I was downloading a wifi password crack and got a lot of programs and pop ups all over my computer. Microsoft windows essential popped out and some blue screens with it, but icould not see it without bringing my pointer to the task bar. I called the number displayed on the MWE, and talked to someone. some how the connection was lost and when he called me back, the phone was a restricted number. He walk me through some steps so that I could get my computer to start on safe mode, but then i needed to leave the place where i was able to connect to internet. he was ale to do some checks a told me he was seeing a code red virus. I called microsoft, bet they wouldn't help without paying. I did uninstalled some programs i saw in the computer that were downloaded yesterday, but some did not wanted to be uninstalled. FiPCOptimizer and Zap Care pro gave an error saying that windows unistaller could not be found, Browser Air icon was showing after uninstall, but disappeared after, Geek dady, search module, windo weather, sunnyday were uninstalled and Sound+ send me to the internet, but I was not connected and after I closed the browser it disappeared from the programs list. i still did not know how to proceed to get my laptop cleaned, but luckily I found you guys. I started as requested and found the following.
I run the Farbar tool as requested on the post and I can see the two text files on my computer screen. your help would be greatly appreciated.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by Ron Lopez (administrator) on RONLOPEZ-PC (21-01-2016 12:32:14)
Running from C:\Users\Ron Lopez\Desktop
Loaded Profiles: Ron Lopez (Available Profiles: Ron Lopez)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [dldfmon.exe] => C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe [455336 2009-04-27] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe [410280 2009-04-27] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [Dell AIO Printer 948] => C:\Program Files (x86)\Dell AIO Printer 948\fm3032.exe [311976 2009-04-27] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sun9] => [X]
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\Sound+\idscservice.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [Google Update] => C:\Users\Ron Lopez\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc.)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [BingSvc] => C:\Users\Ron Lopez\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Run: [Windv] => C:\ProgramData\DataFile\Windv.exe [283648 2016-01-20] ()
HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\RunOnce: [Uninstall C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ron Lopez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FixPCOptimizer.exe.lnk [2016-01-20]
ShortcutTarget: FixPCOptimizer.exe.lnk -> C:\Windows\Installer\{A12BC961-A17E-4400-89E3-7939E082D827}\NewShortcut1_96BFA420FFA5411D9D742048D45EC0E2.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.1.70 65.32.1.65
Tcpip\..\Interfaces\{5b419b50-bd46-404a-9921-a6a648aa8844}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{77af3215-f3c5-41a2-ac84-b2c49f325010}: [DhcpNameServer] 65.32.1.70 65.32.1.65
Tcpip\..\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff}: [NameServer] 82.163.143.165,82.163.142.167
Tcpip\..\Interfaces\{f044f701-6b18-4ca5-ab6b-2e401cf869ff}: [DhcpNameServer] 65.32.1.70 65.32.1.65
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-714211835-398583104-3702693888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,&vp=ch&prd=set_ie
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-714211835-398583104-3702693888-1000 -> {C880509E-753B-4A7C-9E2C-3F88E996D58B} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-08] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
FF DefaultSearchEngine: Search Module
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Ron Lopez\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ron Lopez\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-714211835-398583104-3702693888-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ron Lopez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF SearchPlugin: C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\searchplugins\smod.xml [2016-01-20]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\extensions\[email protected] [2015-12-01]
FF Extension: Ghostery - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\[email protected] [2016-01-01]
FF Extension: Self-Destructing Cookies - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\[email protected] [2015-12-11]
FF Extension: Adblock Plus - C:\Users\Ron Lopez\AppData\Roaming\Mozilla\Firefox\Profiles\n5xjkc7k.default-1448854382898\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5 [2016-01-20] [not signed]
FF HKU\S-1-5-21-714211835-398583104-3702693888-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Ron Lopez\AppData\Roaming\IDM\idmmzcc5
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G1Kzamobl13150,716b2bcf-14e3-45f7-8e48-0c8bfd54f233,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TV) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-01-29]
CHR Extension: (YouTube) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-22]
CHR Extension: (Bing) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2016-01-20]
CHR Extension: (Do Not Track) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdcpbflcbeillmamogkpmdhnbeggfja [2013-03-31]
CHR Extension: (Google Search) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Google Docs Offline) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (Do Not Track) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgaaifcfojgbncceneicipolopapchl [2013-03-31]
CHR Extension: (Search Module Plus v2) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2016-01-20]
CHR Extension: (KIDO'Z TV) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokdeafnhahffanabnbjjjjmoechjklc [2014-01-29]
CHR Extension: (Gmail) - C:\Users\Ron Lopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-08]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-714211835-398583104-3702693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S4 dldfCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dldfserv.exe [33416 2007-06-26] ()
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-12-10] (Windows ® Win 7 DDK provider)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-29] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-16] (Malwarebytes)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-31] (Toshiba Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-21 12:32 - 2016-01-21 12:32 - 00022890 _____ C:\Users\Ron Lopez\Desktop\FRST.txt
2016-01-21 12:31 - 2016-01-21 12:32 - 00000000 ____D C:\FRST
2016-01-21 12:30 - 2016-01-21 10:38 - 02370560 _____ (Farbar) C:\Users\Ron Lopez\Desktop\FRST64.exe
2016-01-21 11:17 - 2016-01-21 11:17 - 00000000 ____D C:\Program Files (x86)\ExploreTech
2016-01-20 17:29 - 2016-01-20 17:29 - 00000101 _____ C:\Users\Ron Lopez\Desktop\MS.txt
2016-01-20 17:05 - 2016-01-20 17:30 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-01-20 17:05 - 2016-01-20 17:05 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Citrix
2016-01-20 16:49 - 2016-01-21 12:31 - 00165782 _____ C:\WINDOWS\ntbtlog.txt
2016-01-20 15:48 - 2016-01-20 15:48 - 00000036 _____ C:\Users\Ron Lopez\AppData\Local\housecall.guid.cache
2016-01-20 15:48 - 2016-01-20 15:48 - 00000000 ___HD C:\OneDriveTemp
2016-01-20 15:48 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-01-20 15:41 - 2016-01-21 10:57 - 00000000 ____D C:\Program Files\COMODO
2016-01-20 15:41 - 2016-01-20 15:42 - 00000000 ____D C:\ProgramData\COMODO
2016-01-20 15:41 - 2016-01-20 15:41 - 00003534 _____ C:\WINDOWS\System32\Tasks\ZapCarePro_Popup
2016-01-20 15:41 - 2016-01-20 15:41 - 00003312 _____ C:\WINDOWS\System32\Tasks\ZapCarePro_Start
2016-01-20 15:40 - 2016-01-20 16:41 - 00000000 ____D C:\Users\Ron Lopez\Documents\ZapCarePro
2016-01-20 15:40 - 2016-01-20 15:40 - 00001055 _____ C:\Users\Public\Desktop\Zap Care Pro.lnk
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Arieana LLC
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Arieana_LLC
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zap Care Pro
2016-01-20 15:40 - 2016-01-20 15:40 - 00000000 ____D C:\Program Files (x86)\Zap Care Pro
2016-01-20 15:39 - 2016-01-20 16:44 - 00000490 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000.job
2016-01-20 15:39 - 2016-01-20 15:49 - 00000000 ____D C:\ProgramData\DataFile
2016-01-20 15:39 - 2016-01-20 15:39 - 00003730 _____ C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000
2016-01-20 15:39 - 2016-01-20 15:39 - 00003612 _____ C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-714211835-398583104-3702693888-1000
2016-01-20 15:39 - 2016-01-20 15:39 - 00002631 _____ C:\Users\Public\Desktop\FixPCOptimizer.exe.lnk
2016-01-20 15:39 - 2016-01-20 15:39 - 00000524 _____ C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-714211835-398583104-3702693888-1000.job
2016-01-20 15:39 - 2016-01-20 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wix pc optimizer
2016-01-20 15:39 - 2016-01-20 15:39 - 00000000 ____D C:\Program Files (x86)\WinPCOptimizer
2016-01-20 15:39 - 2016-01-20 15:39 - 00000000 ____D C:\Program Files (x86)\execnowait
2016-01-20 15:38 - 2016-01-21 10:55 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2016-01-20 15:38 - 2016-01-20 16:36 - 00002622 _____ C:\Users\Ron Lopez\Desktop\BrowserAir.lnk
2016-01-20 15:38 - 2016-01-20 15:38 - 00003970 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2016-01-20 15:38 - 2016-01-20 15:38 - 00003738 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2016-01-20 15:38 - 2016-01-20 15:38 - 00003666 _____ C:\WINDOWS\System32\Tasks\IBUpd
2016-01-20 15:38 - 2016-01-20 15:38 - 00003412 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2016-01-20 15:38 - 2016-01-20 15:38 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2016-01-20 15:37 - 2016-01-21 10:54 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\BrowserAir
2016-01-20 15:37 - 2016-01-20 16:35 - 00023208 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2016-01-20 15:37 - 2016-01-20 15:38 - 00002155 _____ C:\Users\Ron Lopez\Desktop\Hotmail.lnk
2016-01-20 15:37 - 2016-01-20 15:37 - 00003522 _____ C:\WINDOWS\System32\Tasks\RSPro
2016-01-20 15:36 - 2016-01-21 11:52 - 00000000 ____D C:\Program Files\Sound+
2016-01-20 15:36 - 2016-01-20 15:36 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-01-20 15:36 - 2016-01-20 15:36 - 00026420 _____ C:\WINDOWS\System32\Tasks\DNSLAFAYETTE
2016-01-20 15:36 - 2016-01-20 15:36 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2016-01-20 15:35 - 2016-01-20 16:36 - 00001661 _____ C:\Users\Ron Lopez\Desktop\Continue installation .lnk
2016-01-20 15:33 - 2016-01-20 15:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\WinRAR
2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-20 15:32 - 2016-01-20 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-20 15:31 - 2016-01-20 15:32 - 00000000 ____D C:\Program Files\WinRAR
2016-01-20 05:35 - 2016-01-20 15:30 - 00000000 ___RD C:\Users\Ron Lopez\Downloads\DeviceDoctor.RAROpener_mkdtfchztkfbm!App
2016-01-20 05:22 - 2016-01-20 05:22 - 01076068 _____ C:\Users\Ron Lopez\Downloads\Wifi Password Hacker v5 Download Full version For pc__13150_i1827824625_il6253.rar
2016-01-16 20:21 - 2016-01-16 20:21 - 00115424 ____T C:\Users\Ron Lopez\Desktop\House rental search expenses visa.pdf
2016-01-13 23:13 - 2016-01-13 23:15 - 00034304 _____ C:\Users\Ron Lopez\Desktop\CEM-S Expense report Template.xls
2016-01-13 21:16 - 2016-01-13 21:16 - 08416278 _____ C:\Users\Ron Lopez\Desktop\R. Lopez lease 1.13.160001.pdf
2016-01-13 09:57 - 2016-01-13 09:58 - 00000000 ____D C:\Users\Ron Lopez\Documents\Safety At Work Videos
2016-01-12 15:00 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-12 15:00 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-12 14:59 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 14:59 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 14:59 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 14:59 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 14:59 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 14:59 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 14:59 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 14:59 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 14:59 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 14:59 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 14:59 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 14:59 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 14:59 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 14:59 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 14:59 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 14:59 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 14:59 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 14:59 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 14:59 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 14:59 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-12 14:59 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 14:59 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 14:59 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 14:59 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 14:59 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 14:59 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 14:59 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 14:59 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-12 14:59 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 14:59 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 14:59 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 14:59 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 14:59 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 14:59 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 14:59 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 14:59 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 14:59 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 14:59 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 14:59 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 14:59 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 14:59 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 14:59 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 14:59 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-12 14:59 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 14:59 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 14:59 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 14:59 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 14:59 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 14:59 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 14:59 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 14:59 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 14:59 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 14:59 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 14:59 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 14:59 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 14:59 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 14:59 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 09:17 - 2016-01-12 09:18 - 00000000 ____D C:\Users\Ron Lopez\Documents\CEM Solutions Trainning info
2016-01-11 14:34 - 2016-01-11 14:34 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-11 12:48 - 2016-01-11 12:48 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\WinBatch
2016-01-11 12:25 - 2016-01-11 12:25 - 00280316 _____ C:\WINDOWS\Minidump\011116-38187-01.dmp
2016-01-10 13:57 - 2016-01-10 13:57 - 00653083 _____ C:\Users\Ron Lopez\Downloads\i-130.pdf
2016-01-10 10:37 - 2016-01-10 16:15 - 00000000 ____D C:\Users\Ron Lopez\Downloads\US Travel History 2012 to 2016
2016-01-09 14:35 - 2016-01-09 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-09 10:16 - 2016-01-09 10:17 - 00000000 ____D C:\Users\Ron Lopez\Documents\Casio Pathfinder
2016-01-09 10:15 - 2016-01-09 10:15 - 00048017 _____ C:\Users\Ron Lopez\Desktop\Honda US EPA & DOT Complience Letter.pdf
2015-12-23 22:20 - 2016-01-11 12:25 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-23 22:20 - 2015-12-23 22:22 - 00280308 _____ C:\WINDOWS\Minidump\122315-21812-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-21 12:31 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-21 12:30 - 2015-12-10 01:52 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-21 12:30 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-21 10:56 - 2013-07-10 22:26 - 00001970 _____ C:\WINDOWS\wininit.ini
2016-01-20 17:00 - 2012-12-02 23:15 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\ElevatedDiagnostics
2016-01-20 16:49 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-20 16:44 - 2015-12-10 02:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-20 16:43 - 2015-07-31 22:58 - 00000000 ___RD C:\Users\Ron Lopez\OneDrive
2016-01-20 16:42 - 2015-11-29 21:05 - 00000450 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2016-01-20 16:37 - 2012-09-27 19:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-20 16:36 - 2015-11-29 21:05 - 00002264 _____ C:\Users\Ron Lopez\Desktop\HP Photo Creations.lnk
2016-01-20 16:35 - 2012-09-08 21:38 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-20 15:58 - 2012-10-26 22:55 - 00000000 ____D C:\ProgramData\TEMP
2016-01-20 15:50 - 2012-09-08 21:38 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-20 15:47 - 2015-07-31 22:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-20 15:38 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\DMCache
2016-01-20 15:36 - 2013-03-31 23:52 - 00001356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-20 15:33 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-20 15:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-20 15:33 - 2015-07-31 22:54 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Packages
2016-01-20 15:12 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Compressed
2016-01-20 14:46 - 2015-11-29 21:07 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC034D0D-4F01-48CB-BB42-1B359780544B}
2016-01-20 05:24 - 2015-11-29 01:24 - 00000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRon Lopez.job
2016-01-20 05:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-19 22:38 - 2012-09-12 12:19 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\vlc
2016-01-18 22:31 - 2012-10-27 16:33 - 00000000 ____D C:\Users\Ron Lopez\Downloads\Video
2016-01-14 21:22 - 2012-09-08 22:12 - 00000000 ____D C:\Users\Ron Lopez\AppData\Roaming\Skype
2016-01-13 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-13 12:26 - 2015-02-03 21:07 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-714211835-398583104-3702693888-1000Core.job
2016-01-13 10:47 - 2015-11-07 21:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 10:47 - 2014-12-23 20:07 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 10:43 - 2011-04-25 14:54 - 00000000 ____D C:\Users\Ron Lopez\Documents\2011 Mortgage Renewal Forms
2016-01-13 10:41 - 2012-11-19 01:11 - 00000000 ___RD C:\Users\Ron Lopez\Documents\Documents (3)
2016-01-13 10:41 - 2012-11-19 01:08 - 00000000 ___RD C:\Users\Ron Lopez\Documents\My Documents1
2016-01-13 10:19 - 2015-05-24 16:53 - 00000000 ____D C:\Users\Ron Lopez\Documents\Cell Phone info
2016-01-13 09:47 - 2013-11-02 18:29 - 00000000 ____D C:\Users\Ron Lopez\Documents\2013 Callsellect
2016-01-12 16:48 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-12 16:47 - 2013-08-17 07:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 16:42 - 2012-09-27 20:30 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-11 19:02 - 2015-09-06 16:24 - 00000000 ____D C:\Users\Ron Lopez\Documents\Bills 2015
2016-01-11 14:34 - 2015-12-10 01:53 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-11 12:49 - 2012-05-08 14:10 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-01-11 12:30 - 2015-12-10 01:53 - 00000000 ____D C:\Users\Ron Lopez
2016-01-11 12:24 - 2015-07-19 21:53 - 648511574 _____ C:\WINDOWS\MEMORY.DMP
2016-01-10 11:54 - 2013-03-31 23:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-10 09:38 - 2014-08-23 18:38 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Adobe
2016-01-10 09:37 - 2012-09-27 19:07 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-09 14:35 - 2015-03-08 17:35 - 00000000 ____D C:\Users\Ron Lopez\AppData\Local\Skype
2016-01-09 14:35 - 2015-03-08 17:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-09 14:35 - 2012-05-08 14:40 - 00000000 ____D C:\ProgramData\Skype
2016-01-06 22:02 - 2015-11-24 20:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2016-01-20 15:48 - 2016-01-20 15:48 - 0000036 _____ () C:\Users\Ron Lopez\AppData\Local\housecall.guid.cache
2012-09-27 19:10 - 2015-12-15 13:23 - 0017287 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Ron Lopez\AppData\Local\Temp\brastub_amobl_inst.exe
C:\Users\Ron Lopez\AppData\Local\Temp\FreeYouTubeDownloader.exe
C:\Users\Ron Lopez\AppData\Local\Temp\hib9C5B.exe
C:\Users\Ron Lopez\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ron Lopez\AppData\Local\Temp\UK3YBBS8O4.exe
C:\Users\Ron Lopez\AppData\Local\Temp\Uninstall.exe
C:\Users\Ron Lopez\AppData\Local\Temp\Wifi Password Hacker v5 Download Full version For pc__13150_i1827824625_il6253.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-12 09:01
==================== End of FRST.txt ============================
Edited by lopez66, 21 January 2016 - 12:11 PM.