Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Got a virus infection that crowded my computer screen


  • Please log in to reply

#61
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

RKinner, did the uninstalled the Samsung USB drive for phones and turned off the NetBT.

 

Screen still flickers when I am deleting a file, moving anything to a different folder, when I searching the internet or opening a new tab.

 

I have not idea what could be the cause of that.

 

Thanks again.


  • 0

Advertisements


#62
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
download ShellExView.
 
 
Use the download that says::
Download ShellExView for x64
 
which is really:
 
 
It's a zip so you have to Save it then right click and Extract All then right click on the exe and Run As Admin.
 
Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer.
 
Reboot and see if you still get the flickers.

  • 0

#63
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

RKinner, I am sorry I have not replayed in regards to the last your last step you told me to take. I was able to run the ShellExView as you mentioned in the last post, but it did not fixed the flickering. after running avast a few time, there were some up dates and now I am getting a lot of different web pages popping out once again. I have also run marwarebites, but still I don't seen to get rid of some of the problems.

 

As always I appreciate your help, thanks


  • 0

#64
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Let's run AdwCleaner, JRT & FRST (Scan with Addition checked) as we did on http://www.geekstogo...-3#entry2550975 and see what has changed.


  • 0

#65
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

RKinner, I couldn't run the program earlier, but I just ran the Adwcleaner. it showed nothing to clean, with the following report.

 

# AdwCleaner v5.030 - Logfile created 22/01/2016 at 11:39:55
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Ron Lopez - RONLOPEZ-PC
# Running from : C:\Users\Ron Lopez\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\SearchProtect
Folder Found : C:\Program Files (x86)\app_setup
Folder Found : C:\Program Files (x86)\DNS Unlocker
Folder Found : C:\Program Files (x86)\ExploreTech
Folder Found : C:\Program Files (x86)\PRiceLess
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Found : C:\Users\Ron Lopez\AppData\Local\NativeMessaging
Folder Found : C:\Users\Ron Lopez\AppData\Local\WhiteListing
Folder Found : C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Folder Found : C:\Users\Ron Lopez\AppData\LocalLow\Conduit
Folder Found : C:\Users\Ron Lopez\AppData\LocalLow\Delta
Folder Found : C:\Users\Ron Lopez\AppData\LocalLow\HPAppData

***** [ Files ] *****

File Found : C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk
File Found : C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\searchplugins\smod.xml
File Found : C:\Users\Ron Lopez\Desktop\Continue installation .lnk
File Found : C:\WINDOWS\Reimage.ini

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreTech.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe]
Key Found : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
Key Found : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Key Found : HKCU\Software\5948cd0e63fee12
Key Found : HKLM\SOFTWARE\5948cd0e63fee12
Key Found : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Key Found : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Found : HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
Key Found : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DriverRestore
Key Found : HKCU\Software\DriverTuner
Key Found : HKCU\Software\DriverTuner_Init
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Tinstalls
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\WEBAPP
Key Found : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\WindoWeather
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Found : [x64] HKLM\SOFTWARE\Reimage
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff} [NameServer] - 82.163.143.165,82.163.142.167
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff} [NameServer] - 82.163.143.165,82.163.142.167

***** [ Web browsers ] *****

[C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : norton-internet-security.softonic.com
[C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : www-searching.com
[C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bmkckgpgekmanipelfidlhmkfcjicion
[C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jlcgehabolcakkjhgmgpkagpolbjlhfa
[C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www-searching.com/?pid=s&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,&vp=ch&prd=set_ch

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7397 bytes] ##########
# AdwCleaner v5.033 - Logfile created 11/02/2016 at 17:10:21
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Administrator - RONLOPEZ-PC
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\{b572d29d-a010-7d5a-b572-2d29da014a76}

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}

***** [ Web browsers ] *****

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8357 bytes] ##########
# AdwCleaner v5.112 - Logfile created 22/04/2016 at 16:31:20
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Ron Lopez - RONLOPEZ-PC
# Running from : C:\Users\Ron Lopez\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKCU\Software\MICROSOFT\IDSC
Key Found : HKU\S-1-5-21-714211835-398583104-3702693888-1000\Software\MICROSOFT\IDSC
Key Found : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\20E71B53321C641458DBDAF83979D193
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\20E71B53321C641458DBDAF83979D193

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [9074 bytes] - [22/01/2016 12:45:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [9493 bytes] - [22/01/2016 12:39:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9566 bytes] ##########
 


  • 0

#66
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

the JRT, got the following report, it looks like it found nothing as well. I wonderwhy is it that all these ads from different web sites are getting through. i have a pop up blocker, adblock plus.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 10 Home x64
Ran by Ron Lopez (Administrator) on 2016-04-22 at 16:51:21.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-04-22 at 16:54:31.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#67
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

the farbar fist file is as follow

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Ron Lopez (administrator) on RONLOPEZ-PC (22-04-2016 17:04:25)
Running from C:\Users\Ron Lopez\Desktop
Loaded Profiles: Ron Lopez (Available Profiles: Ron Lopez & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [dldfmon.exe] => C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe [455336 2009-04-27] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe [410280 2009-04-27] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [Dell AIO Printer 948] => C:\Program Files (x86)\Dell AIO Printer 948\fm3032.exe [311976 2009-04-27] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-31] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [Google Update] => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc.)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [BingSvc] => C:\Users\Ron Lopez\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\RunOnce: [Uninstall C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-714211835-398583104-3702693888-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-19] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.1.70 65.32.1.65
Tcpip\..\Interfaces\{77af3215-f3c5-41a2-ac84-b2c49f325010}: [DhcpNameServer] 65.32.1.70 65.32.1.65
Tcpip\..\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff}: [DhcpNameServer] 65.32.1.70 65.32.1.65

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-19] (AVAST Software)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-19] (AVAST Software)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)

FireFox:
========
FF ProfilePath: C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898
FF Homepage: hxxp://www.msn.com/en-ca?checklang=1&AR=1
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Ron Lopez\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ron Lopez\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-29] (Google Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\extensions\[email protected] [2015-12-01]
FF Extension: Ghostery - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\[email protected] [2016-03-25]
FF Extension: Self-Destructing Cookies - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\[email protected] [2016-04-18]
FF Extension: Adblock Plus - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-19]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5 [2016-04-22] [not signed]
FF HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-19] (AVAST Software)
S4 dldfCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dldfserv.exe [33416 2007-06-26] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-28] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-19] (AVAST Software)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-12-10] (Windows ® Win 7 DDK provider)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-29] ()
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-31] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 17:04 - 2016-04-22 17:05 - 00018614 _____ C:\Users\Ron Lopez\Desktop\FRST.txt
2016-04-22 17:02 - 2016-04-22 17:04 - 02375680 _____ (Farbar) C:\Users\Ron Lopez\Desktop\FRST64.exe
2016-04-22 16:54 - 2016-04-22 16:54 - 00000551 _____ C:\Users\Ron Lopez\Desktop\JRT.txt
2016-04-22 16:50 - 2016-04-22 16:50 - 01610008 _____ (Malwarebytes) C:\Users\Ron Lopez\Desktop\JRT.exe
2016-04-19 16:43 - 2016-04-19 16:43 - 03683904 _____ C:\Users\Ron Lopez\Desktop\AdwCleaner.exe
2016-04-18 12:11 - 2016-04-18 12:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-18 07:43 - 2016-03-29 06:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-18 07:43 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-18 07:43 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-18 07:43 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-18 07:43 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-18 07:43 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-18 07:43 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-18 07:43 - 2016-03-29 03:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-18 07:43 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-18 07:43 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-18 07:43 - 2016-03-29 02:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-18 07:43 - 2016-03-29 02:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-18 07:43 - 2016-03-29 02:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-18 07:43 - 2016-03-29 02:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-18 07:43 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-18 07:43 - 2016-03-29 02:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-18 07:43 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-18 07:43 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-18 07:43 - 2016-03-29 01:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-18 07:43 - 2016-03-29 01:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-18 07:43 - 2016-03-29 01:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-18 07:43 - 2016-03-29 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-18 07:43 - 2016-03-29 01:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-18 07:43 - 2016-03-29 01:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-18 07:42 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-18 07:42 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-18 07:42 - 2016-04-01 23:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-18 07:42 - 2016-04-01 23:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-18 07:42 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-18 07:42 - 2016-04-01 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-18 07:42 - 2016-04-01 23:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-18 07:42 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-18 07:42 - 2016-04-01 23:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-18 07:42 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-18 07:42 - 2016-04-01 23:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-18 07:42 - 2016-04-01 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-18 07:42 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-18 07:42 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-18 07:42 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-18 07:42 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-18 07:42 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-18 07:42 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-18 07:42 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-18 07:42 - 2016-03-29 05:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-18 07:42 - 2016-03-29 05:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-18 07:42 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-18 07:42 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-18 07:42 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-18 07:42 - 2016-03-29 04:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-18 07:42 - 2016-03-29 04:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-18 07:42 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-18 07:42 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-18 07:42 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-18 07:42 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-18 07:42 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-18 07:42 - 2016-03-29 03:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-18 07:42 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-18 07:42 - 2016-03-29 03:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-18 07:42 - 2016-03-29 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-18 07:42 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-18 07:42 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-18 07:42 - 2016-03-29 03:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-18 07:42 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-18 07:42 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-18 07:42 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-18 07:42 - 2016-03-29 03:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-18 07:42 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-18 07:42 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-18 07:42 - 2016-03-29 03:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-18 07:42 - 2016-03-29 03:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-18 07:42 - 2016-03-29 03:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-18 07:42 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-18 07:42 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-18 07:42 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-18 07:42 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-18 07:42 - 2016-03-29 03:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-18 07:42 - 2016-03-29 03:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-18 07:42 - 2016-03-29 03:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-18 07:42 - 2016-03-29 03:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-18 07:42 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-18 07:42 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-18 07:42 - 2016-03-29 03:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-18 07:42 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-18 07:42 - 2016-03-29 03:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-18 07:42 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-18 07:42 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-18 07:42 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-18 07:42 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-18 07:42 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-18 07:42 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-18 07:42 - 2016-03-29 02:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-18 07:42 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-18 07:42 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-18 07:42 - 2016-03-29 02:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-18 07:42 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-18 07:42 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-18 07:42 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-18 07:42 - 2016-03-29 02:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-18 07:42 - 2016-03-29 02:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-18 07:42 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-18 07:42 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-18 07:42 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-18 07:42 - 2016-03-29 02:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-18 07:42 - 2016-03-29 02:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-18 07:42 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-18 07:42 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-18 07:42 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-18 07:42 - 2016-03-29 02:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-18 07:42 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-18 07:42 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-18 07:42 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-18 07:42 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-18 07:42 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-18 07:42 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-18 07:42 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-18 07:42 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-18 07:42 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-18 07:42 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-18 07:42 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-18 07:42 - 2016-03-29 02:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-18 07:42 - 2016-03-29 02:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-18 07:42 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-18 07:42 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-18 07:42 - 2016-03-29 02:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-18 07:42 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-18 07:42 - 2016-03-29 01:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-18 07:42 - 2016-03-29 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-18 07:42 - 2016-03-29 01:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-18 07:42 - 2016-03-29 01:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-18 07:42 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-18 07:42 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-18 07:42 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-18 07:42 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-18 07:42 - 2016-03-29 01:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-18 07:42 - 2016-03-29 01:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-18 07:42 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-18 07:42 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-18 07:41 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-18 07:41 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-18 07:41 - 2016-04-01 23:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-18 07:41 - 2016-04-01 23:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-18 07:41 - 2016-04-01 23:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-18 07:41 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-18 07:41 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-18 07:41 - 2016-04-01 23:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-18 07:41 - 2016-04-01 23:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-18 07:41 - 2016-04-01 23:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-18 07:41 - 2016-04-01 23:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-18 07:41 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-18 07:41 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-18 07:41 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-18 07:41 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-18 07:41 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-18 07:41 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-18 07:41 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-18 07:41 - 2016-03-29 05:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-18 07:41 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-18 07:41 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-18 07:41 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-18 07:41 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-18 07:41 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-18 07:41 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-18 07:41 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-18 07:41 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-18 07:41 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-18 07:41 - 2016-03-29 04:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-18 07:41 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-18 07:41 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-18 07:41 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-18 07:41 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-18 07:41 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-18 07:41 - 2016-03-29 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-18 07:41 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-18 07:41 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-18 07:41 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-18 07:41 - 2016-03-29 04:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-18 07:41 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-18 07:41 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-18 07:41 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-18 07:41 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-18 07:41 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-18 07:41 - 2016-03-29 04:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-18 07:41 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-18 07:41 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-18 07:41 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-18 07:41 - 2016-03-29 03:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-18 07:41 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-18 07:41 - 2016-03-29 03:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-18 07:41 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-18 07:41 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-18 07:41 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-18 07:41 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-18 07:41 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-18 07:41 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-18 07:41 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-18 07:41 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-18 07:41 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-18 07:41 - 2016-03-29 03:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-18 07:41 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-18 07:41 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-18 07:41 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-18 07:41 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-18 07:41 - 2016-03-29 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-18 07:41 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-18 07:41 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-18 07:41 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-18 07:41 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-18 07:41 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-18 07:41 - 2016-03-29 03:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-18 07:41 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-18 07:41 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-18 07:41 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-18 07:41 - 2016-03-29 03:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-18 07:41 - 2016-03-29 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-18 07:41 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-18 07:41 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-18 07:41 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-18 07:41 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-18 07:41 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-18 07:41 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-18 07:41 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-18 07:41 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-18 07:41 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-18 07:41 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-18 07:41 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-18 07:41 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-18 07:41 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-18 07:41 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-18 07:41 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-18 07:41 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-18 07:41 - 2016-03-29 03:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-18 07:41 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-18 07:41 - 2016-03-29 03:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-18 07:41 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-18 07:41 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-18 07:41 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-18 07:41 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-18 07:41 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-18 07:41 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-18 07:41 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-18 07:41 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-18 07:41 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-18 07:41 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-18 07:41 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-18 07:41 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-18 07:41 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-18 07:41 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-18 07:41 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-18 07:41 - 2016-03-29 02:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-18 07:41 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-18 07:41 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-18 07:41 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-18 07:41 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-18 07:41 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-18 07:41 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-18 07:41 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-18 07:41 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-18 07:41 - 2016-03-29 02:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-18 07:41 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-18 07:41 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-18 07:41 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-18 07:41 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-18 07:41 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-18 07:41 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-18 07:41 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-18 07:41 - 2016-03-29 02:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-18 07:41 - 2016-03-29 02:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-18 07:41 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-18 07:41 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-18 07:41 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-18 07:41 - 2016-03-29 02:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-18 07:41 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-18 07:41 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-18 07:41 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-18 07:41 - 2016-03-29 02:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-18 07:41 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-18 07:41 - 2016-03-29 02:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-18 07:41 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-18 07:41 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-18 07:41 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-18 07:41 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-18 07:41 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-18 07:41 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-18 07:41 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-18 07:41 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-03-31 15:40 - 2016-03-31 15:40 - 00000821 _____ C:\Users\Ron Lopez\Desktop\shexview.cfg
2016-03-31 15:27 - 2016-03-31 15:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Compressed
2016-03-25 17:35 - 2016-03-25 17:35 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-25 17:35 - 2016-03-25 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-25 17:34 - 2016-03-25 17:34 - 00000000 ____D C:\Program Files\iPod
2016-03-25 17:34 - 2016-03-25 17:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-25 17:33 - 2016-03-25 17:35 - 00000000 ____D C:\Program Files\iTunes
2016-03-25 17:31 - 2016-03-25 17:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-25 17:31 - 2016-03-25 17:31 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-25 17:19 - 2016-03-25 17:19 - 00001150 _____ C:\Users\Public\Desktop\VLC media player.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 17:04 - 2016-01-21 13:31 - 00000000 ____D C:\FRST
2016-04-22 16:46 - 2012-10-27 17:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\DMCache
2016-04-22 16:45 - 2016-01-22 12:39 - 00000000 ____D C:\AdwCleaner
2016-04-22 16:42 - 2015-11-29 22:05 - 00000450 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2016-04-22 16:37 - 2012-09-27 20:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-22 16:32 - 2015-02-03 22:07 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA.job
2016-04-22 16:18 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-22 16:18 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-21 21:12 - 2015-12-10 02:52 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-21 21:12 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-21 19:48 - 2015-12-10 03:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-21 19:48 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-21 00:32 - 2015-02-03 22:07 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job
2016-04-20 14:37 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-19 16:59 - 2015-12-10 02:53 - 00000000 ____D C:\Users\Ron Lopez
2016-04-19 16:33 - 2015-11-29 22:07 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC034D0D-4F01-48CB-BB42-1B359780544B}
2016-04-19 14:24 - 2014-05-31 00:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-19 09:42 - 2012-05-08 15:29 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-19 09:41 - 2012-09-08 22:30 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Google
2016-04-19 09:33 - 2015-12-10 02:45 - 00349416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-19 09:33 - 2013-04-01 00:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-18 23:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-18 23:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-18 23:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-18 23:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-18 08:09 - 2015-07-31 23:54 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Packages
2016-04-18 08:02 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-18 07:59 - 2013-08-17 08:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-18 07:52 - 2012-09-27 21:30 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-11 10:27 - 2012-09-12 13:19 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\vlc
2016-04-11 10:18 - 2016-02-19 10:16 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-04-06 14:32 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 14:32 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 23:48 - 2012-10-27 17:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Video
2016-04-03 20:44 - 2015-04-25 22:41 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\IDM
2016-03-25 17:33 - 2012-11-09 22:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-25 17:31 - 2012-11-09 22:10 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

==================== Files in the root of some directories =======

2016-01-20 16:48 - 2016-01-20 16:48 - 0000036 _____ () C:\Users\Ron Lopez\AppData\Local\housecall.guid.cache
2012-09-27 20:10 - 2015-12-15 14:23 - 0017287 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-21 07:03

==================== End of FRST.txt ============================


  • 0

#68
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

and the addition is the following,

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Ron Lopez (2016-04-22 17:06:00)
Running from C:\Users\Ron Lopez\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-10 07:22:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-714211835-398583104-3702693888-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-714211835-398583104-3702693888-503 - Limited - Disabled)
Guest (S-1-5-21-714211835-398583104-3702693888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-714211835-398583104-3702693888-1004 - Limited - Enabled)
Ron Lopez (S-1-5-21-714211835-398583104-3702693888-1000 - Administrator - Enabled) => C:\Users\Ron Lopez

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C309a (x32 Version: 140.0.846.000 - Hewlett-Packard) Hidden
ChromecastApp (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell AIO Printer 948 (HKLM\...\Dell AIO Printer 948) (Version:  - Dell, Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\HP Photo Creations) (Version: 1.0.0.19522 - HP)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{F089B734-1356-484F-A7B8-1B78F1616A15}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.855.000 - Hewlett-Packard) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
Your Uninstaller! 2008 Version 6.0 (HKLM-x32\...\Your Uninstaller! 2008_is1) (Version: 6.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-714211835-398583104-3702693888-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {060F6E8C-32B7-4FF1-A312-0E81547978AC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-19] (AVAST Software)
Task: {0827C2B7-F90C-41D8-8DBB-08B43711717B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-18] (Microsoft Corporation)
Task: {082D8856-33F2-4943-AC63-0576E60DD020} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1C91856B-30AB-4F1D-B55D-B31CD295D4A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {289164AB-EB0B-41F5-B06D-3684ACC50F20} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-18] (Adobe Systems Incorporated)
Task: {38295757-5846-423E-BB17-4B2232DAFBB0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3F3876F3-66AC-45AD-9312-F622FFADC767} - System32\Tasks\{35B5F52C-26ED-4E2C-8E60-F7C411993AC9} => pcalua.exe -a "C:\Users\Ron Lopez\Downloads\Programs\windirstat1_1_2_setup.exe" -d "C:\Users\Ron Lopez\Downloads\Programs"
Task: {60509D4F-B370-4131-AB56-09CE3B3C5509} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {6955F9E7-2DFB-47A7-983B-7415C703A65D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {6CDC4299-555F-4F68-8E0B-FD255842455C} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe [2015-11-29] ()
Task: {9112876E-824C-47AC-930F-CBE603E967C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {A1BCBA8C-711A-42DD-899E-F33BCE63D3FC} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {B1EBF3A1-A27B-466C-8B89-5CF636D3119F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B2AB919D-A33D-494D-A6B4-4CADD00A70A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000UA.job => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\Ron Lopez\AppData\Roaming\HP Photo Creations\Communicator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-05-09 20:04 - 2009-04-17 12:17 - 00045568 _____ () C:\WINDOWS\System32\DLDFPMON.DLL
2014-05-09 20:04 - 2007-05-04 04:23 - 00049152 _____ () C:\WINDOWS\System32\DLDFOEM.DLL
2014-05-09 20:04 - 2009-04-17 12:15 - 00081408 _____ () C:\Program Files (x86)\Dell AIO Printer 948\ipcmt64.dll
2014-05-09 20:05 - 2007-05-03 01:43 - 00138240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\dldfdrpp.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-18 07:43 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2016-04-18 07:43 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-18 07:42 - 2016-04-01 23:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-18 07:41 - 2016-04-01 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-18 07:42 - 2016-04-01 22:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-18 07:42 - 2016-04-01 23:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-18 20:17 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-18 07:41 - 2016-04-01 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-19 10:15 - 2016-02-19 10:15 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-19 10:15 - 2016-02-19 10:15 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-19 14:20 - 2016-04-19 14:20 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16041904\algo.dll
2016-04-18 07:20 - 2016-04-18 07:20 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-22 16:12 - 2016-04-22 16:12 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16042201\algo.dll
2016-02-19 10:15 - 2016-02-19 10:15 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13 [145]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-02 17:56 - 2015-05-03 15:23 - 00001468 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1                   skip
127.0.0.1                   onhax.net
127.0.0.1                   www.onhax.net
127.0.0.1                   forum.onhax.net
127.0.0.1                   https://forum.onhax.net
127.0.0.1                   labs.onhax.net
127.0.0.1                   do2dear.net
127.0.0.1                   p30world.com
127.0.0.1                   brarstuff.com
127.0.0.1                   rsload.net
127.0.0.1                   unicrack.com
127.0.0.1                   keyscity.net
127.0.0.1                   idm-crack-patch.blogspot.in
127.0.0.1                   parth8641.blogspot.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-714211835-398583104-3702693888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 65.32.1.70 - 65.32.1.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dldfCATSCustConnectService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{A2B08CE2-4B5E-4732-8110-39120F9EB519}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{267ECF6F-D4A5-4DA8-9BDF-ECFF29DC473E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{168E9FA8-3A69-4FBA-8021-F21C03279449}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D0D2F209-C094-45FA-8208-7BB9E1D97A33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{5CF38611-E7DE-4FCA-9EB0-D9B387DD324F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{4044ED16-0936-4E16-92E6-980E628964B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{664F206A-0242-4B92-BE4C-E09F5E6B19C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{3B0F062D-F234-4BAD-82FE-B7DEFDA923FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{016FF8A2-0AFE-4993-B947-FDB275E05379}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{B4D5A6F7-2DB9-4958-B5CB-EC68A7BD1747}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{9D4EEF51-589E-4E25-BF75-C2590A8B524B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{8FEBEE5D-2FC0-4EA9-90A6-D3FB8EB1275D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C6C3B690-6F32-4B60-A1C9-0F17E49E7A7B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{B2529BEF-E237-4DE7-BDAA-E5CAF121BC4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{6EE0D823-067A-4B63-A3F3-458D60D63105}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{96E12954-8804-4C72-B91D-041929778827}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{38EBBD24-8A79-43C4-BE48-288F8BBE247E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A574BCF0-6CBD-4B96-AA83-4751A31F0ADA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31FA03FA-7878-44C1-9D9B-24CF61173063}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2BDD3AEA-B1EB-4B26-BD27-418D80BD187D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E72577AB-FDAE-4238-84CF-619D9A443A17}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DB7B64F-ECAC-4B63-A286-9D0A6548A232}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01404980-DAEE-40E0-A6CB-706391A9FE46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03FED3EC-8073-4A1B-AC8F-DFF95D7C978D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AB878EC4-C257-4A3F-BFBE-D1DCF8F916D2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
FirewallRules: [{F8182B73-3FA9-4231-8927-5E53B96D28F2}] => (Allow) C:\Windows\SysWOW64\dldfcoms.exe
FirewallRules: [{0D757440-7EE9-42C0-95EC-45BC1FCE68B2}] => (Allow) C:\Windows\System32\dldfcoms.exe
FirewallRules: [{019FAEE0-E661-4B5D-A63A-536E355AC42D}] => (Allow) C:\Windows\System32\dldfcoms.exe
FirewallRules: [{3A638C66-6224-49D5-87AB-991B938A7FC6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
FirewallRules: [{894C119B-D914-4D9C-A524-A5FEBBFBBB37}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe
FirewallRules: [{CF700503-C32C-4D57-97C6-46ED5C1538E8}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
FirewallRules: [{740CA2CA-A367-4BCD-88CD-26138453F415}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe
FirewallRules: [{F2D8E542-015B-45F5-B791-61431AFF8D56}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
FirewallRules: [{2C836EC4-B94A-4D12-BA3A-3A4D51D1CE51}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldftime.exe
FirewallRules: [{F97C6AAD-921D-4A0C-9F39-03ACA3C0DFCB}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
FirewallRules: [{57C6C3F3-4489-485B-8F85-B86E3F9444F6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldfaiox.exe
FirewallRules: [{D54FD245-205A-4B12-BEB3-B0127BEEF7E6}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
FirewallRules: [{93CA90CC-C4DD-4318-A5B9-4BF5EB38E42B}] => (Allow) C:\Program Files (x86)\Dell AIO Printer 948\dldftime.exe
FirewallRules: [TCP Query User{6582934D-40C8-48AA-B4DB-34711760F6D2}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
FirewallRules: [UDP Query User{C93CB074-4AA8-45C0-9789-0839172FAFB3}C:\program files (x86)\dell aio printer 948\dldfmon.exe] => (Block) C:\program files (x86)\dell aio printer 948\dldfmon.exe
FirewallRules: [{8A3C10C9-C97A-4E49-9070-983D9567FF45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{648B9738-3263-47E0-B329-004EB8BD7AAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4804FBC5-4E22-4E74-9B0F-0156C94092F6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2AB3EBBA-ADFA-4C72-B1E7-6918402F59A4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{783326ED-4084-4F02-8759-B48B653EB193}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

31-03-2016 15:56:46 Windows Update
10-04-2016 21:25:46 Scheduled Checkpoint
18-04-2016 07:45:30 Windows Update
18-04-2016 07:47:05 Windows Update
22-04-2016 16:51:26 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: HP LaserJet 600 M601
Description: HP LaserJet 600 M601
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P2035n
Description: HP LaserJet P2035n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2016 04:52:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/22/2016 04:51:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/22/2016 04:39:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/22/2016 04:27:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/22/2016 04:21:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/22/2016 04:21:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/22/2016 04:18:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/22/2016 04:18:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/22/2016 04:17:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/22/2016 04:16:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RonLopez-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (04/22/2016 04:12:19 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RONLOPEZ-PC    :0" could not be registered on the interface with IP address 192.168.0.95.
The computer with the IP address 192.168.0.136 did not allow the name to be claimed by
this computer.

Error: (04/22/2016 04:12:19 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RONLOPEZ-PC    :0" could not be registered on the interface with IP address 192.168.0.95.
The computer with the IP address 192.168.0.136 did not allow the name to be claimed by
this computer.

Error: (04/22/2016 04:12:19 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RONLOPEZ-PC    :20" could not be registered on the interface with IP address 192.168.0.95.
The computer with the IP address 192.168.0.136 did not allow the name to be claimed by
this computer.

Error: (04/22/2016 04:12:19 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RONLOPEZ-PC    :0" could not be registered on the interface with IP address 192.168.0.95.
The computer with the IP address 192.168.0.136 did not allow the name to be claimed by
this computer.

Error: (04/22/2016 04:12:19 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F044F701-6B18-4CA5-AB6B-2E401CF869FF} because another computer on the network has the same name.  The server could not start.

Error: (04/22/2016 12:05:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_92198 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/22/2016 12:05:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_92198 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/22/2016 12:05:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_92198 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/22/2016 12:05:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_92198 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/21/2016 07:48:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058


CodeIntegrity:
===================================
  Date: 2016-04-19 09:36:17.583
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-18 15:31:56.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-31 09:46:07.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-18 11:00:09.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-13 22:39:38.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-03 20:10:49.082
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-19 08:28:35.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-15 18:22:45.543
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-13 20:51:19.690
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-13 17:10:18.780
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 31%
Total physical RAM: 6091.86 MB
Available physical RAM: 4154.07 MB
Total Virtual: 12235.86 MB
Available Virtual: 10400.18 MB

==================== Drives ================================

Drive c: (S3A4489D001) (Fixed) (Total:682.23 GB) (Free:518.59 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 57F24026)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=789 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13.4 GB) - (Type=17)

==================== End of Addition.txt ============================

 

 

Let mo know if you find anything else i can do to get this lap top working properly, thanks.


Edited by lopez66, 22 April 2016 - 04:15 PM.

  • 0

#69
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Run Firefox in Safe Mode

 

https://support.mozi...using-safe-mode

 

Do you still get the unwanted webpages?


  • 0

#70
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

RKinner, as soon as it started it said that there was a problem with the following script, https://pixel.adsafeprotected.…317/skeleton.js?videoId=14714&:215 

I pressed the debug, bottom and then fire fox kept switching between responding not responding on the menu bar.

After I started fire fox, avast kept stopping a program from fire fox (from fire fox file in my computer) from starting, I do not know how to trouble shoot fire fox properly, though.

 

Thanks


  • 0

Advertisements


#71
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Copy this line:

 

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode google.com

 

Then open a command window

 

http://www.eightforu...indows-8-a.html

 

right click in the command window and Paste (or Edit then Paste) and the copied line should appear.

 

Hit Enter

 

You should get a prompt  to choose between Start in Safe mode and Refresh Firefox.  Choose Start in Safe Mode.

 

Navigate to a web page that acts up.  Does it still have problems?


  • 0

#72
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

1) About  blank (Mozilla bank page), 2|) Pop ups

 

http://www.gamemazin..._campaign=wpt1w

 

I started fire fox again and it flickered, before starting. then I re-started it in safe mode and debugging started by itself and the web page http://www.msn.com/en-ca, keeps showing and not showing the address bar, which normally happen when fire fox is not responding.

 

it looks like it started with different settings that i had, it started in full screen and without showing the menu bar. I fixed that.

 

thank,


  • 0

#73
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Perhaps it is time to choose the Refresh Firefox option when you start it in Safe Mode?


  • 0

#74
lopez66

lopez66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Thanks RKinner, I'll try that, as I when I turned Fire fox is giving me the not responding still. the computer still flickers even when I am not using fire fox, though. Ill be whatching a movie or reading a pdf or opening any other program or file and the computer flickers, PDF reader for example would perform different than normal.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP