()
Task: {8CEB5F28-F252-4DB8-A1CB-411CD363BE0C} - System32\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {A38E6F35-8069-4627-9480-D24288F9FBBB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A84EBF53-3DF5-43A6-8B8A-6AF9AF6C6EAC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AA904EC8-6F58-4B50-8822-B260C6BE7DAE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BA149601-5DFA-4FD3-A6FD-9B4196342EB8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BDC9240A-0E39-4BE9-B926-51AD111C6188} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D6C6FEBE-0FF5-4EE6-80DA-0431285B9FF2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E0EEC116-711C-40A0-9055-2780DA105F7A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E70CCFBC-3BC6-487E-ADF7-F94BD3E2E7B5} - \ConfigFree Startup Programs -> No File <==== ATTENTION
Task: {F229D88A-08DB-4520-B0F9-344DD877ECDA} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {F6D800A3-F463-4050-B1D3-12814DA55482} - System32\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {FA805EBD-05FA-471E-A5D7-761BD9C2F881} - System32\Tasks\RSPro => C:\Users\Ron
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\Ron Lopez\Desktop\Hotmail.lnk -> C:\Users\Ron Lopez\AppData\Local\BrowserAir\Application\BrowserAir.exe (Goobzo) -> hxxp://live.com
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,"
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5ccaa-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5ccab-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d112-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d113-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d2dd-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d2de-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d3f2-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d3f3-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d445-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d446-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d546-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d547-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d58d-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{38d5d58e-bf16-11e5-9bd7-e89a8f6fe884}
AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13
EmptyTemp:



*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sound+ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun9 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IDSCPRODUCT => value removed successfully
HKU\S-1-5-21-714211835-398583104-3702693888-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan => value removed successfully
HKU\S-1-5-21-714211835-398583104-3702693888-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windv => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IDM Shell Extension" => key removed successfully
"HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" => key removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FixPCOptimizer.exe.lnk => moved successfully
C:\Windows\Installer\{A12BC961-A17E-4400-89E3-7939E082D827}\NewShortcut1_96BFA420FFA5411D9D742048D45EC0E2.exe => moved successfully
HKU\S-1-5-21-714211835-398583104-3702693888-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C880509E-753B-4A7C-9E2C-3F88E996D58B}" => key removed successfully
HKCR\CLSID\{C880509E-753B-4A7C-9E2C-3F88E996D58B} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => key removed successfully
"HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox "homepage" removed successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => moved successfully
HKU\S-1-5-21-714211835-398583104-3702693888-1000\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5 => moved successfully
HKU\S-1-5-21-714211835-398583104-3702693888-1000\Software\Mozilla\SeaMonkey\Extensions\\[email protected] => value removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => moved successfully
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => moved successfully
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" => key removed successfully
C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx" => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx" => not found.
c2cautoupdatesvc => service removed successfully
c2cpnrsvc => service removed successfully
idsvc => service removed successfully
C:\WINDOWS\System32\Tasks\ZapCarePro_Popup => moved successfully
C:\WINDOWS\System32\Tasks\ZapCarePro_Start => moved successfully
C:\Users\Ron Lopez\Documents\ZapCarePro => moved successfully
C:\Users\Public\Desktop\Zap Care Pro.lnk => moved successfully
C:\Users\Ron Lopez\AppData\Roaming\Arieana LLC => moved successfully
C:\Users\Ron Lopez\AppData\Local\Arieana_LLC => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zap Care Pro => moved successfully
C:\Program Files (x86)\Zap Care Pro => moved successfully
C:\WINDOWS\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000.job => moved successfully
C:\ProgramData\DataFile => moved successfully
C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000 => moved successfully
C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000 => moved successfully
C:\Users\Public\Desktop\FixPCOptimizer.exe.lnk => moved successfully
C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000.job => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wix pc optimizer => moved successfully
C:\Program Files (x86)\WinPCOptimizer => moved successfully
C:\Program Files (x86)\execnowait => moved successfully
C:\Program Files (x86)\Consumer Input => moved successfully
C:\Users\Ron Lopez\Desktop\BrowserAir.lnk => moved successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore => moved successfully
C:\WINDOWS\System32\Tasks\IBUpd => moved successfully
C:\WINDOWS\System32\Tasks\IBUpd2 => moved successfully
C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir => moved successfully
C:\Users\Ron Lopez\AppData\Local\BrowserAir => moved successfully
C:\WINDOWS\system32\Drivers\sdfhgdf.sys => moved successfully
C:\WINDOWS\System32\Tasks\RSPro => moved successfully
C:\Program Files\Sound+ => moved successfully
"HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02C2860B-0E0F-4229-B5AF-C7EC0F7C25F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02C2860B-0E0F-4229-B5AF-C7EC0F7C25F9}" => key removed successfully
C:\WINDOWS\System32\Tasks\IBUpd2 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{20EF7BF6-0A02-4B31-975E-2886F3FAC175}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20EF7BF6-0A02-4B31-975E-2886F3FAC175}" => key removed successfully
C:\WINDOWS\System32\Tasks\DNSLAFAYETTE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSLAFAYETTE" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49E12424-0118-49A5-BD08-CDD9F000632F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49E12424-0118-49A5-BD08-CDD9F000632F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5840F276-4A45-467F-87DD-AD8E17527868}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5840F276-4A45-467F-87DD-AD8E17527868}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F582E55-4F89-489F-A0FF-CC5E8B53A356}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F582E55-4F89-489F-A0FF-CC5E8B53A356}" => key removed successfully
C:\WINDOWS\System32\Tasks\IBUpd => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6000AA56-F0B7-4813-AC3E-7C49CC66162F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6000AA56-F0B7-4813-AC3E-7C49CC66162F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6016E8DB-1A52-4466-99C8-D05102442BF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6016E8DB-1A52-4466-99C8-D05102442BF9}" => key removed successfully
C:\WINDOWS\System32\Tasks\ZapCarePro_Start => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZapCarePro_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7621C7D6-2CF9-47E5-A1D4-E07A0CC9B352}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7621C7D6-2CF9-47E5-A1D4-E07A0CC9B352}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FDD35BD-5E1B-4DDF-8209-3470696EEED7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FDD35BD-5E1B-4DDF-8209-3470696EEED7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{877222ED-D868-4904-A6BB-8FD380167338}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{877222ED-D868-4904-A6BB-8FD380167338}" => key removed successfully
C:\WINDOWS\System32\Tasks\ZapCarePro_Popup => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZapCarePro_Popup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CEB5F28-F252-4DB8-A1CB-411CD363BE0C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CEB5F28-F252-4DB8-A1CB-411CD363BE0C}" => key removed successfully
C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-714211835-398583104-3702693888-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A38E6F35-8069-4627-9480-D24288F9FBBB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A38E6F35-8069-4627-9480-D24288F9FBBB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A84EBF53-3DF5-43A6-8B8A-6AF9AF6C6EAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A84EBF53-3DF5-43A6-8B8A-6AF9AF6C6EAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA904EC8-6F58-4B50-8822-B260C6BE7DAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA904EC8-6F58-4B50-8822-B260C6BE7DAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA149601-5DFA-4FD3-A6FD-9B4196342EB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA149601-5DFA-4FD3-A6FD-9B4196342EB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDC9240A-0E39-4BE9-B926-51AD111C6188}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDC9240A-0E39-4BE9-B926-51AD111C6188}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6C6FEBE-0FF5-4EE6-80DA-0431285B9FF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6C6FEBE-0FF5-4EE6-80DA-0431285B9FF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0EEC116-711C-40A0-9055-2780DA105F7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0EEC116-711C-40A0-9055-2780DA105F7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E70CCFBC-3BC6-487E-ADF7-F94BD3E2E7B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E70CCFBC-3BC6-487E-ADF7-F94BD3E2E7B5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConfigFree Startup Programs => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F229D88A-08DB-4520-B0F9-344DD877ECDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F229D88A-08DB-4520-B0F9-344DD877ECDA}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6D800A3-F463-4050-B1D3-12814DA55482}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6D800A3-F463-4050-B1D3-12814DA55482}" => key removed successfully
C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA805EBD-05FA-471E-A5D7-761BD9C2F881}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA805EBD-05FA-471E-A5D7-761BD9C2F881}" => key removed successfully
C:\WINDOWS\System32\Tasks\RSPro => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RSPro" => key removed successfully
C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000.job => not found.
C:\WINDOWS\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000.job => not found.
C:\Users\Ron Lopez\Desktop\Hotmail.lnk => Shortcut argument removed successfully.
C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk => Shortcut argument removed successfully.
C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument removed successfully.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5ccaa-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5ccab-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d112-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d113-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d2dd-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d2de-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d3f2-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d3f3-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d445-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d446-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d546-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d547-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d58d-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
"C:\WINDOWS\system32\Drivers\sdfhgdf.sys" => ":{38d5d58e-bf16-11e5-9bd7-e89a8f6fe884}" ADS not found.
C:\ProgramData\TEMP => ":B3D74A13" ADS removed successfully.
EmptyTemp: => 2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:26:05 ====


