Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Got a virus infection that crowded my computer screen


  • Please log in to reply

#31
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Here is what the Speccy program found RKinner.

 

Attached File  RONLOPEZ-PC.txt   92.64KB   211 downloads


  • 0

Advertisements


#32
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

The Second program gave me the following Log, though it didn't give it the name you mentioned on your post, I am running Wind 10, may that is why the name is different or I didn't run the program as you requested (didn't take the check marks already there). any way the following is what I got.

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    89.90    0 K    4 K    0            
procexp64.exe    4.02    25,332 K    59,928 K    5300    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
dwm.exe    1.78    29,696 K    42,272 K    1368    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
SynTPEnh.exe    1.26    5,904 K    19,040 K    3036    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
Interrupts    1.04    0 K    0 K    n/a    Hardware Interrupts and DPCs        
csrss.exe    0.48    2,104 K    6,972 K    464    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    0.48    356,048 K    363,416 K    5208    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
System    0.39    816 K    30,316 K    4            
svchost.exe    0.28    16,428 K    27,220 K    1668    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
ipoint.exe    0.15    4,696 K    3,120 K    4592    IPoint.exe    Microsoft Corporation    (Verified) Microsoft Corporation
explorer.exe    0.06    42,820 K    111,092 K    3632    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.04    65,068 K    79,748 K    1456    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.03    6,480 K    19,240 K    1200    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.02    7,032 K    17,324 K    1880    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.02    2,472 K    9,328 K    3436    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    4,456 K    10,908 K    1252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
avgwdsvcx.exe    0.01    14,480 K    32,144 K    2316    AVG Watchdog Service    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
svchost.exe    0.01    6,848 K    17,448 K    1400    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
dllhost.exe    0.01    1,712 K    9,608 K    6476    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
NetworkUXBroker.exe    0.01    4,380 K    16,864 K    6560    Network UX Broker    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    15,716 K    26,944 K    1648    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
avgidsagent.exe    < 0.01    13,720 K    28,476 K    2364    AVG Identity Protection Service    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
svchost.exe    < 0.01    19,452 K    46,132 K    1384    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WmiPrvSE.exe    < 0.01    10,740 K    17,288 K    4828    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
avgui.exe    < 0.01    7,388 K    12,164 K    6668    AVG User Interface    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
avgsvca.exe    < 0.01    6,428 K    20,288 K    2348    AVG Service Process    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
avgrsa.exe    < 0.01    16,560 K    27,628 K    488    AVG Resident Shield Service    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
WmiPrvSE.exe        8,376 K    20,576 K    4020    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2,124 K    7,568 K    2956    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        1,644 K    9,100 K    1040    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        924 K    4,712 K    476    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
TPwrMain.exe        2,548 K    8,932 K    4028    TOSHIBA Power Saver    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
TosReelTimeMonitor.exe        22,856 K    26,504 K    6220    Monitor of TOSHIBA ReelTime    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
TosNcCore.exe        2,132 K    9,056 K    6176    Message Center    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
TCrdMain.exe        5,744 K    19,108 K    3236    TOSHIBA Flash Cards Main Module    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
taskhostw.exe        9,368 K    18,820 K    2304    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
SystemSettingsBroker.exe        3,652 K    17,452 K    6376    System Settings Broker    Microsoft Corporation    (Verified) Microsoft Windows
SynTPHelper.exe        956 K    3,872 K    5044    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
SynTPEnhService.exe        912 K    4,136 K    2548    64-bit Synaptics Pointing Enhance Service    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        5,688 K    19,296 K    2616    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,956 K    9,172 K    7804    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,016 K    10,484 K    2556    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,892 K    20,016 K    2324    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,772 K    9,964 K    2356    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,244 K    25,556 K    7212    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,176 K    10,288 K    1492    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,656 K    9,912 K    2416    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,060 K    8,404 K    2596    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
spoolsv.exe        8,504 K    18,684 K    1732    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
SMSvcHost.exe        23,076 K    24,036 K    3348    SMSvcHost.exe    Microsoft Corporation    (Verified) Microsoft Corporation
SMSvcHost.exe        20,860 K    15,844 K    4692    SMSvcHost.exe    Microsoft Corporation    (Verified) Microsoft Corporation
smss.exe        356 K    1,176 K    400    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
sihost.exe        4,096 K    19,056 K    3908    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
ShellExperienceHost.exe    Suspended    38,032 K    72,108 K    5552    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        3,056 K    7,404 K    1076    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchUI.exe    Suspended    45,976 K    92,260 K    5780    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        22,848 K    25,676 K    1120    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        7,092 K    24,588 K    3308    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
procexp.exe        2,832 K    9,384 K    1800    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
mqsvc.exe        4,220 K    12,324 K    2588    Message Queuing Service    Microsoft Corporation    (Verified) Microsoft Windows
memcard.exe        2,588 K    9,100 K    6260    Memory Card Manager Executable        (Verified) Lexmark International
lsass.exe        5,184 K    13,904 K    1108    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
itype.exe        4,880 K    3,072 K    1804    IType.exe    Microsoft Corporation    (Verified) Microsoft Corporation
igfxtray.exe        1,716 K    8,200 K    5204    igfxTray Module    Intel Corporation    (Verified) Intel Corporation - pGFX
igfxpers.exe        1,988 K    8,936 K    4364    persistence Module    Intel Corporation    (Verified) Intel Corporation - pGFX
igfxext.exe        1,412 K    6,708 K    6036    igfxext Module    Intel Corporation    (Verified) Intel Corporation - pGFX
hpwuschd2.exe        1,236 K    5,344 K    6568    hpwuSchd Application    Hewlett-Packard    (Verified) Hewlett-Packard Company
hkcmd.exe        1,740 K    8,188 K    5416    hkcmd Module    Intel Corporation    (Verified) Intel Corporation - pGFX
fontdrvhost.exe        844 K    2,740 K    6852    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
dldfmon.exe        2,600 K    7,808 K    6236    Printer Device Monitor        (Verified) Lexmark International
dasHost.exe        932 K    5,152 K    2528    Device Association Framework Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        1,424 K    676 K    6908    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe        1,452 K    4,028 K    368    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
BingSvc.exe        1,264 K    5,328 K    6404    Microsoft Bing Service    © 2015 Microsoft Corporation    (Verified) Microsoft Corporation
avguix.exe        11,004 K    6,696 K    6608    AVG User Interface    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
avgnsa.exe        7,300 K    17,104 K    4064    AVG Online Shield Service    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
avgemca.exe        2,412 K    9,996 K    4084    AVG E-mail Scanner    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
avgcsrva.exe        26,344 K    179,764 K    592    AVG Scanning Core Module - Server Part    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
armsvc.exe        1,148 K    5,692 K    2308    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
ApplicationFrameHost.exe        4,256 K    19,388 K    7404    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
 


  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

OK. Speccy says it's not overheating and process explorer says it's not being overworked.  Seems to be intel's Speedstep technology.  Apparently it slows the processor down when it gets bored.  Supposedly this saves power.

 

https://communities....tart=0&tstart=0

 

I think you can turn it off in the BIOS if you mostly operate with it plugged in to the wall outlet or just ignore it.

 

Speccy also says your hard drive is in good shape.  and there is nothing connecting to the Internet that shouldn't be.

 

We have three alarms that say the clock is not able to check the time.

 

See if you can change it to use time.nist.gov  it seems more reliable than the default ( 

 

http://www.tenforums...ndows-10-a.html

 

This alarm:

Log: 'System' Date/Time: 28/01/2016 1:12:48 PM
Type: Error Category: 0
Event: 4319 Source: NetBT
A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

 

 

 

 

Do you have a second PC with the same name on your network?  You can also get this if your WiFi is on at the same time that you are plugged in the the Ethernet.

 

 

Log: 'Application' Date/Time: 28/01/2016 1:38:00 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

I think this applies here even tho it says for Win 8

 

https://support.micr...n-us/kb/3064045

 

Note the typo.  It should say 

 

Select and copy all of the files and folders in this folder, except for the following files:

  • NtUser.dat
  • NtUser.ini
  • NtUser.log (or if it does not exist, instead exclude the two log files called ntuser.dat.log1 and ntuser.dat.log2)

 

Finally

 

Log: 'System' Date/Time: 27/01/2016 9:18:13 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

 

 

I would download a new copy of AVG, uninstall AVG then reboot and install the new copy (right click and Run As Admin)

 

That should clear most of the alarms which are causing it to be slow booting.


  • 0

#34
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

yes, I have another lap top connected to the net and sadly my employer named the same as my personal lap top. my work comp is running Wind 7, though.


  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

You can just turn off netBT.  These instructions are for Win 8 but it should be the same in 10.

 

http://surrealparadigm.com/?p=283

 

That will stop the errors and save a few CPU cycles.


  • 0

#36
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

I was able to change the time as per the instructions, but I cannot change the account and I was not able to find the C:/users/old_filenames in the system nor see any activity after I clicked to see the hiden files and folders


  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

See Method 2 for making a new account:

 

http://www.pcadvisor...dows-7-3495216/


  • 0

#38
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

I am sorry RKinner I Been working away from home and unable to get internet access. The computer is been acting weird, whenever I want to open a picture, a document it telling me that I don't have permission to open the app. I was just checking to see if the warning would come out again, but it didn't do it now. Also, when I connet my phone to the computer it would not open right away and some times when it opens the display with the information will flicker as if it wants to close it and open it again.

Right now, to get back to the display with the internet it took about three tries.

 

I will try the second method above to see if I can access. by the way, I installed Malware-bites Anti malware and run the free home edition. I will also uninstall the AVG as you requested. Thanks for your help and patience.


Edited by lopez66, 03 February 2016 - 02:14 PM.

  • 0

#39
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Hello RKinner,

 

I hope you have not give up on me. I been trying to follow the last request you posted, about doing a second account, and I was able to log in with an administrator account, but I could not find how to change it to a different  profile, then I thought about opening a browser to read if there was any other information I had missed, but I could not open Microsoft Edge, and the other choice was Chrome. I opened Chrome and I thinks there may still be a virus in my computer. A warning came out on the browser and another one across the screen, that would popped back up when ever I closed it.

 

as per attached picture.

 

What should I do now, please I need your help cleaning my laptop. 

Attached Thumbnails

  • 20160211_1616481.jpg
  • 20160211_1617051.jpg
  • 20160211_1617241.jpg

  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

OK.  Looks like you still have something.  Using your new admin login:

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    Advertisements


    #41
    lopez66

    lopez66

      Member

    • Topic Starter
    • Member
    • PipPip
    • 48 posts

    RKinner, here is the log generated by the AdwCleaner, though it did not showed any files to check our uncheck, I still clicked the clean button.

     

    # AdwCleaner v5.030 - Logfile created 22/01/2016 at 11:45:31
    # Updated 17/01/2016 by Xplode
    # Database : 2016-01-19.2 [Server]
    # Operating system : Windows 10 Home  (x64)
    # Username : Ron Lopez - RONLOPEZ-PC
    # Running from : C:\Users\Ron Lopez\Desktop\AdwCleaner.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\SearchProtect
    [-] Folder Deleted : C:\Program Files (x86)\app_setup
    [-] Folder Deleted : C:\Program Files (x86)\DNS Unlocker
    [-] Folder Deleted : C:\Program Files (x86)\ExploreTech
    [-] Folder Deleted : C:\Program Files (x86)\PRiceLess
    [-] Folder Deleted : C:\ProgramData\Partner
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
    [-] Folder Deleted : C:\Users\Ron Lopez\AppData\Local\NativeMessaging
    [-] Folder Deleted : C:\Users\Ron Lopez\AppData\Local\WhiteListing
    [-] Folder Deleted : C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
    [-] Folder Deleted : C:\Users\Ron Lopez\AppData\LocalLow\Conduit
    [-] Folder Deleted : C:\Users\Ron Lopez\AppData\LocalLow\Delta
    [-] Folder Deleted : C:\Users\Ron Lopez\AppData\LocalLow\HPAppData

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk
    [-] File Deleted : C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\searchplugins\smod.xml
    [-] File Deleted : C:\Users\Ron Lopez\Desktop\Continue installation .lnk
    [-] File Deleted : C:\WINDOWS\Reimage.ini

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreTech.exe]
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe]
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
    [-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
    [-] Key Deleted : HKCU\Software\5948cd0e63fee12
    [-] Key Deleted : HKLM\SOFTWARE\5948cd0e63fee12
    [-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
    [-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
    [-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    [-] Key Deleted : HKCU\Software\Conduit
    [-] Key Deleted : HKCU\Software\DriverRestore
    [-] Key Deleted : HKCU\Software\DriverTuner
    [-] Key Deleted : HKCU\Software\DriverTuner_Init
    [-] Key Deleted : HKCU\Software\eSupport.com
    [-] Key Deleted : HKCU\Software\Microsoft\Babylon
    [-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
    [-] Key Deleted : HKCU\Software\Reimage
    [-] Key Deleted : HKCU\Software\Tutorials
    [-] Key Deleted : HKCU\Software\TutoTag
    [-] Key Deleted : HKCU\Software\WEBAPP
    [-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    [-] Key Deleted : HKLM\SOFTWARE\CompeteInc
    [-] Key Deleted : HKLM\SOFTWARE\Tutorials
    [-] Key Deleted : HKLM\SOFTWARE\WindoWeather
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
    [-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff} [NameServer]

    ***** [ Web browsers ] *****

    [-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : norton-internet-security.softonic.com
    [-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
    [-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmkckgpgekmanipelfidlhmkfcjicion
    [-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
    [-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
    [-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa
    [-] [C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,&vp=ch&prd=set_ch

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7925 bytes] ##########
    # AdwCleaner v5.033 - Logfile created 11/02/2016 at 17:12:59
    # Updated 07/02/2016 by Xplode
    # Database : 2016-02-07.2 [Server]
    # Operating system : Windows 10 Home  (x64)
    # Username : Administrator - RONLOPEZ-PC
    # Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\ProgramData\{b572d29d-a010-7d5a-b572-2d29da014a76}

    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}

    ***** [ Web browsers ] *****

    [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8995 bytes] ##########
     


    • 0

    #42
    lopez66

    lopez66

      Member

    • Topic Starter
    • Member
    • PipPip
    • 48 posts

    this id the log I got after running the JRT tool, RKinner. I'll run the last FRST tool next, thanks.

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 10 Home x64
    Ran by Administrator (Administrator) on Thu 02/11/2016 at 17:24:28.65
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 0




    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 02/11/2016 at 17:29:06.87
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    #43
    lopez66

    lopez66

      Member

    • Topic Starter
    • Member
    • PipPip
    • 48 posts

    RKinner, the FRST tool gaive me the two logs the first one that opened was the FRST and the other one is the addition, as you mentioned, both are under, thanks.

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
    Ran by Administrator (administrator) on RONLOPEZ-PC (11-02-2016 17:35:37)
    Running from C:\Users\Administrator\Desktop
    Loaded Profiles: Administrator (Available Profiles: Ron Lopez & Administrator & DefaultAppPool)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
    HKLM\...\Run: [dldfmon.exe] => C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe [455336 2009-04-27] ()
    HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe [410280 2009-04-27] ()
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
    HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
    HKLM-x32\...\Run: [Dell AIO Printer 948] => C:\Program Files (x86)\Dell AIO Printer 948\fm3032.exe [311976 2009-04-27] ()
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-29]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 65.32.1.70 65.32.1.65
    Tcpip\..\Interfaces\{5b419b50-bd46-404a-9921-a6a648aa8844}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{77af3215-f3c5-41a2-ac84-b2c49f325010}: [DhcpNameServer] 65.32.1.70 65.32.1.65
    Tcpip\..\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff}: [DhcpNameServer] 65.32.1.70 65.32.1.65

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sb6gmjy6.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-10] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
    FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Ron Lopez\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-11]
    CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-11]
    CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-11]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-11]
    CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-11]
    CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-11]
    CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-11]
    CHR Extension: (Skype) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-11]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-11]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
    S4 dldfCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dldfserv.exe [33416 2007-06-26] ()
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-12-10] (Windows ® Win 7 DDK provider)
    S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-29] ()
    R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-31] (Toshiba Corporation)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-11 17:35 - 2016-02-11 17:36 - 00014148 _____ C:\Users\Administrator\Desktop\FRST.txt
    2016-02-11 17:34 - 2016-02-11 17:34 - 02370560 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
    2016-02-11 17:29 - 2016-02-11 17:29 - 00000563 _____ C:\Users\Administrator\Desktop\JRT.txt
    2016-02-11 17:22 - 2016-02-11 17:24 - 01609032 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
    2016-02-11 17:16 - 2016-02-11 17:16 - 00001718 _____ C:\Users\Administrator\Desktop\Mozilla Firefox.lnk
    2016-02-11 17:08 - 2016-02-11 17:09 - 01508352 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
    2016-02-11 17:06 - 2016-02-11 17:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
    2016-02-11 17:06 - 2016-02-11 17:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
    2016-02-11 17:03 - 2016-02-11 17:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
    2016-02-11 17:03 - 2016-02-11 17:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
    2016-02-11 16:32 - 2016-02-11 16:33 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2016-02-11 14:06 - 2016-02-11 14:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\NetworkTiles
    2016-02-11 12:46 - 2016-02-11 12:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Toshiba
    2016-02-11 12:45 - 2016-02-11 12:45 - 00002436 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-02-11 12:45 - 2016-02-11 12:45 - 00000000 ___RD C:\Users\Administrator\OneDrive
    2016-02-11 12:44 - 2016-02-11 17:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\TOSHIBA
    2016-02-11 12:44 - 2016-02-11 12:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
    2016-02-11 12:44 - 2016-02-11 12:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\948 Series
    2016-02-11 12:43 - 2016-02-11 12:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\ActiveSync
    2016-02-11 12:42 - 2016-02-11 12:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
    2016-02-11 12:41 - 2016-02-11 16:12 - 00002339 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
    2016-02-11 12:41 - 2016-02-11 13:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
    2016-02-11 12:41 - 2016-02-11 12:45 - 00000000 ____D C:\Users\Administrator
    2016-02-11 12:41 - 2016-02-11 12:41 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 _SHDL C:\Users\Administrator\My Documents
    2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
    2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
    2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
    2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
    2016-02-11 12:41 - 2016-02-11 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
    2016-02-11 12:41 - 2015-12-10 02:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
    2016-02-11 12:41 - 2015-12-10 02:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HPActiveHealth
    2016-02-11 12:41 - 2015-12-10 02:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
    2016-02-08 21:08 - 2016-02-08 21:08 - 00000000 ____D C:\Users\Ron Lopez\Desktop\The Perswonal Insur
    2016-02-01 00:26 - 2016-02-01 01:04 - 00000000 ____D C:\Users\Ron Lopez\Desktop\S IV music
    2016-01-31 23:07 - 2016-02-08 21:22 - 00000000 ____D C:\Users\Ron Lopez\Desktop\CEM Sol Per diems
    2016-01-28 23:48 - 2016-01-28 23:48 - 00115584 ____T C:\Users\Ron Lopez\Desktop\Visa Cell Charges.pdf
    2016-01-28 23:46 - 2016-01-28 23:46 - 00116359 ____T C:\Users\Ron Lopez\Desktop\Cell phone charges.pdf
    2016-01-28 23:45 - 2016-01-28 23:45 - 00008764 _____ C:\Users\Ron Lopez\Downloads\trans1454524270705.qfx
    2016-01-28 22:18 - 2016-02-08 20:09 - 00000000 ____D C:\Users\Ron Lopez\Documents\CCleaner registry backup
    2016-01-28 12:19 - 2016-01-28 12:19 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
    2016-01-28 12:04 - 2016-01-28 12:04 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2016-01-28 12:04 - 2016-01-28 12:04 - 00000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-01-28 12:04 - 2016-01-28 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-01-28 12:04 - 2016-01-28 12:04 - 00000000 ____D C:\Program Files\CCleaner
    2016-01-28 09:22 - 2016-01-28 09:22 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-01-28 09:22 - 2016-01-28 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-28 09:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-01-28 09:22 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-01-28 09:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-01-28 09:21 - 2016-01-28 09:21 - 22908888 _____ (Malwarebytes ) C:\Users\Ron Lopez\Downloads\mbam-setup-2.2.0.1024.exe
    2016-01-28 08:24 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-28 08:24 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-28 08:24 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-01-28 08:24 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-28 08:24 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-28 08:24 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-28 08:24 - 2016-01-16 01:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-01-28 08:24 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-01-28 08:24 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-01-28 08:24 - 2016-01-16 01:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-01-28 08:24 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-28 08:24 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-01-28 08:24 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-28 08:24 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-01-28 08:24 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-01-28 08:24 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-01-28 08:24 - 2016-01-16 01:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-01-28 08:24 - 2016-01-16 01:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-01-28 08:24 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-01-28 08:24 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-01-28 08:24 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-01-28 08:24 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-28 08:24 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-28 08:24 - 2016-01-16 00:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-01-28 08:24 - 2016-01-16 00:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-01-28 08:24 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-28 08:24 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-01-28 08:24 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-28 08:24 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-01-28 08:24 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-28 08:24 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-28 08:24 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-01-28 08:24 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-01-28 08:24 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-01-28 08:24 - 2016-01-16 00:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-01-28 08:24 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-01-28 08:24 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-28 08:24 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-01-28 08:24 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-01-28 08:24 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-01-28 08:24 - 2016-01-16 00:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-01-28 08:24 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-28 08:24 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-28 08:24 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-28 08:24 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
    2016-01-28 08:24 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-01-28 08:24 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-01-28 08:24 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-01-28 08:24 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-28 08:24 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-28 08:24 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-01-28 08:24 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-01-28 08:24 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-01-28 08:24 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-01-28 08:24 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-01-28 08:24 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-01-28 08:24 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-01-28 08:24 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-01-28 08:24 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-01-28 08:24 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2016-01-28 08:24 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-01-28 08:24 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-28 08:24 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-01-28 08:24 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-28 08:24 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-28 08:24 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-01-28 08:24 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2016-01-28 08:24 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-01-28 08:24 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-01-28 08:24 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-28 08:24 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-01-28 08:24 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-01-28 08:24 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-28 08:24 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-01-28 08:24 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-01-28 08:24 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-01-28 08:23 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-01-28 08:23 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-28 08:23 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-28 08:23 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-28 08:23 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-28 08:23 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-01-28 08:23 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-01-28 08:23 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-01-28 08:23 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-01-28 08:23 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-01-28 08:23 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-01-28 08:23 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-28 08:23 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-01-28 08:23 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-01-28 08:23 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-01-28 08:23 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-01-28 08:23 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-01-28 08:23 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-01-28 08:23 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-01-28 08:23 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-01-28 08:23 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-01-28 08:23 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-01-28 08:23 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-28 08:23 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-01-28 08:23 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-28 08:23 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-01-28 08:23 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2016-01-28 08:23 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
    2016-01-28 08:23 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-01-28 08:23 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-28 08:23 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2016-01-28 08:23 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-01-28 08:23 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-01-28 08:23 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2016-01-28 08:23 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
    2016-01-28 08:23 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2016-01-28 08:23 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-01-28 08:23 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
    2016-01-28 08:23 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-28 08:23 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-28 08:23 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2016-01-28 08:23 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-01-28 08:23 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-01-28 08:23 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-01-28 08:23 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-01-28 08:23 - 2016-01-16 00:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-01-28 08:23 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-01-28 08:23 - 2016-01-16 00:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-01-24 21:50 - 2016-01-24 21:50 - 00070144 _____ C:\Users\Ron Lopez\Desktop\Interview-home scouting expense.xls
    2016-01-24 20:17 - 2016-01-29 01:59 - 00000000 ____D C:\Users\Ron Lopez\Desktop\Virus removal tools & logs
    2016-01-22 16:05 - 2016-01-22 16:05 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\AVG
    2016-01-22 16:03 - 2016-02-08 21:40 - 00000000 ____D C:\ProgramData\Avg
    2016-01-22 16:02 - 2016-02-08 21:39 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\AvgSetupLog
    2016-01-22 16:01 - 2016-01-22 16:02 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ron Lopez\Downloads\AVG_Protection_Free_698.exe
    2016-01-22 11:39 - 2016-02-11 17:09 - 00000000 ____D C:\AdwCleaner
    2016-01-21 12:31 - 2016-02-11 17:35 - 00000000 ____D C:\FRST
    2016-01-20 17:05 - 2016-01-20 17:30 - 00000000 ____D C:\Program Files (x86)\Citrix
    2016-01-20 17:05 - 2016-01-20 17:05 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Citrix
    2016-01-20 15:48 - 2016-01-20 15:48 - 00000036 _____ C:\Users\Ron Lopez\AppData\Local\housecall.guid.cache
    2016-01-20 15:48 - 2016-01-20 15:48 - 00000000 ___HD C:\OneDriveTemp
    2016-01-20 15:48 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
    2016-01-20 15:41 - 2016-01-21 10:57 - 00000000 ____D C:\Program Files\COMODO
    2016-01-20 15:41 - 2016-01-20 15:42 - 00000000 ____D C:\ProgramData\COMODO
    2016-01-20 15:36 - 2016-01-20 15:36 - 00187904 _____ C:\WINDOWS\rsrcs.dll
    2016-01-20 15:33 - 2016-01-20 15:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\WinRAR
    2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-01-20 15:31 - 2016-01-20 15:32 - 00000000 ____D C:\Program Files\WinRAR
    2016-01-20 05:35 - 2016-01-27 22:35 - 00000000 ___RD C:\Users\Ron Lopez\Downloads\DeviceDoctor.RAROpener_mkdtfchztkfbm!App
    2016-01-16 20:21 - 2016-01-16 20:21 - 00115424 ____T C:\Users\Ron Lopez\Desktop\House rental search expenses visa.pdf
    2016-01-13 23:13 - 2016-01-13 23:15 - 00034304 _____ C:\Users\Ron Lopez\Desktop\CEM-S Expense report Template.xls
    2016-01-13 21:16 - 2016-01-13 21:16 - 08416278 _____ C:\Users\Ron Lopez\Desktop\R. Lopez lease 1.13.160001.pdf
    2016-01-13 09:57 - 2016-01-13 09:58 - 00000000 ____D C:\Users\Ron Lopez\Documents\Safety At Work Videos
    2016-01-12 14:59 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-01-12 14:59 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-01-12 14:59 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-01-12 14:59 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-01-12 14:59 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-01-12 14:59 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2016-01-12 14:59 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2016-01-12 14:59 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-01-12 14:59 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-01-12 14:59 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-01-12 14:59 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-01-12 14:59 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
    2016-01-12 14:59 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-01-12 14:59 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-01-12 14:59 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2016-01-12 14:59 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2016-01-12 14:59 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
    2016-01-12 14:59 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2016-01-12 14:59 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2016-01-12 14:59 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-01-12 14:59 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-01-12 14:59 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
    2016-01-12 14:59 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-01-12 14:59 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-01-12 14:59 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-01-12 14:59 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-01-12 14:59 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2016-01-12 14:59 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
    2016-01-12 14:59 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
    2016-01-12 14:59 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
    2016-01-12 14:59 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2016-01-12 14:59 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-01-12 14:59 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
    2016-01-12 14:59 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-01-12 14:59 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
    2016-01-12 14:59 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2016-01-12 14:59 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
    2016-01-12 14:59 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-01-12 14:59 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2016-01-12 14:59 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-01-12 14:59 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-01-12 14:59 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2016-01-12 14:59 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
    2016-01-12 14:59 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-01-12 14:59 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-01-12 14:59 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
    2016-01-12 14:59 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-01-12 14:59 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-01-12 14:59 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-01-12 14:59 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-01-12 14:59 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2016-01-12 14:59 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
    2016-01-12 14:59 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2016-01-12 14:59 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-01-12 14:59 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-01-12 14:59 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
    2016-01-12 14:59 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2016-01-12 14:59 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
    2016-01-12 14:59 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
    2016-01-12 14:59 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
    2016-01-12 14:59 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-01-12 14:59 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2016-01-12 14:59 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-01-12 14:59 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2016-01-12 14:59 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-01-12 14:59 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2016-01-12 14:59 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-01-12 14:59 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-01-12 14:59 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-01-12 14:59 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-01-12 14:59 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-01-12 14:59 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-01-12 14:59 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-01-12 09:17 - 2016-01-12 09:18 - 00000000 ____D C:\Users\Ron Lopez\Documents\CEM Solutions Trainning info

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-11 17:32 - 2015-02-03 21:07 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA.job
    2016-02-11 17:15 - 2012-09-08 21:38 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-11 17:14 - 2015-12-10 02:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-11 17:13 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-11 17:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-11 17:05 - 2015-12-10 01:52 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-11 17:05 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-02-11 16:56 - 2012-09-08 21:38 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-11 16:42 - 2015-11-29 21:05 - 00000450 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
    2016-02-11 16:37 - 2012-09-27 19:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-02-11 16:26 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-11 12:58 - 2013-03-31 23:38 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-11 12:50 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-11 12:42 - 2015-07-31 22:54 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-02-11 12:10 - 2015-11-29 21:07 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC034D0D-4F01-48CB-BB42-1B359780544B}
    2016-02-10 23:43 - 2012-09-12 12:19 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\vlc
    2016-02-10 23:42 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Video
    2016-02-09 16:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-02-08 20:07 - 2012-12-02 23:15 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\ElevatedDiagnostics
    2016-02-08 11:13 - 2015-12-10 01:53 - 00000000 ____D C:\Users\Ron Lopez
    2016-02-06 00:32 - 2015-02-03 21:07 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job
    2016-02-01 01:17 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-01-29 22:20 - 2015-12-10 01:45 - 00347432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-01-29 01:33 - 2015-06-24 21:27 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Avg
    2016-01-29 01:33 - 2015-06-19 22:59 - 00000000 ____D C:\ProgramData\MFAData
    2016-01-29 01:30 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2016-01-29 00:27 - 2015-02-03 21:07 - 00004074 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA
    2016-01-29 00:27 - 2015-02-03 21:07 - 00003698 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core
    2016-01-28 23:51 - 2012-09-08 21:38 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-01-28 23:51 - 2012-09-08 21:38 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-01-28 23:46 - 2015-05-31 17:19 - 00000000 ____D C:\Users\Ron Lopez\AppData\LocalLow\Temp
    2016-01-28 22:15 - 2015-12-23 22:20 - 00000000 ____D C:\WINDOWS\Minidump
    2016-01-28 22:15 - 2015-12-10 02:44 - 00000000 ___DC C:\WINDOWS\Panther
    2016-01-28 22:15 - 2015-04-25 21:41 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\IDM
    2016-01-28 22:15 - 2012-10-22 21:01 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\CrashDumps
    2016-01-28 11:51 - 2015-07-31 22:54 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Packages
    2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-28 11:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-28 09:26 - 2014-05-30 23:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-01-28 09:22 - 2014-05-30 23:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-01-28 08:57 - 2012-05-08 14:10 - 00000000 ____D C:\Program Files (x86)\Toshiba
    2016-01-28 08:57 - 2011-04-08 06:05 - 00000000 ____D C:\Program Files\Toshiba
    2016-01-27 22:16 - 2012-10-26 22:55 - 00000000 ____D C:\ProgramData\TEMP
    2016-01-24 23:32 - 2015-07-31 22:58 - 00000000 ___RD C:\Users\Ron Lopez\OneDrive
    2016-01-24 14:38 - 2015-11-29 18:30 - 00000000 ____D C:\Users\Ron Lopez\Downloads\HP Downloads
    2016-01-24 14:24 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-01-22 11:25 - 2015-05-02 16:21 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
    2016-01-22 11:25 - 2013-03-31 23:52 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-01-22 11:13 - 2012-10-27 15:09 - 00000000 ____D C:\Program Files (x86)\A1Click Ultra PC Cleaner
    2016-01-20 16:36 - 2015-11-29 21:05 - 00002264 _____ C:\Users\Ron Lopez\Desktop\HP Photo Creations.lnk
    2016-01-20 15:38 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\DMCache
    2016-01-14 21:22 - 2012-09-08 22:12 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Skype
    2016-01-13 10:47 - 2015-11-07 21:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-01-13 10:47 - 2014-12-23 20:07 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2016-01-13 10:43 - 2011-04-25 14:54 - 00000000 ____D C:\Users\Ron Lopez\Documents\2011 Mortgage Renewal Forms
    2016-01-13 10:41 - 2012-11-19 01:11 - 00000000 ___RD C:\Users\Ron Lopez\Documents\Documents (3)
    2016-01-13 10:41 - 2012-11-19 01:08 - 00000000 ___RD C:\Users\Ron Lopez\Documents\My Documents1
    2016-01-13 10:19 - 2015-05-24 16:53 - 00000000 ____D C:\Users\Ron Lopez\Documents\Cell Phone info
    2016-01-13 09:47 - 2013-11-02 18:29 - 00000000 ____D C:\Users\Ron Lopez\Documents\2013 Callsellect
    2016-01-12 16:47 - 2013-08-17 07:38 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-12 16:42 - 2012-09-27 20:30 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2012-09-27 19:10 - 2015-12-15 13:23 - 0017287 _____ () C:\ProgramData\hpzinstall.log

    Some files in TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-03 15:25

    ==================== End of FRST.txt ============================

     

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
    Ran by Administrator (2016-02-11 17:36:53)
    Running from C:\Users\Administrator\Desktop
    Windows 10 Home (X64) (2015-12-10 07:22:36)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-714211835-398583104-3702693888-500 - Administrator - Enabled) => C:\Users\Administrator
    DefaultAccount (S-1-5-21-714211835-398583104-3702693888-503 - Limited - Disabled)
    Guest (S-1-5-21-714211835-398583104-3702693888-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-714211835-398583104-3702693888-1004 - Limited - Enabled)
    Ron Lopez (S-1-5-21-714211835-398583104-3702693888-1000 - Administrator - Enabled) => C:\Users\Ron Lopez

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    C309a (x32 Version: 140.0.846.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell AIO Printer 948 (HKLM\...\Dell AIO Printer 948) (Version:  - Dell, Inc.)
    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
    Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
    FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{F089B734-1356-484F-A7B8-1B78F1616A15}) (Version: 14.0 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
    iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
    Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
    Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PS_AIO_05_C309_Software_Min (x32 Version: 140.0.855.000 - Hewlett-Packard) Hidden
    Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
    Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
    TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
    TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
    TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
    TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
    Your Uninstaller! 2008 Version 6.0 (HKLM-x32\...\Your Uninstaller! 2008_is1) (Version: 6.0 - URSoft, Inc.)
    Zap Care Pro (HKLM-x32\...\{F96D3483-1580-480A-A04B-C659D7F180EF}) (Version: 2.9.5 - Arieana LLC)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-500_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {082D8856-33F2-4943-AC63-0576E60DD020} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {15111C71-DA52-421C-9A12-6ED72922E224} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
    Task: {18BE8D1D-5327-4F91-B16B-271D354CA5D5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {1C91856B-30AB-4F1D-B55D-B31CD295D4A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {289164AB-EB0B-41F5-B06D-3684ACC50F20} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-10] (Adobe Systems Incorporated)
    Task: {38295757-5846-423E-BB17-4B2232DAFBB0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {3F3876F3-66AC-45AD-9312-F622FFADC767} - System32\Tasks\{35B5F52C-26ED-4E2C-8E60-F7C411993AC9} => pcalua.exe -a "C:\Users\Ron Lopez\Downloads\Programs\windirstat1_1_2_setup.exe" -d "C:\Users\Ron Lopez\Downloads\Programs"
    Task: {60509D4F-B370-4131-AB56-09CE3B3C5509} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
    Task: {69FF4FAA-29B6-4BF5-99CF-5A55A0671F07} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
    Task: {6CDC4299-555F-4F68-8E0B-FD255842455C} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe [2015-11-29] ()
    Task: {9112876E-824C-47AC-930F-CBE603E967C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
    Task: {A041F8B5-1969-4F30-A4F3-74BC2A6529C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {A1BCBA8C-711A-42DD-899E-F33BCE63D3FC} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {B1EBF3A1-A27B-466C-8B89-5CF636D3119F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {CC9CEDFA-E891-45B5-943F-67899450D800} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {E33B7302-9B6B-480D-ABD4-892445DA1069} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2014-05-09 19:04 - 2009-04-17 11:17 - 00045568 _____ () C:\WINDOWS\System32\DLDFPMON.DLL
    2014-05-09 19:04 - 2007-05-04 03:23 - 00049152 _____ () C:\WINDOWS\System32\DLDFOEM.DLL
    2014-05-09 19:04 - 2009-04-17 11:15 - 00081408 _____ () C:\Program Files (x86)\Dell AIO Printer 948\ipcmt64.dll
    2014-05-09 19:05 - 2007-05-03 00:43 - 00138240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\dldfdrpp.dll
    2015-12-10 02:35 - 2015-12-10 02:35 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-10 02:35 - 2015-12-10 02:35 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
    2015-12-18 19:17 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-18 19:17 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-12 14:59 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-12 15:00 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-28 08:24 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-28 08:24 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-05-02 16:56 - 2015-05-03 14:23 - 00001468 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1       localhost
    127.0.0.1                   skip
    127.0.0.1                   onhax.net
    127.0.0.1                   www.onhax.net
    127.0.0.1                   forum.onhax.net
    127.0.0.1                   https://forum.onhax.net
    127.0.0.1                   labs.onhax.net
    127.0.0.1                   do2dear.net
    127.0.0.1                   p30world.com
    127.0.0.1                   brarstuff.com
    127.0.0.1                   rsload.net
    127.0.0.1                   unicrack.com
    127.0.0.1                   keyscity.net
    127.0.0.1                   idm-crack-patch.blogspot.in
    127.0.0.1                   parth8641.blogspot.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-714211835-398583104-3702693888-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 65.32.1.70 - 65.32.1.65
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: dldfCATSCustConnectService => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: NBService => 3
    MSCONFIG\Services: NMIndexingService => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: ss_conn_service => 2
    MSCONFIG\Services: SynTPEnhService => 2
    MSCONFIG\Services: TMachInfo => 3
    MSCONFIG\Services: TODDSrv => 2
    MSCONFIG\Services: TosCoSrv => 2
    MSCONFIG\Services: TOSHIBA eco Utility Service => 2
    MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
    MSCONFIG\Services: TPCHSrv => 3
    MSCONFIG\Services: UNS => 2
    HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{A2B08CE2-4B5E-4732-8110-39120F9EB519}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{267ECF6F-D4A5-4DA8-9BDF-ECFF29DC473E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{168E9FA8-3A69-4FBA-8021-F21C03279449}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{D0D2F209-C094-45FA-8208-7BB9E1D97A33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{5CF38611-E7DE-4FCA-9EB0-D9B387DD324F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{4044ED16-0936-4E16-92E6-980E628964B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{664F206A-0242-4B92-BE4C-E09F5E6B19C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{3B0F062D-F234-4BAD-82FE-B7DEFDA923FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{016FF8A2-0AFE-4993-B947-FDB275E05379}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{B4D5A6F7-2DB9-4958-B5CB-EC68A7BD1747}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{9D4EEF51-589E-4E25-BF75-C2590A8B524B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{8FEBEE5D-2FC0-4EA9-90A6-D3FB8EB1275D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{C6C3B690-6F32-4B60-A1C9-0F17E49E7A7B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{B2529BEF-E237-4DE7-BDAA-E5CAF121BC4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{6EE0D823-067A-4B63-A3F3-458D60D63105}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{96E12954-8804-4C72-B91D-041929778827}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{38EBBD24-8A79-43C4-BE48-288F8BBE247E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{A574BCF0-6CBD-4B96-AA83-4751A31F0ADA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{31FA03FA-7878-44C1-9D9B-24CF61173063}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D5504428-2C4A-46F6-9B95-5293C24967BB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{2BDD3AEA-B1EB-4B26-BD27-418D80BD187D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E72577AB-FDAE-4238-84CF-619D9A443A17}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4DB7B64F-ECAC-4B63-A286-9D0A6548A232}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{01404980-DAEE-40E0-A6CB-706391A9FE46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{03FED3EC-8073-4A1B-AC8F-DFF95D7C978D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{AB878EC4-C257-4A3F-BFBE-D1DCF8F916D2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
    FirewallRules: [{F8182B73-3FA9-4231-8927-5E53B96D28F2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
    FirewallRules: [{0D757440-7EE9-42C0-95EC-45BC1FCE68B2}] => (Allow) C:\Windows\System32\dldfcoms.exe
    FirewallRules: [{019FAEE0-E661-4B5D-A63A-536E355AC42D}] => (Allow) C:\Windows\System32\dldfcoms.exe
    FirewallRules: [{3A638C66-6224-49D5-87AB-991B938A7FC6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
    FirewallRules: [{894C119B-D914-4D9C-A524-A5FEBBFBBB37}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
    FirewallRules: [{CF700503-C32C-4D57-97C6-46ED5C1538E8}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
    FirewallRules: [{740CA2CA-A367-4BCD-88CD-26138453F415}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
    FirewallRules: [{F2D8E542-015B-45F5-B791-61431AFF8D56}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
    FirewallRules: [{2C836EC4-B94A-4D12-BA3A-3A4D51D1CE51}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
    FirewallRules: [{F97C6AAD-921D-4A0C-9F39-03ACA3C0DFCB}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
    FirewallRules: [{57C6C3F3-4489-485B-8F85-B86E3F9444F6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
    FirewallRules: [{D54FD245-205A-4B12-BEB3-B0127BEEF7E6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
    FirewallRules: [{93CA90CC-C4DD-4318-A5B9-4BF5EB38E42B}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
    FirewallRules: [TCP Query User{6582934D-40C8-48AA-B4DB-34711760F6D2}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
    FirewallRules: [UDP Query User{C93CB074-4AA8-45C0-9789-0839172FAFB3}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
    FirewallRules: [{8A3C10C9-C97A-4E49-9070-983D9567FF45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{648B9738-3263-47E0-B329-004EB8BD7AAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{4804FBC5-4E22-4E74-9B0F-0156C94092F6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{2AB3EBBA-ADFA-4C72-B1E7-6918402F59A4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{BAD4C6F6-D6F8-46A5-AD5D-E34622DE613E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    22-01-2016 12:00:36 JRT Pre-Junkware Removal
    28-01-2016 08:49:02 Windows Update
    07-02-2016 12:53:56 Scheduled Checkpoint
    11-02-2016 17:24:33 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: HP LaserJet 600 M601
    Description: HP LaserJet 600 M601
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: Hewlett-Packard
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: HP LaserJet P2035n
    Description: HP LaserJet P2035n
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: Hewlett-Packard
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/11/2016 05:25:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/11/2016 05:24:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (02/11/2016 05:16:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/11/2016 05:15:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/11/2016 05:15:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/11/2016 05:14:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
    Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/11/2016 05:06:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/11/2016 05:02:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/11/2016 05:02:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/11/2016 05:02:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
    Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (02/11/2016 05:14:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    %%1058

    Error: (02/11/2016 05:14:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The luafv service failed to start due to the following error:
    %%1275

    Error: (02/11/2016 05:13:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_3cd4c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/11/2016 05:13:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (02/11/2016 05:12:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (02/11/2016 05:12:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SynTPEnh Caller Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (02/11/2016 05:12:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Message Queuing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (02/11/2016 05:12:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (02/11/2016 05:12:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (02/11/2016 05:01:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    %%1058


    CodeIntegrity:
    ===================================
      Date: 2016-02-11 17:22:35.500
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-02-11 17:22:35.487
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-02-11 17:22:35.466
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-02-11 17:22:34.826
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-02-11 17:22:34.648
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-02-11 17:13:34.303
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-02-11 17:13:34.291
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-02-11 17:13:34.276
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-02-11 17:13:34.250
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-02-11 17:13:34.142
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
    Percentage of memory in use: 27%
    Total physical RAM: 6091.86 MB
    Available physical RAM: 4407.96 MB
    Total Virtual: 12235.86 MB
    Available Virtual: 10678.18 MB

    ==================== Drives ================================

    Drive c: (S3A4489D001) (Fixed) (Total:682.23 GB) (Free:530.42 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 57F24026)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=682.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=789 MB) - (Type=27)
    Partition 4: (Not Active) - (Size=13.4 GB) - (Type=17)

    ==================== End of Addition.txt ============================


    • 0

    #44
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    Your log looks clean now.  Don't see anything.  Does it still show up?


    • 0

    #45
    lopez66

    lopez66

      Member

    • Topic Starter
    • Member
    • PipPip
    • 48 posts

    I force shot down because whatever was blocking the screen would not let me do anything, so nothing showed up after i restarted,


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP