Here is what the Speccy program found RKinner.
RONLOPEZ-PC.txt 92.64KB
351 downloads
Got a virus infection that crowded my computer screen
Started by
lopez66
, Jan 21 2016 11:49 AM
#32
Posted 28 January 2016 - 11:30 AM
lopez66
- Topic Starter
-
- Member
-
- 48 posts
Member
The Second program gave me the following Log, though it didn't give it the name you mentioned on your post, I am running Wind 10, may that is why the name is different or I didn't run the program as you requested (didn't take the check marks already there). any way the following is what I got.
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 89.90 0 K 4 K 0
procexp64.exe 4.02 25,332 K 59,928 K 5300 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 1.78 29,696 K 42,272 K 1368 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe 1.26 5,904 K 19,040 K 3036 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
Interrupts 1.04 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 0.48 2,104 K 6,972 K 464 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
firefox.exe 0.48 356,048 K 363,416 K 5208 Firefox Mozilla Corporation (Verified) Mozilla Corporation
System 0.39 816 K 30,316 K 4
svchost.exe 0.28 16,428 K 27,220 K 1668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
ipoint.exe 0.15 4,696 K 3,120 K 4592 IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation
explorer.exe 0.06 42,820 K 111,092 K 3632 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.04 65,068 K 79,748 K 1456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.03 6,480 K 19,240 K 1200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 7,032 K 17,324 K 1880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 2,472 K 9,328 K 3436 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 4,456 K 10,908 K 1252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
avgwdsvcx.exe 0.01 14,480 K 32,144 K 2316 AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
svchost.exe 0.01 6,848 K 17,448 K 1400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dllhost.exe 0.01 1,712 K 9,608 K 6476 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
NetworkUXBroker.exe 0.01 4,380 K 16,864 K 6560 Network UX Broker Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 15,716 K 26,944 K 1648 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
avgidsagent.exe < 0.01 13,720 K 28,476 K 2364 AVG Identity Protection Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
svchost.exe < 0.01 19,452 K 46,132 K 1384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WmiPrvSE.exe < 0.01 10,740 K 17,288 K 4828 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
avgui.exe < 0.01 7,388 K 12,164 K 6668 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgsvca.exe < 0.01 6,428 K 20,288 K 2348 AVG Service Process AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgrsa.exe < 0.01 16,560 K 27,628 K 488 AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
WmiPrvSE.exe 8,376 K 20,576 K 4020 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,124 K 7,568 K 2956 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,644 K 9,100 K 1040 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 924 K 4,712 K 476 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
TPwrMain.exe 2,548 K 8,932 K 4028 TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosReelTimeMonitor.exe 22,856 K 26,504 K 6220 Monitor of TOSHIBA ReelTime TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosNcCore.exe 2,132 K 9,056 K 6176 Message Center TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TCrdMain.exe 5,744 K 19,108 K 3236 TOSHIBA Flash Cards Main Module TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
taskhostw.exe 9,368 K 18,820 K 2304 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SystemSettingsBroker.exe 3,652 K 17,452 K 6376 System Settings Broker Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 956 K 3,872 K 5044 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe 912 K 4,136 K 2548 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 5,688 K 19,296 K 2616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,956 K 9,172 K 7804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,016 K 10,484 K 2556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,892 K 20,016 K 2324 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,772 K 9,964 K 2356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,244 K 25,556 K 7212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,176 K 10,288 K 1492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,656 K 9,912 K 2416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,060 K 8,404 K 2596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 8,504 K 18,684 K 1732 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SMSvcHost.exe 23,076 K 24,036 K 3348 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
SMSvcHost.exe 20,860 K 15,844 K 4692 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 356 K 1,176 K 400 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
sihost.exe 4,096 K 19,056 K 3908 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 38,032 K 72,108 K 5552 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,056 K 7,404 K 1076 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 45,976 K 92,260 K 5780 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 22,848 K 25,676 K 1120 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7,092 K 24,588 K 3308 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 2,832 K 9,384 K 1800 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
mqsvc.exe 4,220 K 12,324 K 2588 Message Queuing Service Microsoft Corporation (Verified) Microsoft Windows
memcard.exe 2,588 K 9,100 K 6260 Memory Card Manager Executable (Verified) Lexmark International
lsass.exe 5,184 K 13,904 K 1108 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
itype.exe 4,880 K 3,072 K 1804 IType.exe Microsoft Corporation (Verified) Microsoft Corporation
igfxtray.exe 1,716 K 8,200 K 5204 igfxTray Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxpers.exe 1,988 K 8,936 K 4364 persistence Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxext.exe 1,412 K 6,708 K 6036 igfxext Module Intel Corporation (Verified) Intel Corporation - pGFX
hpwuschd2.exe 1,236 K 5,344 K 6568 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
hkcmd.exe 1,740 K 8,188 K 5416 hkcmd Module Intel Corporation (Verified) Intel Corporation - pGFX
fontdrvhost.exe 844 K 2,740 K 6852 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
dldfmon.exe 2,600 K 7,808 K 6236 Printer Device Monitor (Verified) Lexmark International
dasHost.exe 932 K 5,152 K 2528 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 1,424 K 676 K 6908 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,452 K 4,028 K 368 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
BingSvc.exe 1,264 K 5,328 K 6404 Microsoft Bing Service © 2015 Microsoft Corporation (Verified) Microsoft Corporation
avguix.exe 11,004 K 6,696 K 6608 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgnsa.exe 7,300 K 17,104 K 4064 AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgemca.exe 2,412 K 9,996 K 4084 AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgcsrva.exe 26,344 K 179,764 K 592 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
armsvc.exe 1,148 K 5,692 K 2308 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
ApplicationFrameHost.exe 4,256 K 19,388 K 7404 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
#33
Posted 28 January 2016 - 12:11 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
OK. Speccy says it's not overheating and process explorer says it's not being overworked. Seems to be intel's Speedstep technology. Apparently it slows the processor down when it gets bored. Supposedly this saves power.
https://communities....tart=0&tstart=0
I think you can turn it off in the BIOS if you mostly operate with it plugged in to the wall outlet or just ignore it.
Speccy also says your hard drive is in good shape. and there is nothing connecting to the Internet that shouldn't be.
We have three alarms that say the clock is not able to check the time.
See if you can change it to use time.nist.gov it seems more reliable than the default (
http://www.tenforums...ndows-10-a.html
This alarm:
Log: 'System' Date/Time: 28/01/2016 1:12:48 PM
Type: Error Category: 0
Event: 4319 Source: NetBT
A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
Do you have a second PC with the same name on your network? You can also get this if your WiFi is on at the same time that you are plugged in the the Ethernet.
Log: 'Application' Date/Time: 28/01/2016 1:38:00 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.
I think this applies here even tho it says for Win 8
https://support.micr...n-us/kb/3064045
Note the typo. It should say
Select and copy all of the files and folders in this folder, except for the following files:
- NtUser.dat
- NtUser.ini
- NtUser.log (or if it does not exist, instead exclude the two log files called ntuser.dat.log1 and ntuser.dat.log2)
Finally
Log: 'System' Date/Time: 27/01/2016 9:18:13 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.
I would download a new copy of AVG, uninstall AVG then reboot and install the new copy (right click and Run As Admin)
That should clear most of the alarms which are causing it to be slow booting.
#34
Posted 28 January 2016 - 12:18 PM
lopez66
- Topic Starter
-
- Member
-
- 48 posts
Member
yes, I have another lap top connected to the net and sadly my employer named the same as my personal lap top. my work comp is running Wind 7, though.
#35
Posted 28 January 2016 - 12:31 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
You can just turn off netBT. These instructions are for Win 8 but it should be the same in 10.
http://surrealparadigm.com/?p=283
That will stop the errors and save a few CPU cycles.
#36
Posted 28 January 2016 - 04:36 PM
lopez66
- Topic Starter
-
- Member
-
- 48 posts
Member
I was able to change the time as per the instructions, but I cannot change the account and I was not able to find the C:/users/old_filenames in the system nor see any activity after I clicked to see the hiden files and folders
#38
Posted 03 February 2016 - 02:08 PM
lopez66
- Topic Starter
-
- Member
-
- 48 posts
Member
I am sorry RKinner I Been working away from home and unable to get internet access. The computer is been acting weird, whenever I want to open a picture, a document it telling me that I don't have permission to open the app. I was just checking to see if the warning would come out again, but it didn't do it now. Also, when I connet my phone to the computer it would not open right away and some times when it opens the display with the information will flicker as if it wants to close it and open it again.
Right now, to get back to the display with the internet it took about three tries.
I will try the second method above to see if I can access. by the way, I installed Malware-bites Anti malware and run the free home edition. I will also uninstall the AVG as you requested. Thanks for your help and patience.
Edited by lopez66, 03 February 2016 - 02:14 PM.
#39
Posted 11 February 2016 - 03:35 PM
lopez66
- Topic Starter
-
- Member
-
- 48 posts
Member
Hello RKinner,
I hope you have not give up on me. I been trying to follow the last request you posted, about doing a second account, and I was able to log in with an administrator account, but I could not find how to change it to a different profile, then I thought about opening a browser to read if there was any other information I had missed, but I could not open Microsoft Edge, and the other choice was Chrome. I opened Chrome and I thinks there may still be a virus in my computer. A warning came out on the browser and another one across the screen, that would popped back up when ever I closed it.
as per attached picture.
What should I do now, please I need your help cleaning my laptop.
Attached Thumbnails
#40
Posted 11 February 2016 - 03:48 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
OK. Looks like you still have something. Using your new admin login:
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
The report will be saved in the C:\AdwCleaner folder.
Junkware-Removal-Tool
Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
- Pause your anti-virus. Close all browsers.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
#41
Posted 11 February 2016 - 04:21 PM
lopez66
- Topic Starter
-
- Member
-
- 48 posts
Member
RKinner, here is the log generated by the AdwCleaner, though it did not showed any files to check our uncheck, I still clicked the clean button.
# AdwCleaner v5.030 - Logfile created 22/01/2016 at 11:45:31
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Ron Lopez - RONLOPEZ-PC
# Running from : C:\Users\Ron Lopez\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\app_setup
[-] Folder Deleted : C:\Program Files (x86)\DNS Unlocker
[-] Folder Deleted : C:\Program Files (x86)\ExploreTech
[-] Folder Deleted : C:\Program Files (x86)\PRiceLess
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\Local\NativeMessaging
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\Local\WhiteListing
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\LocalLow\Delta
[-] Folder Deleted : C:\Users\Ron Lopez\AppData\LocalLow\HPAppData
***** [ Files ] *****
[-] File Deleted : C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk
[-] File Deleted : C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\searchplugins\smod.xml
[-] File Deleted : C:\Users\Ron Lopez\Desktop\Continue installation .lnk
[-] File Deleted : C:\WINDOWS\Reimage.ini
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreTech.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKCU\Software\5948cd0e63fee12
[-] Key Deleted : HKLM\SOFTWARE\5948cd0e63fee12
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\DriverRestore
[-] Key Deleted : HKCU\Software\DriverTuner
[-] Key Deleted : HKCU\Software\DriverTuner_Init
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\Microsoft\Babylon
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\WindoWeather
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff} [NameServer]
***** [ Web browsers ] *****
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : norton-internet-security.softonic.com
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,&vp=ch&prd=set_ch
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7925 bytes] ##########
# AdwCleaner v5.033 - Logfile created 11/02/2016 at 17:12:59
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Administrator - RONLOPEZ-PC
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\{b572d29d-a010-7d5a-b572-2d29da014a76}
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
***** [ Web browsers ] *****
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8995 bytes] ##########
#42
Posted 11 February 2016 - 04:34 PM
lopez66
- Topic Starter
-
- Member
-
- 48 posts
Member
this id the log I got after running the JRT tool, RKinner. I'll run the last FRST tool next, thanks.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by Administrator (Administrator) on Thu 02/11/2016 at 17:24:28.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/11/2016 at 17:29:06.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#43
Posted 11 February 2016 - 04:44 PM
lopez66
- Topic Starter
-
- Member
-
- 48 posts
Member
RKinner, the FRST tool gaive me the two logs the first one that opened was the FRST and the other one is the addition, as you mentioned, both are under, thanks.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Administrator (administrator) on RONLOPEZ-PC (11-02-2016 17:35:37)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Ron Lopez & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [dldfmon.exe] => C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe [455336 2009-04-27] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe [410280 2009-04-27] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [Dell AIO Printer 948] => C:\Program Files (x86)\Dell AIO Printer 948\fm3032.exe [311976 2009-04-27] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.1.70 65.32.1.65
Tcpip\..\Interfaces\{5b419b50-bd46-404a-9921-a6a648aa8844}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{77af3215-f3c5-41a2-ac84-b2c49f325010}: [DhcpNameServer] 65.32.1.70 65.32.1.65
Tcpip\..\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff}: [DhcpNameServer] 65.32.1.70 65.32.1.65
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sb6gmjy6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Ron Lopez\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-11]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-11]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-11]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-11]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-11]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-11]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-11]
CHR Extension: (Skype) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-11]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S4 dldfCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dldfserv.exe [33416 2007-06-26] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-12-10] (Windows ® Win 7 DDK provider)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-29] ()
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-31] (Toshiba Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-11 17:35 - 2016-02-11 17:36 - 00014148 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-02-11 17:34 - 2016-02-11 17:34 - 02370560 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2016-02-11 17:29 - 2016-02-11 17:29 - 00000563 _____ C:\Users\Administrator\Desktop\JRT.txt
2016-02-11 17:22 - 2016-02-11 17:24 - 01609032 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2016-02-11 17:16 - 2016-02-11 17:16 - 00001718 _____ C:\Users\Administrator\Desktop\Mozilla Firefox.lnk
2016-02-11 17:08 - 2016-02-11 17:09 - 01508352 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
2016-02-11 17:06 - 2016-02-11 17:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-02-11 17:06 - 2016-02-11 17:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2016-02-11 17:03 - 2016-02-11 17:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2016-02-11 17:03 - 2016-02-11 17:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2016-02-11 16:32 - 2016-02-11 16:33 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-02-11 14:06 - 2016-02-11 14:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\NetworkTiles
2016-02-11 12:46 - 2016-02-11 12:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Toshiba
2016-02-11 12:45 - 2016-02-11 12:45 - 00002436 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-11 12:45 - 2016-02-11 12:45 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-02-11 12:44 - 2016-02-11 17:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\TOSHIBA
2016-02-11 12:44 - 2016-02-11 12:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2016-02-11 12:44 - 2016-02-11 12:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\948 Series
2016-02-11 12:43 - 2016-02-11 12:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\ActiveSync
2016-02-11 12:42 - 2016-02-11 12:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-02-11 12:41 - 2016-02-11 16:12 - 00002339 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2016-02-11 12:41 - 2016-02-11 13:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-02-11 12:41 - 2016-02-11 12:45 - 00000000 ____D C:\Users\Administrator
2016-02-11 12:41 - 2016-02-11 12:41 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-02-11 12:41 - 2015-12-10 02:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2016-02-11 12:41 - 2015-12-10 02:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HPActiveHealth
2016-02-11 12:41 - 2015-12-10 02:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2016-02-08 21:08 - 2016-02-08 21:08 - 00000000 ____D C:\Users\Ron Lopez\Desktop\The Perswonal Insur
2016-02-01 00:26 - 2016-02-01 01:04 - 00000000 ____D C:\Users\Ron Lopez\Desktop\S IV music
2016-01-31 23:07 - 2016-02-08 21:22 - 00000000 ____D C:\Users\Ron Lopez\Desktop\CEM Sol Per diems
2016-01-28 23:48 - 2016-01-28 23:48 - 00115584 ____T C:\Users\Ron Lopez\Desktop\Visa Cell Charges.pdf
2016-01-28 23:46 - 2016-01-28 23:46 - 00116359 ____T C:\Users\Ron Lopez\Desktop\Cell phone charges.pdf
2016-01-28 23:45 - 2016-01-28 23:45 - 00008764 _____ C:\Users\Ron Lopez\Downloads\trans1454524270705.qfx
2016-01-28 22:18 - 2016-02-08 20:09 - 00000000 ____D C:\Users\Ron Lopez\Documents\CCleaner registry backup
2016-01-28 12:19 - 2016-01-28 12:19 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-01-28 12:04 - 2016-01-28 12:04 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-01-28 12:04 - 2016-01-28 12:04 - 00000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-28 12:04 - 2016-01-28 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-28 12:04 - 2016-01-28 12:04 - 00000000 ____D C:\Program Files\CCleaner
2016-01-28 09:22 - 2016-01-28 09:22 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-28 09:22 - 2016-01-28 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-28 09:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-28 09:22 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-28 09:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-28 09:21 - 2016-01-28 09:21 - 22908888 _____ (Malwarebytes ) C:\Users\Ron Lopez\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-28 08:24 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 08:24 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 08:24 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 08:24 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 08:24 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 08:24 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 08:24 - 2016-01-16 01:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-28 08:24 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 08:24 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 08:24 - 2016-01-16 01:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-28 08:24 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 08:24 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 08:24 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 08:24 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 08:24 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-28 08:24 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-28 08:24 - 2016-01-16 01:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-28 08:24 - 2016-01-16 01:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-28 08:24 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 08:24 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 08:24 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 08:24 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 08:24 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 08:24 - 2016-01-16 00:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-28 08:24 - 2016-01-16 00:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-28 08:24 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 08:24 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 08:24 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 08:24 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 08:24 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 08:24 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 08:24 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 08:24 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 08:24 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 08:24 - 2016-01-16 00:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-28 08:24 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 08:24 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 08:24 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 08:24 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 08:24 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 08:24 - 2016-01-16 00:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-28 08:24 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 08:24 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 08:24 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 08:24 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 08:24 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 08:24 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 08:24 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-28 08:24 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 08:24 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 08:24 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 08:24 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-28 08:24 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 08:24 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 08:24 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 08:24 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-28 08:24 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 08:24 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 08:24 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 08:24 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 08:24 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 08:24 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 08:24 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 08:24 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 08:24 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 08:24 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 08:24 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 08:24 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-28 08:24 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 08:24 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 08:24 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 08:24 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 08:24 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 08:24 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 08:24 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 08:24 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 08:23 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 08:23 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 08:23 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 08:23 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 08:23 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 08:23 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 08:23 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 08:23 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 08:23 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 08:23 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 08:23 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 08:23 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 08:23 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 08:23 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 08:23 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 08:23 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 08:23 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 08:23 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 08:23 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 08:23 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 08:23 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 08:23 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 08:23 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 08:23 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 08:23 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 08:23 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 08:23 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 08:23 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 08:23 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 08:23 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 08:23 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 08:23 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 08:23 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 08:23 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 08:23 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 08:23 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 08:23 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 08:23 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 08:23 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 08:23 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 08:23 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 08:23 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 08:23 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 08:23 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 08:23 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 08:23 - 2016-01-16 00:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-28 08:23 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 08:23 - 2016-01-16 00:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-24 21:50 - 2016-01-24 21:50 - 00070144 _____ C:\Users\Ron Lopez\Desktop\Interview-home scouting expense.xls
2016-01-24 20:17 - 2016-01-29 01:59 - 00000000 ____D C:\Users\Ron Lopez\Desktop\Virus removal tools & logs
2016-01-22 16:05 - 2016-01-22 16:05 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\AVG
2016-01-22 16:03 - 2016-02-08 21:40 - 00000000 ____D C:\ProgramData\Avg
2016-01-22 16:02 - 2016-02-08 21:39 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\AvgSetupLog
2016-01-22 16:01 - 2016-01-22 16:02 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ron Lopez\Downloads\AVG_Protection_Free_698.exe
2016-01-22 11:39 - 2016-02-11 17:09 - 00000000 ____D C:\AdwCleaner
2016-01-21 12:31 - 2016-02-11 17:35 - 00000000 ____D C:\FRST
2016-01-20 17:05 - 2016-01-20 17:30 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-01-20 17:05 - 2016-01-20 17:05 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Citrix
2016-01-20 15:48 - 2016-01-20 15:48 - 00000036 _____ C:\Users\Ron Lopez\AppData\Local\housecall.guid.cache
2016-01-20 15:48 - 2016-01-20 15:48 - 00000000 ___HD C:\OneDriveTemp
2016-01-20 15:48 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-01-20 15:41 - 2016-01-21 10:57 - 00000000 ____D C:\Program Files\COMODO
2016-01-20 15:41 - 2016-01-20 15:42 - 00000000 ____D C:\ProgramData\COMODO
2016-01-20 15:36 - 2016-01-20 15:36 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-01-20 15:33 - 2016-01-20 15:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\WinRAR
2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-20 15:31 - 2016-01-20 15:32 - 00000000 ____D C:\Program Files\WinRAR
2016-01-20 05:35 - 2016-01-27 22:35 - 00000000 ___RD C:\Users\Ron Lopez\Downloads\DeviceDoctor.RAROpener_mkdtfchztkfbm!App
2016-01-16 20:21 - 2016-01-16 20:21 - 00115424 ____T C:\Users\Ron Lopez\Desktop\House rental search expenses visa.pdf
2016-01-13 23:13 - 2016-01-13 23:15 - 00034304 _____ C:\Users\Ron Lopez\Desktop\CEM-S Expense report Template.xls
2016-01-13 21:16 - 2016-01-13 21:16 - 08416278 _____ C:\Users\Ron Lopez\Desktop\R. Lopez lease 1.13.160001.pdf
2016-01-13 09:57 - 2016-01-13 09:58 - 00000000 ____D C:\Users\Ron Lopez\Documents\Safety At Work Videos
2016-01-12 14:59 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 14:59 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 14:59 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 14:59 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 14:59 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 14:59 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 14:59 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 14:59 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 14:59 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 14:59 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 14:59 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 14:59 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 14:59 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 14:59 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 14:59 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 14:59 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 14:59 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 14:59 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 14:59 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 14:59 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 14:59 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 14:59 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 14:59 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 14:59 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 14:59 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 14:59 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 14:59 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 14:59 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 14:59 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 14:59 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 14:59 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 14:59 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 14:59 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 14:59 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 14:59 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 14:59 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 14:59 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 14:59 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 14:59 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 14:59 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 14:59 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 09:17 - 2016-01-12 09:18 - 00000000 ____D C:\Users\Ron Lopez\Documents\CEM Solutions Trainning info
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-11 17:32 - 2015-02-03 21:07 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA.job
2016-02-11 17:15 - 2012-09-08 21:38 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-11 17:14 - 2015-12-10 02:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-11 17:13 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-11 17:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-11 17:05 - 2015-12-10 01:52 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-11 17:05 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-11 16:56 - 2012-09-08 21:38 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-11 16:42 - 2015-11-29 21:05 - 00000450 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2016-02-11 16:37 - 2012-09-27 19:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-11 16:26 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-11 12:58 - 2013-03-31 23:38 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-11 12:50 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-11 12:42 - 2015-07-31 22:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-11 12:10 - 2015-11-29 21:07 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC034D0D-4F01-48CB-BB42-1B359780544B}
2016-02-10 23:43 - 2012-09-12 12:19 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\vlc
2016-02-10 23:42 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Video
2016-02-09 16:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-08 20:07 - 2012-12-02 23:15 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\ElevatedDiagnostics
2016-02-08 11:13 - 2015-12-10 01:53 - 00000000 ____D C:\Users\Ron Lopez
2016-02-06 00:32 - 2015-02-03 21:07 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job
2016-02-01 01:17 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-29 22:20 - 2015-12-10 01:45 - 00347432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-29 01:33 - 2015-06-24 21:27 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Avg
2016-01-29 01:33 - 2015-06-19 22:59 - 00000000 ____D C:\ProgramData\MFAData
2016-01-29 01:30 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-29 00:27 - 2015-02-03 21:07 - 00004074 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA
2016-01-29 00:27 - 2015-02-03 21:07 - 00003698 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core
2016-01-28 23:51 - 2012-09-08 21:38 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-28 23:51 - 2012-09-08 21:38 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-28 23:46 - 2015-05-31 17:19 - 00000000 ____D C:\Users\Ron Lopez\AppData\LocalLow\Temp
2016-01-28 22:15 - 2015-12-23 22:20 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-28 22:15 - 2015-12-10 02:44 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-28 22:15 - 2015-04-25 21:41 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\IDM
2016-01-28 22:15 - 2012-10-22 21:01 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\CrashDumps
2016-01-28 11:51 - 2015-07-31 22:54 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Packages
2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-28 09:26 - 2014-05-30 23:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-28 09:22 - 2014-05-30 23:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-28 08:57 - 2012-05-08 14:10 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-01-28 08:57 - 2011-04-08 06:05 - 00000000 ____D C:\Program Files\Toshiba
2016-01-27 22:16 - 2012-10-26 22:55 - 00000000 ____D C:\ProgramData\TEMP
2016-01-24 23:32 - 2015-07-31 22:58 - 00000000 ___RD C:\Users\Ron Lopez\OneDrive
2016-01-24 14:38 - 2015-11-29 18:30 - 00000000 ____D C:\Users\Ron Lopez\Downloads\HP Downloads
2016-01-24 14:24 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-22 11:25 - 2015-05-02 16:21 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-01-22 11:25 - 2013-03-31 23:52 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-22 11:13 - 2012-10-27 15:09 - 00000000 ____D C:\Program Files (x86)\A1Click Ultra PC Cleaner
2016-01-20 16:36 - 2015-11-29 21:05 - 00002264 _____ C:\Users\Ron Lopez\Desktop\HP Photo Creations.lnk
2016-01-20 15:38 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\DMCache
2016-01-14 21:22 - 2012-09-08 22:12 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Skype
2016-01-13 10:47 - 2015-11-07 21:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 10:47 - 2014-12-23 20:07 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 10:43 - 2011-04-25 14:54 - 00000000 ____D C:\Users\Ron Lopez\Documents\2011 Mortgage Renewal Forms
2016-01-13 10:41 - 2012-11-19 01:11 - 00000000 ___RD C:\Users\Ron Lopez\Documents\Documents (3)
2016-01-13 10:41 - 2012-11-19 01:08 - 00000000 ___RD C:\Users\Ron Lopez\Documents\My Documents1
2016-01-13 10:19 - 2015-05-24 16:53 - 00000000 ____D C:\Users\Ron Lopez\Documents\Cell Phone info
2016-01-13 09:47 - 2013-11-02 18:29 - 00000000 ____D C:\Users\Ron Lopez\Documents\2013 Callsellect
2016-01-12 16:47 - 2013-08-17 07:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 16:42 - 2012-09-27 20:30 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2012-09-27 19:10 - 2015-12-15 13:23 - 0017287 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-03 15:25
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Administrator (2016-02-11 17:36:53)
Running from C:\Users\Administrator\Desktop
Windows 10 Home (X64) (2015-12-10 07:22:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-714211835-398583104-3702693888-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-714211835-398583104-3702693888-503 - Limited - Disabled)
Guest (S-1-5-21-714211835-398583104-3702693888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-714211835-398583104-3702693888-1004 - Limited - Enabled)
Ron Lopez (S-1-5-21-714211835-398583104-3702693888-1000 - Administrator - Enabled) => C:\Users\Ron Lopez
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C309a (x32 Version: 140.0.846.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell AIO Printer 948 (HKLM\...\Dell AIO Printer 948) (Version: - Dell, Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{F089B734-1356-484F-A7B8-1B78F1616A15}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.855.000 - Hewlett-Packard) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
Your Uninstaller! 2008 Version 6.0 (HKLM-x32\...\Your Uninstaller! 2008_is1) (Version: 6.0 - URSoft, Inc.)
Zap Care Pro (HKLM-x32\...\{F96D3483-1580-480A-A04B-C659D7F180EF}) (Version: 2.9.5 - Arieana LLC)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-500_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {082D8856-33F2-4943-AC63-0576E60DD020} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {15111C71-DA52-421C-9A12-6ED72922E224} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {18BE8D1D-5327-4F91-B16B-271D354CA5D5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {1C91856B-30AB-4F1D-B55D-B31CD295D4A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {289164AB-EB0B-41F5-B06D-3684ACC50F20} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-10] (Adobe Systems Incorporated)
Task: {38295757-5846-423E-BB17-4B2232DAFBB0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3F3876F3-66AC-45AD-9312-F622FFADC767} - System32\Tasks\{35B5F52C-26ED-4E2C-8E60-F7C411993AC9} => pcalua.exe -a "C:\Users\Ron Lopez\Downloads\Programs\windirstat1_1_2_setup.exe" -d "C:\Users\Ron Lopez\Downloads\Programs"
Task: {60509D4F-B370-4131-AB56-09CE3B3C5509} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {69FF4FAA-29B6-4BF5-99CF-5A55A0671F07} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {6CDC4299-555F-4F68-8E0B-FD255842455C} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe [2015-11-29] ()
Task: {9112876E-824C-47AC-930F-CBE603E967C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {A041F8B5-1969-4F30-A4F3-74BC2A6529C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A1BCBA8C-711A-42DD-899E-F33BCE63D3FC} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {B1EBF3A1-A27B-466C-8B89-5CF636D3119F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CC9CEDFA-E891-45B5-943F-67899450D800} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E33B7302-9B6B-480D-ABD4-892445DA1069} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-05-09 19:04 - 2009-04-17 11:17 - 00045568 _____ () C:\WINDOWS\System32\DLDFPMON.DLL
2014-05-09 19:04 - 2007-05-04 03:23 - 00049152 _____ () C:\WINDOWS\System32\DLDFOEM.DLL
2014-05-09 19:04 - 2009-04-17 11:15 - 00081408 _____ () C:\Program Files (x86)\Dell AIO Printer 948\ipcmt64.dll
2014-05-09 19:05 - 2007-05-03 00:43 - 00138240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\dldfdrpp.dll
2015-12-10 02:35 - 2015-12-10 02:35 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-10 02:35 - 2015-12-10 02:35 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2015-12-18 19:17 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 19:17 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 14:59 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 15:00 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 08:24 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 08:24 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-05-02 16:56 - 2015-05-03 14:23 - 00001468 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 skip
127.0.0.1 onhax.net
127.0.0.1 www.onhax.net
127.0.0.1 forum.onhax.net
127.0.0.1 https://forum.onhax.net
127.0.0.1 labs.onhax.net
127.0.0.1 do2dear.net
127.0.0.1 p30world.com
127.0.0.1 brarstuff.com
127.0.0.1 rsload.net
127.0.0.1 unicrack.com
127.0.0.1 keyscity.net
127.0.0.1 idm-crack-patch.blogspot.in
127.0.0.1 parth8641.blogspot.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-714211835-398583104-3702693888-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 65.32.1.70 - 65.32.1.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dldfCATSCustConnectService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{A2B08CE2-4B5E-4732-8110-39120F9EB519}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{267ECF6F-D4A5-4DA8-9BDF-ECFF29DC473E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{168E9FA8-3A69-4FBA-8021-F21C03279449}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D0D2F209-C094-45FA-8208-7BB9E1D97A33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{5CF38611-E7DE-4FCA-9EB0-D9B387DD324F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{4044ED16-0936-4E16-92E6-980E628964B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{664F206A-0242-4B92-BE4C-E09F5E6B19C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{3B0F062D-F234-4BAD-82FE-B7DEFDA923FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{016FF8A2-0AFE-4993-B947-FDB275E05379}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{B4D5A6F7-2DB9-4958-B5CB-EC68A7BD1747}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{9D4EEF51-589E-4E25-BF75-C2590A8B524B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{8FEBEE5D-2FC0-4EA9-90A6-D3FB8EB1275D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C6C3B690-6F32-4B60-A1C9-0F17E49E7A7B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{B2529BEF-E237-4DE7-BDAA-E5CAF121BC4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{6EE0D823-067A-4B63-A3F3-458D60D63105}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{96E12954-8804-4C72-B91D-041929778827}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{38EBBD24-8A79-43C4-BE48-288F8BBE247E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A574BCF0-6CBD-4B96-AA83-4751A31F0ADA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31FA03FA-7878-44C1-9D9B-24CF61173063}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5504428-2C4A-46F6-9B95-5293C24967BB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2BDD3AEA-B1EB-4B26-BD27-418D80BD187D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E72577AB-FDAE-4238-84CF-619D9A443A17}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DB7B64F-ECAC-4B63-A286-9D0A6548A232}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01404980-DAEE-40E0-A6CB-706391A9FE46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03FED3EC-8073-4A1B-AC8F-DFF95D7C978D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AB878EC4-C257-4A3F-BFBE-D1DCF8F916D2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
FirewallRules: [{F8182B73-3FA9-4231-8927-5E53B96D28F2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
FirewallRules: [{0D757440-7EE9-42C0-95EC-45BC1FCE68B2}] => (Allow) C:\Windows\System32\dldfcoms.exe
FirewallRules: [{019FAEE0-E661-4B5D-A63A-536E355AC42D}] => (Allow) C:\Windows\System32\dldfcoms.exe
FirewallRules: [{3A638C66-6224-49D5-87AB-991B938A7FC6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
FirewallRules: [{894C119B-D914-4D9C-A524-A5FEBBFBBB37}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
FirewallRules: [{CF700503-C32C-4D57-97C6-46ED5C1538E8}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
FirewallRules: [{740CA2CA-A367-4BCD-88CD-26138453F415}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
FirewallRules: [{F2D8E542-015B-45F5-B791-61431AFF8D56}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
FirewallRules: [{2C836EC4-B94A-4D12-BA3A-3A4D51D1CE51}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
FirewallRules: [{F97C6AAD-921D-4A0C-9F39-03ACA3C0DFCB}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
FirewallRules: [{57C6C3F3-4489-485B-8F85-B86E3F9444F6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
FirewallRules: [{D54FD245-205A-4B12-BEB3-B0127BEEF7E6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
FirewallRules: [{93CA90CC-C4DD-4318-A5B9-4BF5EB38E42B}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
FirewallRules: [TCP Query User{6582934D-40C8-48AA-B4DB-34711760F6D2}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
FirewallRules: [UDP Query User{C93CB074-4AA8-45C0-9789-0839172FAFB3}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
FirewallRules: [{8A3C10C9-C97A-4E49-9070-983D9567FF45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{648B9738-3263-47E0-B329-004EB8BD7AAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4804FBC5-4E22-4E74-9B0F-0156C94092F6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2AB3EBBA-ADFA-4C72-B1E7-6918402F59A4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BAD4C6F6-D6F8-46A5-AD5D-E34622DE613E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
22-01-2016 12:00:36 JRT Pre-Junkware Removal
28-01-2016 08:49:02 Windows Update
07-02-2016 12:53:56 Scheduled Checkpoint
11-02-2016 17:24:33 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: HP LaserJet 600 M601
Description: HP LaserJet 600 M601
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P2035n
Description: HP LaserJet P2035n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/11/2016 05:25:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/11/2016 05:24:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (02/11/2016 05:16:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/11/2016 05:15:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/11/2016 05:15:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/11/2016 05:14:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/11/2016 05:06:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/11/2016 05:02:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/11/2016 05:02:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/11/2016 05:02:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (02/11/2016 05:14:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058
Error: (02/11/2016 05:14:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
%%1275
Error: (02/11/2016 05:13:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3cd4c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/11/2016 05:13:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (02/11/2016 05:12:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (02/11/2016 05:12:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SynTPEnh Caller Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/11/2016 05:12:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Message Queuing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (02/11/2016 05:12:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/11/2016 05:12:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (02/11/2016 05:01:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058
CodeIntegrity:
===================================
Date: 2016-02-11 17:22:35.500
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 17:22:35.487
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 17:22:35.466
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 17:22:34.826
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 17:22:34.648
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 17:13:34.303
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 17:13:34.291
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 17:13:34.276
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 17:13:34.250
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 17:13:34.142
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 27%
Total physical RAM: 6091.86 MB
Available physical RAM: 4407.96 MB
Total Virtual: 12235.86 MB
Available Virtual: 10678.18 MB
==================== Drives ================================
Drive c: (S3A4489D001) (Fixed) (Total:682.23 GB) (Free:530.42 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 57F24026)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=789 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13.4 GB) - (Type=17)
==================== End of Addition.txt ============================
#44
Posted 11 February 2016 - 05:24 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
Your log looks clean now. Don't see anything. Does it still show up?
#45
Posted 11 February 2016 - 05:46 PM
lopez66
- Topic Starter
-
- Member
-
- 48 posts
Member
I force shot down because whatever was blocking the screen would not let me do anything, so nothing showed up after i restarted,
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