  • 0

#6
lopez66
Posted 22 January 2016 - 10:59 AM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

The text information I got after running the ADW cleaner is as follows:

 

# AdwCleaner v5.030 - Logfile created 22/01/2016 at 11:45:31
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Ron Lopez - RONLOPEZ-PC
# Running from : C:\Users\Ron Lopez\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\app_setup
[-] Folder Deleted : C:\Program Files (x86)\DNS Unlocker
[-] Folder Deleted : C:\Program Files (x86)\ExploreTech
[-] Folder Deleted : C:\Program Files (x86)\PRiceLess
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\Local\NativeMessaging
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\Local\WhiteListing
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\LocalLow\Delta
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\LocalLow\HPAppData

***** [ Files ] *****

[-] File Deleted : C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk
[-] File Deleted : C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\searchplugins\smod.xml
[-] File Deleted : C:\Users\Ron Lopez\Desktop\Continue installation .lnk
[-] File Deleted : C:\WINDOWS\Reimage.ini

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreTech.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKCU\Software\5948cd0e63fee12
[-] Key Deleted : HKLM\SOFTWARE\5948cd0e63fee12
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\DriverRestore
[-] Key Deleted : HKCU\Software\DriverTuner
[-] Key Deleted : HKCU\Software\DriverTuner_Init
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\Microsoft\Babylon
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\WindoWeather
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff} [NameServer]

***** [ Web browsers ] *****

[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : norton-internet-security.softonic.com
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,&vp=ch&prd=set_ch

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7925 bytes] ##########
 

I will run the Junkware removal tool and post the results on my next post.


  • 0

#7
lopez66
Posted 22 January 2016 - 11:07 AM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

This is the log I got after running the Junkware removal tool. I'll post the rest of the information after I run the aswMBR program.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by Ron Lopez (Administrator) on Fri 01/22/2016 at 12:00:32.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\ProgramData\38735177356051207 (Folder)
Successfully deleted: C:\ProgramData\fabhbellkbalgegfcfjhndggbmnndenn (Folder)
Successfully deleted: C:\Users\Ron Lopez\AppData\Local\cre (Folder)
Successfully deleted: C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\search.lnk (Shortcut)
Successfully deleted: C:\WINDOWS\wininit.ini (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/22/2016 at 12:03:32.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#8
lopez66
Posted 22 January 2016 - 11:21 AM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

After running the aswMBR, the fix bottom was clik and the log is as follows:

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-01-22 12:10:37
-----------------------------
12:10:37.476    OS Version: Windows x64 6.2.9200
12:10:37.476    Number of processors: 4 586 0x2A07
12:10:37.476    ComputerName: RONLOPEZ-PC  UserName: Ron Lopez
12:10:39.620    Initialize success
12:10:39.697    VM: initialized successfully
12:10:39.712    VM: Intel CPU supported
12:10:46.862    VM: disk I/O storahci.sys
12:14:23.011    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002f
12:14:23.028    Disk 0 Vendor: TOSHIBA_MK7575GSX GT001M Size: 715404MB BusType: 11
12:14:23.184    Disk 0 MBR read successfully
12:14:23.200    Disk 0 MBR scan
12:14:23.200    Disk 0 Windows VISTA default MBR code
12:14:23.215    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
12:14:23.234    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       698607 MB offset 3074048
12:14:23.265    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS          789 MB offset 1433823232
12:14:23.296    Disk 0 Partition 4 00     17 Hidd HPFS/NTFS NTFS        13714 MB offset 1437061120
12:14:23.452    Disk 0 scanning C:\WINDOWS\system32\drivers
12:14:33.195    Service scanning
12:15:15.241    Modules scanning
12:15:15.259    Disk 0 statistics 139552/0/0 @ 8.22 MB/s
12:15:15.259    Scan finished successfully
12:17:04.369    Disk 0 MBR has been saved successfully to "C:\Users\Ron Lopez\Desktop\MBR.dat"
12:17:04.416    The log file has been saved successfully to "C:\Users\Ron Lopez\Desktop\aswMBR.txt"

I'll run the FRST again with the addition checked and post the logs reults on my next post.

 

 


  • 0

#9
lopez66
Posted 22 January 2016 - 11:53 AM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

This id the log form the FRST I'll add the addition text on another post.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by Ron Lopez (administrator) on RONLOPEZ-PC (22-01-2016 12:23:34)
Running from C:\Users\Ron Lopez\Desktop
Loaded Profiles: Ron Lopez (Available Profiles: Ron Lopez & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [dldfmon.exe] => C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe [455336 2009-04-27] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe [410280 2009-04-27] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [Dell AIO Printer 948] => C:\Program Files (x86)\Dell AIO Printer 948\fm3032.exe [311976 2009-04-27] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [Google Update] => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc.)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [BingSvc] => C:\Users\Ron Lopez\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\RunOnce: [Uninstall C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.1.70 65.32.1.65
Tcpip\..\Interfaces\{5b419b50-bd46-404a-9921-a6a648aa8844}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{77af3215-f3c5-41a2-ac84-b2c49f325010}: [DhcpNameServer] 65.32.1.70 65.32.1.65
Tcpip\..\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff}: [DhcpNameServer] 65.32.1.70 65.32.1.65

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)

FireFox:
========
FF ProfilePath: C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Ron Lopez\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ron Lopez\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\extensions\[email protected] [2015-12-01]
FF Extension: Ghostery - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\[email protected] [2016-01-01]
FF Extension: Self-Destructing Cookies - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\[email protected] [2015-12-11]
FF Extension: Adblock Plus - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TV) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-01-29]
CHR Extension: (YouTube) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-22]
CHR Extension: (Do Not Track) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdcpbflcbeillmamogkpmdhnbeggfja [2013-03-31]
CHR Extension: (Google Search) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Google Docs Offline) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (Do Not Track) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgaaifcfojgbncceneicipolopapchl [2013-03-31]
CHR Extension: (KIDO'Z TV) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokdeafnhahffanabnbjjjjmoechjklc [2014-01-29]
CHR Extension: (Gmail) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-08]
CHR HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S4 dldfCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dldfserv.exe [33416 2007-06-26] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-12-10] (Windows ® Win 7 DDK provider)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-29] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-16] (Malwarebytes)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-31] (Toshiba Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 aswMBR; C:\Users\Ron Lopez\AppData\Local\Temp\aswMBR.sys [62728 2016-01-22] () [File not signed]
U3 aswVmm; C:\Users\Ron Lopez\AppData\Local\Temp\aswVmm.sys [224896 2016-01-22] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-22 12:17 - 2016-01-22 12:17 - 00001575 _____ C:\Users\Ron Lopez\Desktop\aswMBR.txt
2016-01-22 12:17 - 2016-01-22 12:17 - 00000512 _____ C:\Users\Ron Lopez\Desktop\MBR.dat
2016-01-22 12:08 - 2016-01-22 12:10 - 05200384 _____ (AVAST Software) C:\Users\Ron Lopez\Desktop\aswmbr.exe
2016-01-22 12:03 - 2016-01-22 12:03 - 00000972 _____ C:\Users\Ron Lopez\Desktop\JRT.txt
2016-01-22 12:00 - 2016-01-22 11:01 - 01600184 _____ (Malwarebytes) C:\Users\Ron Lopez\Desktop\JRT.exe
2016-01-22 11:39 - 2016-01-22 11:45 - 00000000 ____D C:\AdwCleaner
2016-01-22 11:37 - 2016-01-22 10:55 - 01505280 _____ C:\Users\Ron Lopez\Desktop\AdwCleaner.exe
2016-01-22 11:25 - 2016-01-22 11:26 - 00039546 _____ C:\Users\Ron Lopez\Desktop\Fixlog.txt
2016-01-21 12:33 - 2016-01-21 12:33 - 00059524 _____ C:\Users\Ron Lopez\Desktop\Addition.txt
2016-01-21 12:32 - 2016-01-22 12:24 - 00017895 _____ C:\Users\Ron Lopez\Desktop\FRST.txt
2016-01-21 12:31 - 2016-01-22 12:23 - 00000000 ____D C:\FRST
2016-01-21 12:30 - 2016-01-21 10:38 - 02370560 _____ (Farbar) C:\Users\Ron Lopez\Desktop\FRST64.exe
2016-01-20 17:29 - 2016-01-20 17:29 - 00000101 _____ C:\Users\Ron Lopez\Desktop\MS.txt
2016-01-20 17:05 - 2016-01-20 17:30 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-01-20 17:05 - 2016-01-20 17:05 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Citrix
2016-01-20 16:49 - 2016-01-22 11:23 - 00169646 _____ C:\WINDOWS\ntbtlog.txt
2016-01-20 15:48 - 2016-01-20 15:48 - 00000036 _____ C:\Users\Ron Lopez\AppData\Local\housecall.guid.cache
2016-01-20 15:48 - 2016-01-20 15:48 - 00000000 ___HD C:\OneDriveTemp
2016-01-20 15:48 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-01-20 15:41 - 2016-01-21 10:57 - 00000000 ____D C:\Program Files\COMODO
2016-01-20 15:41 - 2016-01-20 15:42 - 00000000 ____D C:\ProgramData\COMODO
2016-01-20 15:37 - 2016-01-22 11:25 - 00002002 _____ C:\Users\Ron Lopez\Desktop\Hotmail.lnk
2016-01-20 15:36 - 2016-01-20 15:36 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-01-20 15:33 - 2016-01-20 15:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\WinRAR
2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-20 15:31 - 2016-01-20 15:32 - 00000000 ____D C:\Program Files\WinRAR
2016-01-20 05:35 - 2016-01-20 15:30 - 00000000 ___RD C:\Users\Ron Lopez\Downloads\DeviceDoctor.RAROpener_mkdtfchztkfbm!App
2016-01-20 05:22 - 2016-01-20 05:22 - 01076068 _____ C:\Users\Ron Lopez\Downloads\Wifi Password Hacker v5 Download Full version For pc__13150_i1827824625_il6253.rar
2016-01-16 20:21 - 2016-01-16 20:21 - 00115424 ____T C:\Users\Ron Lopez\Desktop\House rental search expenses visa.pdf
2016-01-13 23:13 - 2016-01-13 23:15 - 00034304 _____ C:\Users\Ron Lopez\Desktop\CEM-S Expense report Template.xls
2016-01-13 21:16 - 2016-01-13 21:16 - 08416278 _____ C:\Users\Ron Lopez\Desktop\R. Lopez lease 1.13.160001.pdf
2016-01-13 09:57 - 2016-01-13 09:58 - 00000000 ____D C:\Users\Ron Lopez\Documents\Safety At Work Videos
2016-01-12 15:00 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-12 15:00 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-12 14:59 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 14:59 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 14:59 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 14:59 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 14:59 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 14:59 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 14:59 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 14:59 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 14:59 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 14:59 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 14:59 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 14:59 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 14:59 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 14:59 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 14:59 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 14:59 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-12 14:59 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 14:59 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 14:59 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 14:59 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 14:59 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 14:59 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 14:59 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 14:59 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 14:59 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 14:59 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 14:59 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 14:59 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 14:59 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 14:59 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 14:59 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 14:59 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 14:59 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 14:59 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 14:59 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 14:59 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-12 14:59 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 14:59 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 14:59 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 14:59 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 14:59 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 14:59 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 14:59 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 14:59 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 14:59 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 14:59 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 14:59 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 09:17 - 2016-01-12 09:18 - 00000000 ____D C:\Users\Ron Lopez\Documents\CEM Solutions Trainning info
2016-01-11 14:34 - 2016-01-11 14:34 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-11 12:48 - 2016-01-11 12:48 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\WinBatch
2016-01-11 12:25 - 2016-01-11 12:25 - 00280316 _____ C:\WINDOWS\Minidump\011116-38187-01.dmp
2016-01-10 13:57 - 2016-01-10 13:57 - 00653083 _____ C:\Users\Ron Lopez\Downloads\i-130.pdf
2016-01-10 10:37 - 2016-01-10 16:15 - 00000000 ____D C:\Users\Ron Lopez\Downloads\US Travel History 2012 to 2016
2016-01-09 14:35 - 2016-01-09 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-09 10:16 - 2016-01-09 10:17 - 00000000 ____D C:\Users\Ron Lopez\Documents\Casio Pathfinder
2016-01-09 10:15 - 2016-01-09 10:15 - 00048017 _____ C:\Users\Ron Lopez\Desktop\Honda US EPA & DOT Complience Letter.pdf
2015-12-23 22:20 - 2016-01-11 12:25 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-23 22:20 - 2015-12-23 22:22 - 00280308 _____ C:\WINDOWS\Minidump\122315-21812-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-22 12:01 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-22 12:01 - 2015-07-31 22:58 - 00000000 ___RD C:\Users\Ron Lopez\OneDrive
2016-01-22 11:54 - 2015-12-10 01:52 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-22 11:54 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-22 11:51 - 2012-09-08 21:38 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-22 11:49 - 2012-09-08 21:38 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-22 11:48 - 2015-12-10 02:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-22 11:47 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-22 11:45 - 2012-12-02 23:15 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\ElevatedDiagnostics
2016-01-22 11:42 - 2015-11-29 21:05 - 00000450 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2016-01-22 11:37 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-22 11:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-22 11:37 - 2012-09-27 19:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-22 11:32 - 2015-11-29 21:07 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC034D0D-4F01-48CB-BB42-1B359780544B}
2016-01-22 11:25 - 2015-05-31 17:19 - 00000000 ____D C:\Users\Ron Lopez\AppData\LocalLow\Temp
2016-01-22 11:25 - 2015-05-02 16:21 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-01-22 11:25 - 2015-04-25 21:41 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\IDM
2016-01-22 11:25 - 2013-03-31 23:52 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-22 11:25 - 2013-03-31 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-22 11:13 - 2012-10-27 15:09 - 00000000 ____D C:\Program Files (x86)\A1Click Ultra PC Cleaner
2016-01-20 16:36 - 2015-11-29 21:05 - 00002264 _____ C:\Users\Ron Lopez\Desktop\HP Photo Creations.lnk
2016-01-20 15:58 - 2012-10-26 22:55 - 00000000 ____D C:\ProgramData\TEMP
2016-01-20 15:47 - 2015-07-31 22:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-20 15:38 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\DMCache
2016-01-20 15:33 - 2015-07-31 22:54 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Packages
2016-01-20 15:12 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Compressed
2016-01-20 05:24 - 2015-11-29 01:24 - 00000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRon Lopez.job
2016-01-20 05:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-19 22:38 - 2012-09-12 12:19 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\vlc
2016-01-18 22:31 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Video
2016-01-14 21:22 - 2012-09-08 22:12 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Skype
2016-01-13 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-13 12:26 - 2015-02-03 21:07 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job
2016-01-13 10:47 - 2015-11-07 21:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 10:47 - 2014-12-23 20:07 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 10:43 - 2011-04-25 14:54 - 00000000 ____D C:\Users\Ron Lopez\Documents\2011 Mortgage Renewal Forms
2016-01-13 10:41 - 2012-11-19 01:11 - 00000000 ___RD C:\Users\Ron Lopez\Documents\Documents (3)
2016-01-13 10:41 - 2012-11-19 01:08 - 00000000 ___RD C:\Users\Ron Lopez\Documents\My Documents1
2016-01-13 10:19 - 2015-05-24 16:53 - 00000000 ____D C:\Users\Ron Lopez\Documents\Cell Phone info
2016-01-13 09:47 - 2013-11-02 18:29 - 00000000 ____D C:\Users\Ron Lopez\Documents\2013 Callsellect
2016-01-12 16:48 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-12 16:47 - 2013-08-17 07:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 16:42 - 2012-09-27 20:30 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-11 19:02 - 2015-09-06 16:24 - 00000000 ____D C:\Users\Ron Lopez\Documents\Bills 2015
2016-01-11 14:34 - 2015-12-10 01:53 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-11 12:49 - 2012-05-08 14:10 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-01-11 12:30 - 2015-12-10 01:53 - 00000000 ____D C:\Users\Ron Lopez
2016-01-11 12:24 - 2015-07-19 21:53 - 648511574 _____ C:\WINDOWS\MEMORY.DMP
2016-01-10 11:54 - 2013-03-31 23:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-10 09:38 - 2014-08-23 18:38 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Adobe
2016-01-10 09:37 - 2012-09-27 19:07 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-09 14:35 - 2015-03-08 17:35 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Skype
2016-01-09 14:35 - 2015-03-08 17:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-09 14:35 - 2012-05-08 14:40 - 00000000 ____D C:\ProgramData\Skype
2016-01-06 22:02 - 2015-11-24 20:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-01-20 15:48 - 2016-01-20 15:48 - 0000036 _____ () C:\Users\Ron Lopez\AppData\Local\housecall.guid.cache
2012-09-27 19:10 - 2015-12-15 13:23 - 0017287 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Ron Lopez\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-22 11:43

==================== End of FRST.txt ============================


  • 0

#10
lopez66
Posted 22 January 2016 - 11:56 AM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

This is the addition log for the FRST.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Ron Lopez (2016-01-22 12:24:34)
Running from C:\Users\Ron Lopez\Desktop
Windows 10 Home (X64) (2015-12-10 07:22:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-714211835-398583104-3702693888-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-714211835-398583104-3702693888-503 - Limited - Disabled)
Guest (S-1-5-21-714211835-398583104-3702693888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-714211835-398583104-3702693888-1004 - Limited - Enabled)
Ron Lopez (S-1-5-21-714211835-398583104-3702693888-1000 - Administrator - Enabled) => C:\Users\Ron Lopez

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C309a (x32 Version: 140.0.846.000 - Hewlett-Packard) Hidden
ChromecastApp (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell AIO Printer 948 (HKLM\...\Dell AIO Printer 948) (Version:  - Dell, Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )
FixPCOptimizer (HKLM-x32\...\{A12BC961-A17E-4400-89E3-7939E082D827}) (Version: 1.00.1000 - Fix PC Optimizer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\HP Photo Creations) (Version: 1.0.0.19522 - HP)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{F089B734-1356-484F-A7B8-1B78F1616A15}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.855.000 - Hewlett-Packard) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
Your Uninstaller! 2008 Version 6.0 (HKLM-x32\...\Your Uninstaller! 2008_is1) (Version: 6.0 - URSoft, Inc.)
Zap Care Pro (HKLM-x32\...\{F96D3483-1580-480A-A04B-C659D7F180EF}) (Version: 2.9.5 - Arieana LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {082D8856-33F2-4943-AC63-0576E60DD020} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {117EE88D-2B9C-4FCD-B789-59FC2B7C9330} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {188A0DB7-2998-4E66-824C-DE7EF52064CD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {188CFCC5-9913-4ADA-B558-60BA708A0E6F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {18BE8D1D-5327-4F91-B16B-271D354CA5D5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {1C91856B-30AB-4F1D-B55D-B31CD295D4A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {231D17C6-27AD-4698-AA75-F3ED98748F6A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {289164AB-EB0B-41F5-B06D-3684ACC50F20} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-10] (Adobe Systems Incorporated)
Task: {315505BA-559A-4F44-A379-BD65E27BEB5D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {33EDEEEE-7972-4B2E-9BBF-FBF639AC368C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {38295757-5846-423E-BB17-4B2232DAFBB0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3F3876F3-66AC-45AD-9312-F622FFADC767} - System32\Tasks\{35B5F52C-26ED-4E2C-8E60-F7C411993AC9} => pcalua.exe -a "C:\Users\Ron Lopez\Downloads\Programs\windirstat1_1_2_setup.exe" -d "C:\Users\Ron Lopez\Downloads\Programs"
Task: {513FC424-F0F2-41E6-93FA-416B81535F0B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {566E726A-00C5-455C-BFDF-06B9FA28D3C0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {592AF5CA-085A-46CB-A2C6-971A5151740D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {60509D4F-B370-4131-AB56-09CE3B3C5509} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {66507A0E-CDC5-48E8-B263-094513B66582} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6733E2DB-6224-40AF-A331-47CE23E95C2C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {6CDC4299-555F-4F68-8E0B-FD255842455C} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe [2015-11-29] ()
Task: {7655B98F-5E9C-4B58-9B70-A70EB1C6E589} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {9112876E-824C-47AC-930F-CBE603E967C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {97C485FB-209A-45C7-8C37-85A6A7D433D2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {9C8B0ED5-634C-48EB-A5B2-91AA71A2C53A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {9FDC9A1A-89D5-43F1-A497-800366FEF598} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A041F8B5-1969-4F30-A4F3-74BC2A6529C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A1BCBA8C-711A-42DD-899E-F33BCE63D3FC} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {A3702B25-4101-4BAB-93FD-A758C0F908DA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A9B114C4-935E-4B39-BD1E-11284CF8639A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {B1EBF3A1-A27B-466C-8B89-5CF636D3119F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {BEA39325-01D4-47EC-927A-A62EEAC31FFD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {C6B8C798-BDB7-48F5-A9E7-7C9862D936DA} - System32\Tasks\HPCeeScheduleForRon Lopez => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: {CC9CEDFA-E891-45B5-943F-67899450D800} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DD36F0F8-DD68-4383-8EE4-086E659CD678} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {E3282E60-F62B-46B1-B527-A762C80703FB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {E33B7302-9B6B-480D-ABD4-892445DA1069} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EAE1F38D-68A2-446B-92EC-5D75E57A9803} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {EB6384A2-321E-42C3-A1D8-B5D836B783C4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F2DCDA2B-CB0C-4097-8442-AF0C9494F112} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F5F236A6-4B42-4ECC-941C-916679B6538F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FF458E8B-5E82-4E0D-944F-119B55235E1C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRon Lopez.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-05-09 19:04 - 2009-04-17 11:17 - 00045568 _____ () C:\WINDOWS\System32\DLDFPMON.DLL
2014-05-09 19:04 - 2007-05-04 03:23 - 00049152 _____ () C:\WINDOWS\System32\DLDFOEM.DLL
2014-05-09 19:04 - 2009-04-17 11:15 - 00081408 _____ () C:\Program Files (x86)\Dell AIO Printer 948\ipcmt64.dll
2014-05-09 19:05 - 2007-05-03 00:43 - 00138240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\dldfdrpp.dll
2015-12-10 02:35 - 2015-12-10 02:35 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-10 02:35 - 2015-12-10 02:35 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-22 11:36 - 2016-01-22 11:36 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2015-12-18 19:17 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 19:17 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 14:59 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 15:00 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-12 14:59 - 2016-01-04 20:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-12 14:59 - 2016-01-04 20:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-22 11:36 - 2016-01-22 11:36 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 11:36 - 2016-01-22 11:36 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-02 16:56 - 2015-05-03 14:23 - 00001468 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1                   skip
127.0.0.1                   onhax.net
127.0.0.1                   www.onhax.net
127.0.0.1                   forum.onhax.net
127.0.0.1                   https://forum.onhax.net
127.0.0.1                   labs.onhax.net
127.0.0.1                   do2dear.net
127.0.0.1                   p30world.com
127.0.0.1                   brarstuff.com
127.0.0.1                   rsload.net
127.0.0.1                   unicrack.com
127.0.0.1                   keyscity.net
127.0.0.1                   idm-crack-patch.blogspot.in
127.0.0.1                   parth8641.blogspot.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-714211835-398583104-3702693888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 65.32.1.70 - 65.32.1.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dldfCATSCustConnectService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{A2B08CE2-4B5E-4732-8110-39120F9EB519}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{267ECF6F-D4A5-4DA8-9BDF-ECFF29DC473E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{168E9FA8-3A69-4FBA-8021-F21C03279449}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D0D2F209-C094-45FA-8208-7BB9E1D97A33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{5CF38611-E7DE-4FCA-9EB0-D9B387DD324F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{4044ED16-0936-4E16-92E6-980E628964B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{664F206A-0242-4B92-BE4C-E09F5E6B19C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{3B0F062D-F234-4BAD-82FE-B7DEFDA923FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{016FF8A2-0AFE-4993-B947-FDB275E05379}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{B4D5A6F7-2DB9-4958-B5CB-EC68A7BD1747}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{9D4EEF51-589E-4E25-BF75-C2590A8B524B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{8FEBEE5D-2FC0-4EA9-90A6-D3FB8EB1275D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C6C3B690-6F32-4B60-A1C9-0F17E49E7A7B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{B2529BEF-E237-4DE7-BDAA-E5CAF121BC4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{6EE0D823-067A-4B63-A3F3-458D60D63105}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{96E12954-8804-4C72-B91D-041929778827}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{38EBBD24-8A79-43C4-BE48-288F8BBE247E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{9C6566EF-1B73-4493-9046-BA74047A9BEF}] => (Allow) C:\Users\Ron Lopez\AppData\Local\Temp\7zS0B8C\setup\hpznui40.exe
FirewallRules: [{BDB8CD46-ACB9-42FF-904C-569AE0A23B31}] => (Allow) C:\Users\Ron Lopez\AppData\Local\Temp\7zS70F6\HPDiagnosticCoreUI.exe
FirewallRules: [{E5DC79A0-C805-46B9-9540-850B466F482F}] => (Allow) C:\Users\Ron Lopez\AppData\Local\Temp\7zS70F6\HPDiagnosticCoreUI.exe
FirewallRules: [{A574BCF0-6CBD-4B96-AA83-4751A31F0ADA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31FA03FA-7878-44C1-9D9B-24CF61173063}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5504428-2C4A-46F6-9B95-5293C24967BB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2BDD3AEA-B1EB-4B26-BD27-418D80BD187D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E72577AB-FDAE-4238-84CF-619D9A443A17}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DB7B64F-ECAC-4B63-A286-9D0A6548A232}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01404980-DAEE-40E0-A6CB-706391A9FE46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5E6106CE-0498-4F85-B8A5-E2DD36AEC3F4}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{0C7A577A-0D86-4BB9-8B1E-66186175AE61}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{AE431B1C-0037-477A-AE97-6D46DA812D11}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{5916ED1F-D90C-4FE5-AC80-66313C52B522}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{6CB7D15F-37BC-4566-B677-71C7E26CBE5B}C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe] => (Block) C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe
FirewallRules: [UDP Query User{20ECB769-328B-4CD8-BC86-342120A4BD8A}C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe] => (Block) C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe
FirewallRules: [{03FED3EC-8073-4A1B-AC8F-DFF95D7C978D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AB878EC4-C257-4A3F-BFBE-D1DCF8F916D2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
FirewallRules: [{F8182B73-3FA9-4231-8927-5E53B96D28F2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
FirewallRules: [{0D757440-7EE9-42C0-95EC-45BC1FCE68B2}] => (Allow) C:\Windows\System32\dldfcoms.exe
FirewallRules: [{019FAEE0-E661-4B5D-A63A-536E355AC42D}] => (Allow) C:\Windows\System32\dldfcoms.exe
FirewallRules: [{3A638C66-6224-49D5-87AB-991B938A7FC6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
FirewallRules: [{894C119B-D914-4D9C-A524-A5FEBBFBBB37}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
FirewallRules: [{CF700503-C32C-4D57-97C6-46ED5C1538E8}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
FirewallRules: [{740CA2CA-A367-4BCD-88CD-26138453F415}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
FirewallRules: [{A05C5D85-F1FD-483D-A0A2-3D539C7C6225}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldfpswx.exe
FirewallRules: [{362E6EA6-00E3-4F52-A9DF-4D70DACD2D8B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldfpswx.exe
FirewallRules: [{F2D8E542-015B-45F5-B791-61431AFF8D56}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
FirewallRules: [{2C836EC4-B94A-4D12-BA3A-3A4D51D1CE51}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
FirewallRules: [{F97C6AAD-921D-4A0C-9F39-03ACA3C0DFCB}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
FirewallRules: [{57C6C3F3-4489-485B-8F85-B86E3F9444F6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
FirewallRules: [{D54FD245-205A-4B12-BEB3-B0127BEEF7E6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
FirewallRules: [{93CA90CC-C4DD-4318-A5B9-4BF5EB38E42B}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
FirewallRules: [TCP Query User{6582934D-40C8-48AA-B4DB-34711760F6D2}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
FirewallRules: [UDP Query User{C93CB074-4AA8-45C0-9789-0839172FAFB3}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
FirewallRules: [{8A3C10C9-C97A-4E49-9070-983D9567FF45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{648B9738-3263-47E0-B329-004EB8BD7AAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4804FBC5-4E22-4E74-9B0F-0156C94092F6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2AB3EBBA-ADFA-4C72-B1E7-6918402F59A4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3CACF432-173C-42CE-81C3-8314280BE9B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{5CD5ACC8-11A8-46E0-8490-F9664CA1F4F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{605A7806-16AD-47EF-9042-0ADEEA547903}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{CFD84ACD-140A-4E99-8F1F-AD7CE214AA2B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{05850765-4695-4EFF-9045-48F446333050}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{61B7E7B0-4090-4186-B118-DA3562EEE447}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{63F77B3D-9B85-4B35-AC77-EF25BC219C19}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{F7A2F823-B1EE-41DE-8CD6-C47DEDBCD226}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6DFEC436-FB5A-4896-BF7A-DCD15F4949CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5158E30A-F241-4A7D-B5B8-DED372D9D455}] => (Allow) C:\Users\Ron Lopez\AppData\Local\BrowserAir\Application\BrowserAir.exe

==================== Restore Points =========================

30-12-2015 18:39:37 Scheduled Checkpoint
06-01-2016 08:55:45 Windows Update
11-01-2016 12:23:35 Removed TOSHIBA eco Utility.
22-01-2016 12:00:36 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: HP LaserJet P2035n
Description: HP LaserJet P2035n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet 600 M601
Description: HP LaserJet 600 M601
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2016 12:18:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/22/2016 12:14:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/22/2016 12:14:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/22/2016 12:02:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/22/2016 12:01:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/22/2016 12:00:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/22/2016 11:56:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/22/2016 11:53:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/22/2016 11:52:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/22/2016 11:51:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/22/2016 11:48:37 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RONLOPEZ-PC    :0" could not be registered on the interface with IP address 192.168.0.42.
The computer with the IP address 192.168.0.136 did not allow the name to be claimed by
this computer.

Error: (01/22/2016 11:48:37 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RONLOPEZ-PC    :20" could not be registered on the interface with IP address 192.168.0.42.
The computer with the IP address 192.168.0.136 did not allow the name to be claimed by
this computer.

Error: (01/22/2016 11:48:37 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RONLOPEZ-PC    :0" could not be registered on the interface with IP address 192.168.0.42.
The computer with the IP address 192.168.0.136 did not allow the name to be claimed by
this computer.

Error: (01/22/2016 11:48:37 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{77AF3215-F3C5-41A2-AC84-B2C49F325010} because another computer on the network has the same name.  The server could not start.

Error: (01/22/2016 11:48:31 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RONLOPEZ-PC    :0" could not be registered on the interface with IP address 192.168.0.42.
The computer with the IP address 192.168.0.60 did not allow the name to be claimed by
this computer.

Error: (01/22/2016 11:48:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (01/22/2016 11:48:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
%%1275

Error: (01/22/2016 11:47:45 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RONLOPEZ-PC    :0" could not be registered on the interface with IP address 192.168.0.42.
The computer with the IP address 192.168.0.136 did not allow the name to be claimed by
this computer.

Error: (01/22/2016 11:47:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_38504 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/22/2016 11:47:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_38504 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-01-22 11:44:00.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-22 11:30:51.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-22 04:59:47.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-22 04:59:47.165
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-22 04:59:47.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-22 04:59:42.956
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-22 04:59:42.848
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:41.093
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:41.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 05:16:41.071
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 28%
Total physical RAM: 6091.86 MB
Available physical RAM: 4362.88 MB
Total Virtual: 12235.86 MB
Available Virtual: 10641.63 MB

==================== Drives ================================

Drive c: (S3A4489D001) (Fixed) (Total:682.23 GB) (Free:533.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (CENTON USB) (Removable) (Total:14.93 GB) (Free:14.6 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 57F24026)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=789 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13.4 GB) - (Type=17)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: D01FC437)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

Let me know if there is anything else you would like me to do. By the way, I am running windows 10 on my computer. It may not matter at this point as I was able to run the programs you asked me, to. Thanks again for you help.


Edited by lopez66, 22 January 2016 - 11:59 AM.

  • 0

Advertisements

#11
RKinner
Posted 22 January 2016 - 12:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

I don't see anything active now and I see you are back in normal mode.  Are you seeing any problems?

 

You do have a lot of errors so let's run SFC and DISM per the instructions here:

 

http://www.howtogeek...-dism-commands/

 

If SFC says it can't fix all files then don't bother with the safe mode stuff just try it again after you run DISM

 

Both will take a while to complete.  

 

I'm going to be off line for an hour or so.


  • 0

#12
lopez66
Posted 22 January 2016 - 12:22 PM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Some how the computer restarted on normal mode and I run the rest of the programs on that mode. I was just trying to uninstall the other programs (from the list you sent me) from my computer and suddenly a pop up came on and could not move it out of the way, so i shut it down. I don't know how to start my computer on safe mode so I have it off now.

 

I followed the information on how to start the comp on safe mode with networking. I am running he first command prompt, now, though some of the programs that were downloaded during the virus attack were still on the programs list.


Edited by lopez66, 22 January 2016 - 12:55 PM.

  • 0

#13
lopez66
Posted 22 January 2016 - 01:12 PM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

I ran the FSC on safe mode and it says that did not find any integrity violation. Should I run the other command prompt. Let me know. Thanks


  • 0

#14
RKinner
Posted 22 January 2016 - 01:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Let's run the dism command anyway.

 

Don't try and uninstall any more of the programs.  Apparently that wakes them up rather than uninstalling them.


  • 0

#15
lopez66
Posted 22 January 2016 - 01:55 PM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

OK, I'll run the other command and let you know of the out come.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP