Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Got a virus infection that crowded my computer screen

Started by lopez66 , Jan 21 2016 11:49 AM

  • Please log in to reply

#16
lopez66
Posted 22 January 2016 - 02:22 PM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

RKinnner, the prompt was ran and the it shows that the operation was completed successfully. Is there any other check I need to perform? Let me know. Thanks.


  • 0

Advertisements

#17
lopez66
Posted 22 January 2016 - 02:34 PM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

I restarted the computer and started on regular mode and a pop up came out again the same one from before asking me to validate copy of my windows license. it does not have a way to close it down ans it wont disappear from the screen. going to place on safe mode again.


Edited by lopez66, 22 January 2016 - 02:36 PM.

  • 0

#18
lopez66
Posted 22 January 2016 - 04:33 PM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

I posted some other stuff, but is not showing on the post on my computer. it showed on my work computer, though. I ran the last command and it showed that everything was good. I re started my computer and the pop up saying to validate the copy of my windows license still popped out. I moved to the side and I ma able to see most of my computer screen. I also installed AVG anti virus and I am running a scan, now. Let me know What else can I do. I don't if AVG will fix the problem. Thanks.


Edited by lopez66, 22 January 2016 - 04:35 PM.

  • 0

#19
lopez66
Posted 22 January 2016 - 05:00 PM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

After running AVG it asked me if i wanted to removed a problem in the middle of the scan and the pop up disappeared. at the end of the scan, it found three more threats. I still don't know id the computer is clean, though.


  • 0

#20
RKinner
Posted 22 January 2016 - 06:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
 
 
This will show us if the request to validate windows was valid.  Sometimes Windows does get upset if something looks at its validation files.  
 
You can also look and see if it thinks it is activated:
 

  • 0

#21
RKinner
Posted 22 January 2016 - 09:20 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

In addition to the above let's run the ESET scan.  It's very thorough and may take 3 hours or more to complete.

 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

  • 0

#22
lopez66
Posted 24 January 2016 - 01:47 PM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Thanks. RKinner. I am sorry I did not replay earler, but I use the internet at work (don't have internet at home, yet). the following is the first log after running VEW.

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 24/01/2016 2:43:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/01/2016 7:22:32 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 22/01/2016 4:45:29 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device WPD FileSystem Volume Driver (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 22/01/2016 4:45:29 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 11/01/2016 5:24:48 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/01/2016 4:53:51 PM
Type: Critical Category: 173
Event: 142 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 10/01/2016 4:53:50 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/12/2015 3:20:35 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/01/2016 7:25:09 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Log: 'System' Date/Time: 24/01/2016 7:23:07 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 24/01/2016 7:23:06 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The luafv service failed to start due to the following error:  This driver has been blocked from loading

Log: 'System' Date/Time: 24/01/2016 7:23:06 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 10:08:11 PM on ?1/?23/?2016 was unexpected.

Log: 'System' Date/Time: 24/01/2016 3:25:53 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Log: 'System' Date/Time: 24/01/2016 3:25:21 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_63d8b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 24/01/2016 3:25:21 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Storage_63d8b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 24/01/2016 3:25:21 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Contact Data_63d8b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 24/01/2016 3:25:21 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Sync Host_63d8b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2016 11:23:12 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 23/01/2016 11:23:11 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The luafv service failed to start due to the following error:  This driver has been blocked from loading

Log: 'System' Date/Time: 23/01/2016 6:33:40 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_5314d3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2016 6:33:40 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Storage_5314d3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2016 6:33:40 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Contact Data_5314d3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2016 6:33:40 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Sync Host_5314d3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2016 12:34:16 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Log: 'System' Date/Time: 22/01/2016 11:04:16 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Log: 'System' Date/Time: 22/01/2016 11:03:46 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Log: 'System' Date/Time: 22/01/2016 11:03:14 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_6acfa service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 22/01/2016 11:03:14 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Storage_6acfa service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/01/2016 7:23:14 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 24/01/2016 7:23:10 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PBDADiscoveryW1 definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:10 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\SqlLiteRecoveryTask definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:10 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PvrRecoveryTask definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:10 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\OCURDiscovery definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:09 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\UpdateRecordPath definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:09 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\StartRecording definition. Additional Data: Error Value: %SystemRoot%\ehome\ehrec.

Log: 'System' Date/Time: 24/01/2016 7:23:08 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\ConfigureInternetTimeService definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:07 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PeriodicScanRetry definition. Additional Data: Error Value: %windir%\ehome\MCUpdate.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:07 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:07 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\ReindexSearchRoot definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:07 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\OCURActivate definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:07 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PvrScheduleTask definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:06 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\DispatchRecoveryTasks definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:06 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PBDADiscovery definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:06 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\ActivateWindowsSearch definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:06 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\MediaCenterRecoveryTask definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.exe.

Log: 'System' Date/Time: 24/01/2016 7:23:06 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\mcupdate definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.

Log: 'System' Date/Time: 24/01/2016 7:23:06 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\mcupdate_scheduled definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.

Log: 'System' Date/Time: 24/01/2016 7:23:06 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\InstallPlayReady definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.
 


  • 0

#23
RKinner
Posted 24 January 2016 - 03:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

OK.  I see the usual Win 10 errors.  Follow my instructions about turning off Net Framework 4.5 Advanced Services here:

 

http://www.geekstogo...e/#entry2548044

 

then Windows 10 does not support Media Center which is why we get so many errors.  We can remove the tasks with a FRST Fixlist:

 

First clear the errors:

Win key + x then select Event Viewer or search for eventvwr.msc and hit Enter.  This should bring up the event Viewer.

 

Click on the arrow in front of Windows Logs.  Right click on Application (the one under Windows Logs),  Clear Log, Clear,  Repeat for System.

 

Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

  • 0

#24
lopez66
Posted 27 January 2016 - 05:34 AM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Thanks RKinner. I did not run the other tool from the website yet, but I did Started the FRS. here is the first fixlog. I ill have to post the other latter today.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Ron Lopez (2016-01-27 06:29:31) Run:2
Running from C:\Users\Ron Lopez\Desktop
Loaded Profiles: Ron Lopez (Available Profiles: Ron Lopez & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {117EE88D-2B9C-4FCD-B789-59FC2B7C9330} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {188CFCC5-9913-4ADA-B558-60BA708A0E6F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {231D17C6-27AD-4698-AA75-F3ED98748F6A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {315505BA-559A-4F44-A379-BD65E27BEB5D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {33EDEEEE-7972-4B2E-9BBF-FBF639AC368C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {513FC424-F0F2-41E6-93FA-416B81535F0B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {566E726A-00C5-455C-BFDF-06B9FA28D3C0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {592AF5CA-085A-46CB-A2C6-971A5151740D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {66507A0E-CDC5-48E8-B263-094513B66582} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6733E2DB-6224-40AF-A331-47CE23E95C2C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {7655B98F-5E9C-4B58-9B70-A70EB1C6E589} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {97C485FB-209A-45C7-8C37-85A6A7D433D2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {9C8B0ED5-634C-48EB-A5B2-91AA71A2C53A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {9FDC9A1A-89D5-43F1-A497-800366FEF598} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A3702B25-4101-4BAB-93FD-A758C0F908DA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A9B114C4-935E-4B39-BD1E-11284CF8639A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {BEA39325-01D4-47EC-927A-A62EEAC31FFD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {DD36F0F8-DD68-4383-8EE4-086E659CD678} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {E3282E60-F62B-46B1-B527-A762C80703FB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {EAE1F38D-68A2-446B-92EC-5D75E57A9803} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {EB6384A2-321E-42C3-A1D8-B5D836B783C4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F2DCDA2B-CB0C-4097-8442-AF0C9494F112} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F5F236A6-4B42-4ECC-941C-916679B6538F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FF458E8B-5E82-4E0D-944F-119B55235E1C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
EmptyTemp:



*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{117EE88D-2B9C-4FCD-B789-59FC2B7C9330}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{117EE88D-2B9C-4FCD-B789-59FC2B7C9330}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{188CFCC5-9913-4ADA-B558-60BA708A0E6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{188CFCC5-9913-4ADA-B558-60BA708A0E6F}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{231D17C6-27AD-4698-AA75-F3ED98748F6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{231D17C6-27AD-4698-AA75-F3ED98748F6A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{315505BA-559A-4F44-A379-BD65E27BEB5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{315505BA-559A-4F44-A379-BD65E27BEB5D}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33EDEEEE-7972-4B2E-9BBF-FBF639AC368C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33EDEEEE-7972-4B2E-9BBF-FBF639AC368C}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{513FC424-F0F2-41E6-93FA-416B81535F0B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{513FC424-F0F2-41E6-93FA-416B81535F0B}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{566E726A-00C5-455C-BFDF-06B9FA28D3C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{566E726A-00C5-455C-BFDF-06B9FA28D3C0}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{592AF5CA-085A-46CB-A2C6-971A5151740D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{592AF5CA-085A-46CB-A2C6-971A5151740D}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66507A0E-CDC5-48E8-B263-094513B66582}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66507A0E-CDC5-48E8-B263-094513B66582}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6733E2DB-6224-40AF-A331-47CE23E95C2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6733E2DB-6224-40AF-A331-47CE23E95C2C}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7655B98F-5E9C-4B58-9B70-A70EB1C6E589}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7655B98F-5E9C-4B58-9B70-A70EB1C6E589}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97C485FB-209A-45C7-8C37-85A6A7D433D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97C485FB-209A-45C7-8C37-85A6A7D433D2}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C8B0ED5-634C-48EB-A5B2-91AA71A2C53A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C8B0ED5-634C-48EB-A5B2-91AA71A2C53A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FDC9A1A-89D5-43F1-A497-800366FEF598}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FDC9A1A-89D5-43F1-A497-800366FEF598}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3702B25-4101-4BAB-93FD-A758C0F908DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3702B25-4101-4BAB-93FD-A758C0F908DA}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9B114C4-935E-4B39-BD1E-11284CF8639A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9B114C4-935E-4B39-BD1E-11284CF8639A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEA39325-01D4-47EC-927A-A62EEAC31FFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEA39325-01D4-47EC-927A-A62EEAC31FFD}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD36F0F8-DD68-4383-8EE4-086E659CD678}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD36F0F8-DD68-4383-8EE4-086E659CD678}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3282E60-F62B-46B1-B527-A762C80703FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3282E60-F62B-46B1-B527-A762C80703FB}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EAE1F38D-68A2-446B-92EC-5D75E57A9803}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAE1F38D-68A2-446B-92EC-5D75E57A9803}" => key removed successfully
C:\WINDOWS\System32\Tasks\SpyHunter4Startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB6384A2-321E-42C3-A1D8-B5D836B783C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB6384A2-321E-42C3-A1D8-B5D836B783C4}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2DCDA2B-CB0C-4097-8442-AF0C9494F112}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2DCDA2B-CB0C-4097-8442-AF0C9494F112}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5F236A6-4B42-4ECC-941C-916679B6538F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5F236A6-4B42-4ECC-941C-916679B6538F}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF458E8B-5E82-4E0D-944F-119B55235E1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF458E8B-5E82-4E0D-944F-119B55235E1C}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => key removed successfully
EmptyTemp: => 164.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 06:29:38 ====


  • 0

#25
lopez66
Posted 27 January 2016 - 01:16 PM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

The FRS logs after the addition scan are as follow:

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by Ron Lopez (administrator) on RONLOPEZ-PC (27-01-2016 14:11:46)
Running from C:\Users\Ron Lopez\Desktop
Loaded Profiles: Ron Lopez (Available Profiles: Ron Lopez & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
(© 2015 Microsoft Corporation) C:\Users\Ron Lopez\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [dldfmon.exe] => C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe [455336 2009-04-27] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe [410280 2009-04-27] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [Dell AIO Printer 948] => C:\Program Files (x86)\Dell AIO Printer 948\fm3032.exe [311976 2009-04-27] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [Google Update] => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc.)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [BingSvc] => C:\Users\Ron Lopez\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\RunOnce: [Uninstall C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.255.108.1
Tcpip\..\Interfaces\{5b419b50-bd46-404a-9921-a6a648aa8844}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{77af3215-f3c5-41a2-ac84-b2c49f325010}: [DhcpNameServer] 65.32.1.70 65.32.1.65
Tcpip\..\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff}: [DhcpNameServer] 10.255.108.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)

FireFox:
========
FF ProfilePath: C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Ron Lopez\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ron Lopez\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\extensions\[email protected] [2015-12-01]
FF Extension: Ghostery - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\[email protected] [2016-01-01]
FF Extension: Self-Destructing Cookies - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\[email protected] [2015-12-11]
FF Extension: Adblock Plus - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TV) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-01-29]
CHR Extension: (YouTube) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-22]
CHR Extension: (Do Not Track) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdcpbflcbeillmamogkpmdhnbeggfja [2013-03-31]
CHR Extension: (Google Search) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Google Docs Offline) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (Do Not Track) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgaaifcfojgbncceneicipolopapchl [2013-03-31]
CHR Extension: (KIDO'Z TV) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokdeafnhahffanabnbjjjjmoechjklc [2014-01-29]
CHR Extension: (Gmail) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-08]
CHR HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
S4 dldfCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dldfserv.exe [33416 2007-06-26] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-12-10] (Windows ® Win 7 DDK provider)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-29] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-16] (Malwarebytes)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-31] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 14:11 - 2016-01-27 14:12 - 00020891 _____ C:\Users\Ron Lopez\Desktop\FRST.txt
2016-01-27 06:29 - 2016-01-27 06:29 - 00016889 _____ C:\Users\Ron Lopez\Desktop\Fixlog.txt
2016-01-24 21:50 - 2016-01-24 21:50 - 00070144 _____ C:\Users\Ron Lopez\Desktop\Interview-home scouting expense.xls
2016-01-24 20:17 - 2016-01-27 06:22 - 00000000 ____D C:\Users\Ron Lopez\Desktop\Virus removal tools & logs
2016-01-24 14:43 - 2016-01-24 14:50 - 00011546 _____ C:\VEW.txt
2016-01-22 18:02 - 2016-01-22 18:02 - 00001333 _____ C:\Users\Ron Lopez\Desktop\Continue Spybot Search &amp; Destroy 2016 Installation.lnk
2016-01-22 18:01 - 2016-01-22 18:01 - 00992656 _____ (Installer ) C:\Users\Ron Lopez\Downloads\Spybot Search & Destroy Setup.exe
2016-01-22 16:05 - 2016-01-22 16:05 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\AVG
2016-01-22 16:05 - 2016-01-22 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-22 16:04 - 2016-01-22 16:04 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-22 16:04 - 2016-01-22 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-22 16:03 - 2016-01-22 16:05 - 00000000 ____D C:\ProgramData\Avg
2016-01-22 16:03 - 2016-01-22 16:04 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-22 16:02 - 2016-01-22 16:04 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\AvgSetupLog
2016-01-22 16:01 - 2016-01-22 16:02 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ron Lopez\Downloads\AVG_Protection_Free_698.exe
2016-01-22 13:12 - 2016-01-22 17:34 - 00000000 ____D C:\ProgramData\DataFile
2016-01-22 11:39 - 2016-01-22 11:45 - 00000000 ____D C:\AdwCleaner
2016-01-21 12:31 - 2016-01-27 14:11 - 00000000 ____D C:\FRST
2016-01-21 12:30 - 2016-01-21 10:38 - 02370560 _____ (Farbar) C:\Users\Ron Lopez\Desktop\FRST64.exe
2016-01-20 17:05 - 2016-01-20 17:30 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-01-20 17:05 - 2016-01-20 17:05 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Citrix
2016-01-20 16:49 - 2016-01-22 15:47 - 00488426 _____ C:\WINDOWS\ntbtlog.txt
2016-01-20 15:48 - 2016-01-20 15:48 - 00000036 _____ C:\Users\Ron Lopez\AppData\Local\housecall.guid.cache
2016-01-20 15:48 - 2016-01-20 15:48 - 00000000 ___HD C:\OneDriveTemp
2016-01-20 15:48 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-01-20 15:41 - 2016-01-21 10:57 - 00000000 ____D C:\Program Files\COMODO
2016-01-20 15:41 - 2016-01-20 15:42 - 00000000 ____D C:\ProgramData\COMODO
2016-01-20 15:36 - 2016-01-20 15:36 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-01-20 15:33 - 2016-01-20 15:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\WinRAR
2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-20 15:31 - 2016-01-20 15:32 - 00000000 ____D C:\Program Files\WinRAR
2016-01-20 05:35 - 2016-01-20 15:30 - 00000000 ___RD C:\Users\Ron Lopez\Downloads\DeviceDoctor.RAROpener_mkdtfchztkfbm!App
2016-01-16 20:21 - 2016-01-16 20:21 - 00115424 ____T C:\Users\Ron Lopez\Desktop\House rental search expenses visa.pdf
2016-01-13 23:13 - 2016-01-13 23:15 - 00034304 _____ C:\Users\Ron Lopez\Desktop\CEM-S Expense report Template.xls
2016-01-13 21:16 - 2016-01-13 21:16 - 08416278 _____ C:\Users\Ron Lopez\Desktop\R. Lopez lease 1.13.160001.pdf
2016-01-13 09:57 - 2016-01-13 09:58 - 00000000 ____D C:\Users\Ron Lopez\Documents\Safety At Work Videos
2016-01-12 15:00 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-12 15:00 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-12 14:59 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 14:59 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 14:59 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 14:59 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 14:59 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 14:59 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 14:59 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 14:59 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 14:59 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 14:59 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 14:59 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 14:59 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 14:59 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 14:59 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 14:59 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 14:59 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-12 14:59 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 14:59 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 14:59 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 14:59 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 14:59 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 14:59 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 14:59 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 14:59 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 14:59 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 14:59 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 14:59 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 14:59 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 14:59 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 14:59 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 14:59 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 14:59 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 14:59 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 14:59 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 14:59 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 14:59 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-12 14:59 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 14:59 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 14:59 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 14:59 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 14:59 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 14:59 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 14:59 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 14:59 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 14:59 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 14:59 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 14:59 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 09:17 - 2016-01-12 09:18 - 00000000 ____D C:\Users\Ron Lopez\Documents\CEM Solutions Trainning info
2016-01-11 14:34 - 2016-01-11 14:34 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-11 12:48 - 2016-01-11 12:48 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\WinBatch
2016-01-11 12:25 - 2016-01-11 12:25 - 00280316 _____ C:\WINDOWS\Minidump\011116-38187-01.dmp
2016-01-10 13:57 - 2016-01-10 13:57 - 00653083 _____ C:\Users\Ron Lopez\Downloads\i-130.pdf
2016-01-10 10:37 - 2016-01-10 16:15 - 00000000 ____D C:\Users\Ron Lopez\Downloads\US Travel History 2012 to 2016
2016-01-09 14:35 - 2016-01-09 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-09 10:16 - 2016-01-09 10:17 - 00000000 ____D C:\Users\Ron Lopez\Documents\Casio Pathfinder
2016-01-09 10:15 - 2016-01-09 10:15 - 00048017 _____ C:\Users\Ron Lopez\Desktop\Honda US EPA & DOT Complience Letter.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 13:57 - 2015-06-19 22:59 - 00000000 ____D C:\ProgramData\MFAData
2016-01-27 13:37 - 2012-09-27 19:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-27 13:21 - 2015-11-29 21:07 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC034D0D-4F01-48CB-BB42-1B359780544B}
2016-01-27 13:19 - 2015-12-10 01:52 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-27 13:19 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-27 06:50 - 2012-09-08 21:38 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 06:42 - 2015-11-29 21:05 - 00000450 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2016-01-27 06:31 - 2012-09-08 21:38 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 06:30 - 2015-12-10 02:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-27 06:30 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-27 06:25 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-27 06:25 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-24 23:32 - 2015-07-31 22:58 - 00000000 ___RD C:\Users\Ron Lopez\OneDrive
2016-01-24 23:24 - 2015-11-29 01:24 - 00000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRon Lopez.job
2016-01-24 23:18 - 2012-09-12 12:19 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\vlc
2016-01-24 21:56 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Video
2016-01-24 14:38 - 2015-11-29 18:30 - 00000000 ____D C:\Users\Ron Lopez\Downloads\HP Downloads
2016-01-24 14:24 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-22 20:36 - 2012-12-02 23:15 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\ElevatedDiagnostics
2016-01-22 17:18 - 2015-06-24 21:27 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Avg
2016-01-22 16:05 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-22 16:05 - 2015-06-19 23:06 - 00000000 ___HD C:\$AVG
2016-01-22 15:08 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-22 13:15 - 2015-02-03 21:07 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job
2016-01-22 13:12 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-22 11:25 - 2015-05-31 17:19 - 00000000 ____D C:\Users\Ron Lopez\AppData\LocalLow\Temp
2016-01-22 11:25 - 2015-05-02 16:21 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-01-22 11:25 - 2015-04-25 21:41 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\IDM
2016-01-22 11:25 - 2013-03-31 23:52 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-22 11:25 - 2013-03-31 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-22 11:13 - 2012-10-27 15:09 - 00000000 ____D C:\Program Files (x86)\A1Click Ultra PC Cleaner
2016-01-20 16:36 - 2015-11-29 21:05 - 00002264 _____ C:\Users\Ron Lopez\Desktop\HP Photo Creations.lnk
2016-01-20 15:58 - 2012-10-26 22:55 - 00000000 ____D C:\ProgramData\TEMP
2016-01-20 15:47 - 2015-07-31 22:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-20 15:38 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\DMCache
2016-01-20 15:33 - 2015-07-31 22:54 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Packages
2016-01-20 15:12 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Compressed
2016-01-20 05:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-14 21:22 - 2012-09-08 22:12 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Skype
2016-01-13 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-13 10:47 - 2015-11-07 21:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 10:47 - 2014-12-23 20:07 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 10:43 - 2011-04-25 14:54 - 00000000 ____D C:\Users\Ron Lopez\Documents\2011 Mortgage Renewal Forms
2016-01-13 10:41 - 2012-11-19 01:11 - 00000000 ___RD C:\Users\Ron Lopez\Documents\Documents (3)
2016-01-13 10:41 - 2012-11-19 01:08 - 00000000 ___RD C:\Users\Ron Lopez\Documents\My Documents1
2016-01-13 10:19 - 2015-05-24 16:53 - 00000000 ____D C:\Users\Ron Lopez\Documents\Cell Phone info
2016-01-13 09:47 - 2013-11-02 18:29 - 00000000 ____D C:\Users\Ron Lopez\Documents\2013 Callsellect
2016-01-12 16:47 - 2013-08-17 07:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 16:42 - 2012-09-27 20:30 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-11 19:02 - 2015-09-06 16:24 - 00000000 ____D C:\Users\Ron Lopez\Documents\Bills 2015
2016-01-11 14:34 - 2015-12-10 01:53 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-11 12:49 - 2012-05-08 14:10 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-01-11 12:30 - 2015-12-10 01:53 - 00000000 ____D C:\Users\Ron Lopez
2016-01-11 12:25 - 2015-12-23 22:20 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-11 12:24 - 2015-07-19 21:53 - 648511574 _____ C:\WINDOWS\MEMORY.DMP
2016-01-10 11:54 - 2013-03-31 23:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-10 09:38 - 2014-08-23 18:38 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Adobe
2016-01-10 09:37 - 2012-09-27 19:07 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-09 14:35 - 2015-03-08 17:35 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Skype
2016-01-09 14:35 - 2015-03-08 17:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-09 14:35 - 2012-05-08 14:40 - 00000000 ____D C:\ProgramData\Skype
2016-01-06 22:02 - 2015-11-24 20:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-01-20 15:48 - 2016-01-20 15:48 - 0000036 _____ () C:\Users\Ron Lopez\AppData\Local\housecall.guid.cache
2012-09-27 19:10 - 2015-12-15 13:23 - 0017287 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-22 11:43

==================== End of FRST.txt ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Ron Lopez (2016-01-27 14:12:45)
Running from C:\Users\Ron Lopez\Desktop
Windows 10 Home (X64) (2015-12-10 07:22:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-714211835-398583104-3702693888-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-714211835-398583104-3702693888-503 - Limited - Disabled)
Guest (S-1-5-21-714211835-398583104-3702693888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-714211835-398583104-3702693888-1004 - Limited - Enabled)
Ron Lopez (S-1-5-21-714211835-398583104-3702693888-1000 - Administrator - Enabled) => C:\Users\Ron Lopez

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.31.7357 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C309a (x32 Version: 140.0.846.000 - Hewlett-Packard) Hidden
ChromecastApp (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell AIO Printer 948 (HKLM\...\Dell AIO Printer 948) (Version:  - Dell, Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\HP Photo Creations) (Version: 1.0.0.19522 - HP)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{F089B734-1356-484F-A7B8-1B78F1616A15}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.855.000 - Hewlett-Packard) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
Your Uninstaller! 2008 Version 6.0 (HKLM-x32\...\Your Uninstaller! 2008_is1) (Version: 6.0 - URSoft, Inc.)
Zap Care Pro (HKLM-x32\...\{F96D3483-1580-480A-A04B-C659D7F180EF}) (Version: 2.9.5 - Arieana LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {082D8856-33F2-4943-AC63-0576E60DD020} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {18BE8D1D-5327-4F91-B16B-271D354CA5D5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {1C91856B-30AB-4F1D-B55D-B31CD295D4A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {289164AB-EB0B-41F5-B06D-3684ACC50F20} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-10] (Adobe Systems Incorporated)
Task: {38295757-5846-423E-BB17-4B2232DAFBB0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3F3876F3-66AC-45AD-9312-F622FFADC767} - System32\Tasks\{35B5F52C-26ED-4E2C-8E60-F7C411993AC9} => pcalua.exe -a "C:\Users\Ron Lopez\Downloads\Programs\windirstat1_1_2_setup.exe" -d "C:\Users\Ron Lopez\Downloads\Programs"
Task: {60509D4F-B370-4131-AB56-09CE3B3C5509} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {6CDC4299-555F-4F68-8E0B-FD255842455C} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe [2015-11-29] ()
Task: {756C00FF-3769-4D72-B405-6779A7A58354} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {9112876E-824C-47AC-930F-CBE603E967C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {A041F8B5-1969-4F30-A4F3-74BC2A6529C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A1BCBA8C-711A-42DD-899E-F33BCE63D3FC} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {B1EBF3A1-A27B-466C-8B89-5CF636D3119F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C6B8C798-BDB7-48F5-A9E7-7C9862D936DA} - System32\Tasks\HPCeeScheduleForRon Lopez => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: {CC9CEDFA-E891-45B5-943F-67899450D800} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E33B7302-9B6B-480D-ABD4-892445DA1069} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRon Lopez.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-05-09 19:04 - 2009-04-17 11:17 - 00045568 _____ () C:\WINDOWS\System32\DLDFPMON.DLL
2014-05-09 19:04 - 2007-05-04 03:23 - 00049152 _____ () C:\WINDOWS\System32\DLDFOEM.DLL
2014-05-09 19:04 - 2009-04-17 11:15 - 00081408 _____ () C:\Program Files (x86)\Dell AIO Printer 948\ipcmt64.dll
2014-05-09 19:05 - 2007-05-03 00:43 - 00138240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\dldfdrpp.dll
2015-12-10 02:35 - 2015-12-10 02:35 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-10 02:35 - 2015-12-10 02:35 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-22 11:36 - 2016-01-22 11:36 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 19:17 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 19:17 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 14:59 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 15:00 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-12 14:59 - 2016-01-04 20:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-12 14:59 - 2016-01-04 20:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2014-05-09 19:04 - 2009-04-27 15:30 - 00410280 _____ () C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
2016-01-22 11:36 - 2016-01-22 11:36 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 11:36 - 2016-01-22 11:36 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-05-09 19:04 - 2007-04-09 10:16 - 00147456 _____ () C:\Program Files (x86)\Dell AIO Printer 948\DLDFptp.dll
2016-01-22 16:03 - 2016-01-22 16:02 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-02 16:56 - 2015-05-03 14:23 - 00001468 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1                   skip
127.0.0.1                   onhax.net
127.0.0.1                   www.onhax.net
127.0.0.1                   forum.onhax.net
127.0.0.1                   https://forum.onhax.net
127.0.0.1                   labs.onhax.net
127.0.0.1                   do2dear.net
127.0.0.1                   p30world.com
127.0.0.1                   brarstuff.com
127.0.0.1                   rsload.net
127.0.0.1                   unicrack.com
127.0.0.1                   keyscity.net
127.0.0.1                   idm-crack-patch.blogspot.in
127.0.0.1                   parth8641.blogspot.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-714211835-398583104-3702693888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.255.108.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dldfCATSCustConnectService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{A2B08CE2-4B5E-4732-8110-39120F9EB519}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{267ECF6F-D4A5-4DA8-9BDF-ECFF29DC473E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{168E9FA8-3A69-4FBA-8021-F21C03279449}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D0D2F209-C094-45FA-8208-7BB9E1D97A33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{5CF38611-E7DE-4FCA-9EB0-D9B387DD324F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{4044ED16-0936-4E16-92E6-980E628964B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{664F206A-0242-4B92-BE4C-E09F5E6B19C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{3B0F062D-F234-4BAD-82FE-B7DEFDA923FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{016FF8A2-0AFE-4993-B947-FDB275E05379}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{B4D5A6F7-2DB9-4958-B5CB-EC68A7BD1747}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{9D4EEF51-589E-4E25-BF75-C2590A8B524B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{8FEBEE5D-2FC0-4EA9-90A6-D3FB8EB1275D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C6C3B690-6F32-4B60-A1C9-0F17E49E7A7B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{B2529BEF-E237-4DE7-BDAA-E5CAF121BC4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{6EE0D823-067A-4B63-A3F3-458D60D63105}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{96E12954-8804-4C72-B91D-041929778827}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{38EBBD24-8A79-43C4-BE48-288F8BBE247E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{9C6566EF-1B73-4493-9046-BA74047A9BEF}] => (Allow) C:\Users\Ron Lopez\AppData\Local\Temp\7zS0B8C\setup\hpznui40.exe
FirewallRules: [{BDB8CD46-ACB9-42FF-904C-569AE0A23B31}] => (Allow) C:\Users\Ron Lopez\AppData\Local\Temp\7zS70F6\HPDiagnosticCoreUI.exe
FirewallRules: [{E5DC79A0-C805-46B9-9540-850B466F482F}] => (Allow) C:\Users\Ron Lopez\AppData\Local\Temp\7zS70F6\HPDiagnosticCoreUI.exe
FirewallRules: [{A574BCF0-6CBD-4B96-AA83-4751A31F0ADA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31FA03FA-7878-44C1-9D9B-24CF61173063}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5504428-2C4A-46F6-9B95-5293C24967BB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2BDD3AEA-B1EB-4B26-BD27-418D80BD187D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E72577AB-FDAE-4238-84CF-619D9A443A17}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DB7B64F-ECAC-4B63-A286-9D0A6548A232}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01404980-DAEE-40E0-A6CB-706391A9FE46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5E6106CE-0498-4F85-B8A5-E2DD36AEC3F4}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{0C7A577A-0D86-4BB9-8B1E-66186175AE61}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{AE431B1C-0037-477A-AE97-6D46DA812D11}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{5916ED1F-D90C-4FE5-AC80-66313C52B522}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{6CB7D15F-37BC-4566-B677-71C7E26CBE5B}C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe] => (Block) C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe
FirewallRules: [UDP Query User{20ECB769-328B-4CD8-BC86-342120A4BD8A}C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe] => (Block) C:\program files (x86)\readon technology\readon tv movie radio player 7.6.0.0\internettv.exe
FirewallRules: [{03FED3EC-8073-4A1B-AC8F-DFF95D7C978D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AB878EC4-C257-4A3F-BFBE-D1DCF8F916D2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
FirewallRules: [{F8182B73-3FA9-4231-8927-5E53B96D28F2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
FirewallRules: [{0D757440-7EE9-42C0-95EC-45BC1FCE68B2}] => (Allow) C:\Windows\System32\dldfcoms.exe
FirewallRules: [{019FAEE0-E661-4B5D-A63A-536E355AC42D}] => (Allow) C:\Windows\System32\dldfcoms.exe
FirewallRules: [{3A638C66-6224-49D5-87AB-991B938A7FC6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
FirewallRules: [{894C119B-D914-4D9C-A524-A5FEBBFBBB37}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
FirewallRules: [{CF700503-C32C-4D57-97C6-46ED5C1538E8}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
FirewallRules: [{740CA2CA-A367-4BCD-88CD-26138453F415}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
FirewallRules: [{A05C5D85-F1FD-483D-A0A2-3D539C7C6225}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldfpswx.exe
FirewallRules: [{362E6EA6-00E3-4F52-A9DF-4D70DACD2D8B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldfpswx.exe
FirewallRules: [{F2D8E542-015B-45F5-B791-61431AFF8D56}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
FirewallRules: [{2C836EC4-B94A-4D12-BA3A-3A4D51D1CE51}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
FirewallRules: [{F97C6AAD-921D-4A0C-9F39-03ACA3C0DFCB}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
FirewallRules: [{57C6C3F3-4489-485B-8F85-B86E3F9444F6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
FirewallRules: [{D54FD245-205A-4B12-BEB3-B0127BEEF7E6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
FirewallRules: [{93CA90CC-C4DD-4318-A5B9-4BF5EB38E42B}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
FirewallRules: [TCP Query User{6582934D-40C8-48AA-B4DB-34711760F6D2}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
FirewallRules: [UDP Query User{C93CB074-4AA8-45C0-9789-0839172FAFB3}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
FirewallRules: [{8A3C10C9-C97A-4E49-9070-983D9567FF45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{648B9738-3263-47E0-B329-004EB8BD7AAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4804FBC5-4E22-4E74-9B0F-0156C94092F6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2AB3EBBA-ADFA-4C72-B1E7-6918402F59A4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3CACF432-173C-42CE-81C3-8314280BE9B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{5CD5ACC8-11A8-46E0-8490-F9664CA1F4F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{605A7806-16AD-47EF-9042-0ADEEA547903}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{CFD84ACD-140A-4E99-8F1F-AD7CE214AA2B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{05850765-4695-4EFF-9045-48F446333050}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{61B7E7B0-4090-4186-B118-DA3562EEE447}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{63F77B3D-9B85-4B35-AC77-EF25BC219C19}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{F7A2F823-B1EE-41DE-8CD6-C47DEDBCD226}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6DFEC436-FB5A-4896-BF7A-DCD15F4949CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5158E30A-F241-4A7D-B5B8-DED372D9D455}] => (Allow) C:\Users\Ron Lopez\AppData\Local\BrowserAir\Application\BrowserAir.exe
FirewallRules: [{BFC821D7-8920-4CCE-9FEF-6CB0E823BADB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{8773627F-810A-4AA0-9CFA-A949EA52748F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{45C7B3A7-B213-42C8-B5DD-F3AFF9C9F2BE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{81E37DFC-2894-45DE-87AB-981C1D7CD3D9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D90CACAF-0874-475B-B43A-86BA437D5DF4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3AFD5F29-1B70-46C8-B787-F1829B9C4D31}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D2ED71D4-73D4-4E08-AE65-87702F43DEA9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{BAA75F6A-A761-49CC-A636-7979B40431BF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

11-01-2016 12:23:35 Removed TOSHIBA eco Utility.
22-01-2016 12:00:36 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: HP LaserJet P2035n
Description: HP LaserJet P2035n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet 600 M601
Description: HP LaserJet 600 M601
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2016 02:10:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/27/2016 02:10:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/27/2016 02:02:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/27/2016 01:56:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/27/2016 01:53:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/27/2016 01:52:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/27/2016 01:52:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/27/2016 01:52:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/27/2016 01:52:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/27/2016 01:51:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/27/2016 06:30:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (01/27/2016 06:30:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
%%1275

Error: (01/27/2016 06:29:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_55532 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/27/2016 06:29:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_55532 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/27/2016 06:29:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_55532 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/27/2016 06:29:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_55532 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-01-27 13:19:18.255
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-27 13:19:18.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-27 06:29:15.612
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-27 06:29:15.602
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-27 06:16:31.414
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-27 06:16:31.403
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-27 06:14:40.500
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-27 06:14:40.487
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-27 06:14:40.311
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-27 06:14:40.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 32%
Total physical RAM: 6091.86 MB
Available physical RAM: 4128.37 MB
Total Virtual: 12235.86 MB
Available Virtual: 10275.46 MB

==================== Drives ================================

Drive c: (S3A4489D001) (Fixed) (Total:682.23 GB) (Free:533.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 57F24026)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=789 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13.4 GB) - (Type=17)

==================== End of Addition.txt ============================


  • 0

Advertisements

#26
lopez66
Posted 27 January 2016 - 02:16 PM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

RKinner, it looks like i messed up I did not run the first part of the steps you sent me

 

OK.  I see the usual Win 10 errors.  Follow my instructions about turning off Net Framework 4.5 Advanced Services here:

 

http://www.geekstogo...e/#entry2548044

 

I did verified afterwards, and it was running.


  • 0

#27
RKinner
Posted 27 January 2016 - 02:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Have your rebooted since then?

 

Run VEW again and let's see what it says.


  • 0

#28
lopez66
Posted 28 January 2016 - 07:41 AM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

RKinner, this is the VEW Log for the system.

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 28/01/2016 8:34:12 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/01/2016 1:14:30 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "RONLOPEZ-PC    :20" could not be registered on the interface with IP address 192.168.0.95. The computer with the IP address 192.168.0.136 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 28/01/2016 1:12:50 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "RONLOPEZ-PC    :20" could not be registered on the interface with IP address 192.168.0.95. The computer with the IP address 192.168.0.136 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 28/01/2016 1:12:50 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "RONLOPEZ-PC    :0" could not be registered on the interface with IP address 192.168.0.95. The computer with the IP address 192.168.0.136 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 28/01/2016 1:12:50 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "RONLOPEZ-PC    :20" could not be registered on the interface with IP address 192.168.0.95. The computer with the IP address 192.168.0.136 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 28/01/2016 1:12:49 PM
Type: Error Category: 0
Event: 4319 Source: NetBT
A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

Log: 'System' Date/Time: 28/01/2016 1:12:49 PM
Type: Error Category: 0
Event: 4319 Source: NetBT
A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

Log: 'System' Date/Time: 28/01/2016 1:12:49 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Log: 'System' Date/Time: 28/01/2016 1:12:48 PM
Type: Error Category: 0
Event: 4319 Source: NetBT
A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

Log: 'System' Date/Time: 28/01/2016 1:12:47 PM
Type: Error Category: 0
Event: 4319 Source: NetBT
A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

Log: 'System' Date/Time: 28/01/2016 1:12:42 PM
Type: Error Category: 0
Event: 4319 Source: NetBT
A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

Log: 'System' Date/Time: 28/01/2016 1:12:37 PM
Type: Error Category: 0
Event: 4319 Source: NetBT
A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

Log: 'System' Date/Time: 28/01/2016 4:15:33 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Log: 'System' Date/Time: 28/01/2016 4:15:03 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Log: 'System' Date/Time: 28/01/2016 4:14:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_3f358b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/01/2016 4:14:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Storage_3f358b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/01/2016 4:14:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Contact Data_3f358b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/01/2016 4:14:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Sync Host_3f358b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 27/01/2016 9:18:13 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Log: 'System' Date/Time: 27/01/2016 9:17:43 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Log: 'System' Date/Time: 27/01/2016 9:17:10 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_3b293 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/01/2016 2:59:58 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name win10.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 27/01/2016 7:44:30 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name star-mini.c10r.facebook.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 27/01/2016 7:40:37 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 27/01/2016 7:40:37 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 27/01/2016 7:40:37 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 27/01/2016 7:40:32 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 5 seconds since the last report.

Log: 'System' Date/Time: 27/01/2016 6:52:02 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.lan timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 27/01/2016 11:31:06 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 27/01/2016 11:30:59 AM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 27/01/2016 11:30:58 AM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 27/01/2016 11:29:56 AM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)


Edited by lopez66, 28 January 2016 - 07:43 AM.

  • 0

#29
lopez66
Posted 28 January 2016 - 07:44 AM

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

This is the Application VEW Log

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 28/01/2016 8:40:43 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/01/2016 1:38:00 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:26:00 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:20:00 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:17:00 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:16:32 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:16:00 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:59 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:53 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:50 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:50 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:38 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:38 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:38 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:38 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:38 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:38 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:26 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:15:20 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 1:13:41 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 28/01/2016 4:11:39 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I did not ,yet, had the change to run the 3 hour internet scan tool, but I have the time to run it today if you still would like me to run that. let me know. Thanks
 


  • 0

#30
RKinner
Posted 28 January 2016 - 08:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I think we had better wait on the scan.  I'm see this error:

 

Log: 'System' Date/Time: 27/01/2016 7:40:37 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 

 

 

This is usually a sign of overheating.  

 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP