UC Chinese Virus

However, after doing what jmarket told me, I’ll re run the scan (this time with sleep off) and follow the other commands listed by @Malnutrition.

jmarket , I ran the program… and it asked me if I wanted to use the “Visualization Technology”, after researching on it, I pressed yes and I got a blue screen of death. Will try again without the visualization thingy.

[HEADING=1]jmarket
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-12-01 00:01:34[/HEADING]
00:01:34.466 OS Version: Windows x64 6.2.9200
00:01:34.467 Number of processors: 4 586 0x3A09
00:01:34.468 ComputerName: HOMEPC UserName:
00:01:48.000 Initialize success
00:01:48.297 VM: initialized successfully
00:01:48.299 VM: Intel CPU supported
00:02:18.378 VM: not used
00:03:12.013 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\00000029
00:03:12.019 Disk 0 Vendor: WDC_WD10JPVT-24A1YT0 01.01A01 Size: 953869MB BusType: 11
00:03:12.454 Disk 0 MBR read successfully
00:03:12.459 Disk 0 MBR scan
00:03:12.465 Disk 0 unknown MBR code
00:03:12.488 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
00:03:12.844 Disk 0 scanning C:\WINDOWS\system32\drivers
00:04:33.600 Service scanning
00:06:21.844 Modules scanning
00:06:21.844 Disk 0 trace - called modules:
00:06:21.875 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
00:06:22.391 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xffffdb01ffa48060]
00:06:22.391 3 CLASSPNP.SYS[fffff80162015efb] → nt!IofCallDriver → [0xffffdb01fd3cf7c0]
00:06:22.391 5 ACPI.sys[fffff80161854571] → nt!IofCallDriver → \Device\00000029[0xffffdb01fd3e9400]
00:06:22.406 Disk 0 statistics 27054/0/0 @ 0.27 MB/s
00:06:22.406 Scan finished successfully
00:09:07.821 Disk 0 MBR has been saved successfully to “C:\Users\Ivan Reyes Ortega\Desktop\MBR.dat”
00:09:07.837 The log file has been saved successfully to “C:\Users\Ivan Reyes Ortega\Desktop\aswMBR.txt”

Looks good You can continue with Mal’s instructions

I will continue tomorrow morning since I wont be be back till very late today and in order to complete the scan properly the computer should not sleep.

Found out I had to change my settings to “Turn my monitor off after:” Never. Will leave the scan overnight once again (Hopefully, this time successfully)

[ATTACH]976[/ATTACH]

As for the 9lab scan; it seems like it wont work.
[ATTACH]977[/ATTACH]

Sorry for the delay, can you post a fresh set of FRST logs and please tell me what issues remain.

Also, try and run 9-Lab in safe mode with networking.

Alright! Will try the 9-lab in safe mode with networking. Tomorrow will post results and the FRST logs.

If you can not get 9-Lab to run just skip it, just get me the FRST logs so that I can check for any lingering malware.

The 9 lab scanner detected like 9000+ files! Are all of these really viruses? Could paste the file so I’ve attached it. Additionally, it got stuck and unable to delete 4 of the items. I’m also attaching a picture showing this.
[ATTACH]1007[/ATTACH]

Here are the FRST logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-12-2016
Ran by Ivan Reyes Ortega (administrator) on HOMEPC (05-12-2016 11:31:54)
Running from C:\Users\Ivan Reyes Ortega\Desktop\Defenses\FRST
Loaded Profiles: Ivan Reyes Ortega (Available Profiles: Joanne & Ivan Reyes Ortega & Guest)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Everything\Everything.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.Lo calDataServer.Education.exe
(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDa taServer.Game.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Spotify Ltd) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.ex e
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Quanta Computer Inc.) C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x6 4__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.ex e
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_Activ eX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-01] (Microsoft Corporation)
HKLM...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2016-10-11] ()
HKLM...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM-x32...\Run: [OSD Utility] => C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe [18276352 2012-05-21] (Quanta Computer Inc.)
HKLM-x32...\Run: [Lenovo Silver Silk Wireless Keyboard] => C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [392192 2012-02-17] (Lenovo)
HKLM-x32...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-04] (Autodesk Inc.)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
HKLM-x32...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM-x32...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-09-19] (Apple Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Run: [Akamai NetSession Interface] => “C:\Users\Ivan Reyes Ortega\AppData\Local\Akamai\netsession_win.exe”
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Run: [Spotify Web Helper] => C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.ex e [2018360 2015-08-23] (Spotify Ltd)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [974360 2016-07-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Run: [Discord] => C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Control Panel\Desktop\SCRNSAVE.EXE → C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ AccExtIco1] → {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] → {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] → {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] → {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] → {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] → {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] → {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] → {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-01-07]
ShortcutTarget: GoPro Importer.lnk → C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-02-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk → C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP DeskJet 1110 series.lnk [2016-12-04]
ShortcutTarget: Monitor Ink Alerts - HP DeskJet 1110 series.lnk → C:\Program Files\HP\HP DeskJet 1110 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip..\Interfaces{0d7355bc-6532-4c94-b735-8764407bd143}: [DhcpNameServer] 10.0.0.1
[HEADING=1]Internet Explorer:[/HEADING]
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 → C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-26] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-26] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 → C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1. dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 → C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame → C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-03-12] (Nexon)
FF Plugin-x32: @nitropdf.com/NitroPDF → C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2198469641-46685643-2895634536-1004: @unity3d.com/UnityPlayer,version=1.0 → C:\Users\Ivan Reyes Ortega\AppData\LocalLow\Unity\WebPlayer\loader\npU nity3D32.dll [2014-09-05] (Unity Technologies ApS)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-04] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2015-08-20] (Broadcom Corporation.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-07-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-07-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-07-21] (BlueStack Systems, Inc.)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [430480 2013-02-22] (Nuance Communications, Inc.)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-15] (Microsoft) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1029648 2016-11-29] (Garmin Ltd. or its subsidiaries)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-10-11] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.Lo calDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDa taServer.Game.exe [7680 2012-05-17] (Microsoft) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-26] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-26] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-08-20] (Broadcom Corporation.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-07-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-07-21] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2015-10-21] (hxxp://libusb-win32.sourceforge.net)
R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{E779B6D3-1BBF-41CD-A3E2-813FD27FD992}\MpKslDrv.sys [44928 2016-12-04] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2016-03-08] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 VMC412; C:\WINDOWS\System32\Drivers\VMC412.sys [241920 2016-03-08] (Vimicro Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-11-29] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-11-29] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-05 11:16 - 2016-12-05 11:16 - 01852259 _____ C:\Users\Ivan Reyes Ortega\Desktop\9lab results.txt
2016-12-05 11:12 - 2016-12-05 11:12 - 01852259 _____ C:\Users\Ivan Reyes Ortega\Desktop\9lab-log-2016-12-05 (00-58-33).txt
2016-12-04 01:50 - 2016-12-04 01:50 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job
2016-12-03 13:36 - 2016-12-03 13:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign24a766ecde44338e
2016-12-03 13:35 - 2016-12-03 13:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf09fbed49c3953e4
2016-12-03 13:35 - 2016-12-03 13:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1f33b77bdb865bb0
2016-12-02 20:13 - 2016-12-02 20:13 - 00000000 ____D C:\Users\Joanne\AppData\Local\Zemana
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna2fdc6ed1fe23680
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4e306507b2235406
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign25b2817565b6a165
2016-12-02 14:55 - 2016-12-02 14:55 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4113661bfbf9ec4
2016-12-02 14:55 - 2016-12-02 14:55 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1da0b20d8b0c50da
2016-12-02 14:54 - 2016-12-02 14:54 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign416e9ee4319f429f
2016-12-02 14:30 - 2016-12-02 14:30 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign86f116bd6107cff4
2016-12-02 12:04 - 2016-12-02 12:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2ace09325c114503
2016-12-02 12:04 - 2016-12-02 12:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign20a9e2558c5efb45
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb1634104eabce732
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign87cdf395b9e99bb2
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5de8bdc3fd576b90
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1ae5dd934df26a18
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigneb6f4281d561f241
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5f38946803be124d
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign076fcfe5d2dca300
2016-12-02 10:43 - 2016-12-03 20:07 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Desktop\Clients
2016-12-02 10:43 - 2016-12-02 10:43 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\9-lab
2016-12-02 10:43 - 2016-12-02 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2016-12-02 10:43 - 2016-12-02 10:43 - 00000000 ____D C:\ProgramData\9-lab
2016-12-02 10:43 - 2016-12-02 10:43 - 00000000 ____D C:\Program Files\9-lab
2016-12-02 10:42 - 2016-12-02 10:43 - 06466144 _____ C:\Users\Ivan Reyes Ortega\Downloads\rmtool-setup-x64.exe
2016-12-02 02:32 - 2016-12-02 02:32 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-12-02 02:32 - 2016-12-02 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-12-01 23:58 - 2016-12-01 23:58 - 00003510 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4217be0e706de9d
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna961d9b996b69b6a
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1fbdbf9ade0c62c0
2016-12-01 11:32 - 2016-12-01 11:32 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign6d5981f57fb8d901
2016-12-01 11:31 - 2016-12-01 11:31 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf98a8353c428fca7
2016-12-01 11:31 - 2016-12-01 11:31 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45d51b50f63c5ee9
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf733f83a8b8abf78
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign829839379033796c
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4eb3dfc44eeaf8bb
2016-12-01 03:57 - 2016-12-01 03:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2b7b54a26e1ef520
2016-12-01 03:04 - 2016-12-01 03:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc248ede3762bf2ad
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc24887e1e604e95c
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign682256ca7e561c64
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4da3bfde17a0b234
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3ab1887b15cdc5ff
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign379df4a28d7b0a04
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9eed872c99fc8b77
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a211b0077920826
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1584d9d439aae027
2016-12-01 00:28 - 2016-12-01 00:28 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9529c9df4bbf6a46
2016-12-01 00:28 - 2016-12-01 00:28 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign78c6c1ed6caffe3e
2016-12-01 00:26 - 2016-12-01 00:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign65bc5baca0181620
2016-12-01 00:24 - 2016-12-01 00:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc7cd6e62e15b1529
2016-12-01 00:24 - 2016-12-01 00:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5da3c183c298ade2
2016-12-01 00:12 - 2016-12-01 00:12 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0c0664295fa8a1e4
2016-12-01 00:09 - 2016-12-01 00:09 - 00001672 _____ C:\Users\Ivan Reyes Ortega\Desktop\aswMBR.txt
2016-12-01 00:09 - 2016-12-01 00:09 - 00000512 _____ C:\Users\Ivan Reyes Ortega\Desktop\MBR.dat
2016-11-30 23:54 - 2016-11-30 23:54 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-30 23:51 - 2016-12-01 00:01 - 05200384 _____ (AVAST Software) C:\Users\Ivan Reyes Ortega\Downloads\aswmbr.exe
2016-11-30 15:09 - 2016-11-30 15:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ivan Reyes Ortega\Downloads\mbar-1.09.3.1001 (1).exe
2016-11-30 13:30 - 2016-11-30 13:30 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign84b5d366502b6cec
2016-11-30 12:35 - 2016-11-30 12:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignbe840b5f627a8589
2016-11-30 12:35 - 2016-11-30 12:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2107f73f8e532d86
2016-11-30 10:37 - 2016-11-30 10:37 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd8e40a378942779a
2016-11-30 10:36 - 2016-11-30 10:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a739be8cf76bf28
2016-11-30 10:36 - 2016-11-30 10:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign14e14c73aa6fb958
2016-11-30 10:29 - 2016-12-02 12:02 - 00000033 _____ C:\Users\Ivan Reyes Ortega\AppData\Roaming\AdobeWLCMCache.dat
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc59d70c7919ffb7d
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9465d48e85c1dbb5
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0d962e5933c6cf32
2016-11-30 10:24 - 2016-11-30 10:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb18e280626faf76f
2016-11-30 10:24 - 2016-11-30 10:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0a5ece4d67ce42fa
2016-11-30 10:23 - 2016-11-30 10:23 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0672381c9e7f3729
2016-11-30 01:57 - 2016-12-02 10:47 - 00000000 ____D C:\ProgramData\Malwarebytes’ Anti-Malware (portable)
2016-11-30 01:54 - 2016-11-30 01:55 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ivan Reyes Ortega\Downloads\mbar-1.09.3.1001.exe
2016-11-30 00:01 - 2016-11-30 00:01 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd7901b76d0c6ca59
2016-11-30 00:01 - 2016-11-30 00:01 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1079eea9752a8bea
2016-11-30 00:00 - 2016-11-30 00:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigne0fb814359a08ec8
2016-11-29 16:48 - 2016-11-29 16:48 - 00002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk
2016-11-29 16:10 - 2016-11-29 16:10 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1d0cf9aa9f0006bd
2016-11-29 16:10 - 2016-11-29 16:10 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1496dc2f1f5dc247
2016-11-29 16:03 - 2016-11-29 16:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf45da2ae1fcaddc0
2016-11-29 16:03 - 2016-11-29 16:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45400c04d65206d8
2016-11-29 15:51 - 2016-11-29 15:51 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2017.lnk
2016-11-29 15:36 - 2016-12-02 14:52 - 00000000 ___RD C:\Users\Ivan Reyes Ortega\Creative Cloud Files
2016-11-29 15:32 - 2016-11-29 15:32 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-11-29 15:32 - 2016-11-29 15:32 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-11-29 15:24 - 2016-11-29 15:24 - 00801984 _____ (Adobe Systems Incorporated) C:\Users\Ivan Reyes Ortega\Downloads\CreativeCloudSet-Up (1).exe
2016-11-29 15:17 - 2016-11-29 15:17 - 00179632 _____ C:\Users\Ivan Reyes Ortega\Desktop\ZHPDiag.txt
2016-11-29 14:50 - 2016-11-29 14:50 - 02511360 _____ C:\Users\Ivan Reyes Ortega\Downloads\ZHPDiag3.exe
2016-11-29 12:07 - 2016-12-02 16:16 - 00000385 _____ C:\Users\Ivan Reyes Ortega\Desktop\Fotosistema.txt
2016-11-29 11:21 - 2016-11-29 12:07 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Everything
2016-11-29 11:21 - 2016-11-29 11:21 - 00000000 ____D C:\Program Files\Everything
2016-11-29 10:20 - 2016-12-05 11:33 - 02805656 _____ C:\WINDOWS\ZAM.krnl.trace
2016-11-29 10:20 - 2016-12-05 11:32 - 00369764 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-11-29 10:20 - 2016-11-29 10:20 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-11-29 10:20 - 2016-11-29 10:20 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-11-29 10:20 - 2016-11-29 10:20 - 00001228 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-11-29 10:20 - 2016-11-29 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-29 10:20 - 2016-11-29 10:20 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-29 10:19 - 2016-11-29 10:19 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Zemana
2016-11-29 09:41 - 2016-11-29 10:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Desktop\Tripod
2016-11-29 09:13 - 2016-11-29 09:13 - 00087497 _____ C:\Users\Ivan Reyes Ortega\Desktop\Anti-Malware log.txt
2016-11-29 00:02 - 2016-12-02 00:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-28 23:52 - 2016-12-02 00:43 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-28 23:52 - 2016-11-28 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-28 23:52 - 2016-11-28 23:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-28 23:52 - 2016-11-28 23:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-28 23:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-28 23:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-28 13:57 - 2016-11-28 13:57 - 00001752 _____ C:\Users\Ivan Reyes Ortega\Desktop\Adobe Illustrator CS6.lnk
2016-11-28 13:57 - 2016-11-28 13:57 - 00001137 _____ C:\Users\Ivan Reyes Ortega\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2016-11-28 13:55 - 2016-11-28 14:02 - 01065376 _____ (Google Inc.) C:\Users\Ivan Reyes Ortega\Downloads\ChromeSetup.exe
2016-11-28 12:32 - 2016-11-28 12:32 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2016-11-28 12:32 - 2016-11-28 12:32 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-11-28 12:07 - 2016-11-28 12:16 - 00000000 ____D C:\AdwCleaner
2016-11-28 11:30 - 2016-11-28 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-28 11:30 - 2016-11-28 11:30 - 00000000 ____D C:\Program Files\CCleaner
2016-11-28 11:05 - 2016-11-28 11:05 - 00000133 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.64. bc
2016-11-28 11:04 - 2016-11-28 11:04 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-11-28 10:45 - 2016-12-02 10:44 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Desktop\Defenses
2016-11-28 10:11 - 2016-11-28 10:45 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Geek Uninstaller
2016-11-28 08:55 - 2016-12-05 11:31 - 00000000 ____D C:\FRST
2016-11-28 03:13 - 2016-11-28 03:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-11-28 03:13 - 2016-11-28 03:13 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-11-28 02:38 - 2016-11-28 02:38 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Crashpad
2016-11-28 02:29 - 2016-11-28 02:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-11-28 02:26 - 2016-11-28 12:27 - 00000000 ____D C:\Program Files (x86)\IObit
2016-11-28 02:26 - 2016-11-28 02:26 - 00002345 ___RS C:\Users\Public\Desktop\Ваttle.nеt.lnk
2016-11-28 02:26 - 2016-11-28 02:26 - 00002222 ___RS C:\Users\Ivan Reyes Ortega\Desktop\Nеxon Launcher.lnk
2016-11-28 02:26 - 2016-11-28 02:26 - 00001422 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Chrоmе.lnk
2016-11-28 02:12 - 2016-11-28 02:12 - 00003670 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount...reor@gmail.com
2016-11-28 02:04 - 2016-11-28 02:04 - 00000000 ____D C:\ProgramData\ALM
2016-11-28 01:55 - 2016-11-28 02:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2016-11-28 01:09 - 2016-11-28 01:18 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Desktop\MasterCollection_CS6_LS16
2016-11-27 18:23 - 2016-11-27 19:48 - 2365586577 _____ C:\Users\Ivan Reyes Ortega\Documents\MasterCollection_CS6_LS16.7z
2016-11-27 01:05 - 2016-11-27 01:05 - 00801984 _____ (Adobe Systems Incorporated) C:\Users\Ivan Reyes Ortega\Downloads\CreativeCloudSet-Up.exe
2016-11-27 00:48 - 2016-11-27 00:48 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\StageManager.BD092818F67280 F4B42B04877600987F0111B594.1
2016-11-26 23:09 - 2016-11-26 23:09 - 00001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-11-26 23:09 - 2016-11-26 23:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-11-26 23:09 - 2016-11-26 23:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-11-26 10:07 - 2016-11-26 10:13 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-11-26 09:43 - 2016-11-28 02:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-11-26 09:43 - 2016-11-28 01:02 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Battle.net
2016-11-26 09:43 - 2016-11-26 09:43 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Blizzard Entertainment
2016-11-26 09:43 - 2016-11-26 09:43 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-11-26 09:41 - 2016-11-28 01:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-26 09:39 - 2016-11-26 09:44 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Battle.net
2016-11-26 09:39 - 2016-11-26 09:39 - 00000000 ____D C:\ProgramData\Battle.net
2016-11-26 09:37 - 2016-11-26 09:39 - 03126768 _____ (Blizzard Entertainment) C:\Users\Ivan Reyes Ortega\Downloads\Battle.net-Setup.exe
2016-11-23 11:55 - 2016-11-23 11:55 - 00062278 _____ C:\Users\Ivan Reyes Ortega\Downloads\Einari’s Potraits Mod - FIX FOR 1.1-565-.zip
2016-11-23 11:55 - 2016-11-23 11:55 - 00011180 _____ C:\Users\Ivan Reyes Ortega\Downloads\Maru Hospital-565-.zip
2016-11-21 12:53 - 2016-11-21 12:53 - 00163797 _____ C:\Users\Ivan Reyes Ortega\Downloads\SVPortraits.zip
2016-11-20 01:42 - 2016-11-20 01:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-11-16 03:06 - 2016-11-16 03:06 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Desktop\Skype Screenshots
2016-11-13 15:48 - 2016-11-13 15:48 - 00000000 ____D C:\Users\Joanne.QtWebEngineProcess
2016-11-13 15:48 - 2016-11-13 15:48 - 00000000 ____D C:\Users\Joanne.GoPro
2016-11-13 15:46 - 2016-11-13 15:46 - 00000846 _____ C:\Users\Public\Desktop\Quik.lnk
2016-11-13 15:46 - 2016-11-13 15:46 - 00000000 ____D C:\Program Files\GoPro
2016-11-13 15:41 - 2016-11-13 15:45 - 252305280 _____ (GoPro, Inc.) C:\Users\Joanne\Downloads\Quik-WinInstaller-2.0.1.4320.exe
2016-11-11 15:49 - 2016-11-11 15:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Downloads\Introductory Circuit Analysis (11th Edition) by Robert L. Boylestad
2016-11-11 15:47 - 2016-11-11 15:47 - 25064085 _____ C:\Users\Ivan Reyes Ortega\Downloads\Introductory Circuit Analysis (11th Edition) by Robert L. Boylestad.zip
2016-11-08 17:16 - 2016-11-02 08:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-08 17:16 - 2016-11-02 07:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-08 17:16 - 2016-11-02 07:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-08 17:16 - 2016-11-02 07:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-08 17:16 - 2016-11-02 07:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-08 17:16 - 2016-11-02 07:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-08 17:16 - 2016-11-02 07:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-08 17:16 - 2016-11-02 07:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-08 17:16 - 2016-11-02 07:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-08 17:16 - 2016-11-02 07:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-08 17:16 - 2016-11-02 07:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-08 17:16 - 2016-11-02 07:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-08 17:16 - 2016-11-02 07:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-08 17:16 - 2016-11-02 06:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandle r.dll
2016-11-08 17:16 - 2016-11-02 06:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-08 17:16 - 2016-11-02 06:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-08 17:16 - 2016-11-02 06:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-08 17:16 - 2016-11-02 06:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-08 17:16 - 2016-11-02 06:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandle r.dll
2016-11-08 17:16 - 2016-11-02 06:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-08 17:16 - 2016-11-02 06:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin. dll
2016-11-08 17:16 - 2016-11-02 06:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-08 17:16 - 2016-11-02 06:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-08 17:16 - 2016-11-02 06:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-08 17:16 - 2016-11-02 06:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-08 17:16 - 2016-11-02 06:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-08 17:16 - 2016-11-02 06:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-08 17:16 - 2016-11-02 06:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-08 17:16 - 2016-11-02 06:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-08 17:16 - 2016-11-02 06:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-08 17:16 - 2016-11-02 06:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-08 17:16 - 2016-11-02 06:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-08 17:16 - 2016-11-02 06:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-08 17:16 - 2016-11-02 06:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-08 17:16 - 2016-11-02 06:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-08 17:16 - 2016-11-02 06:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-08 17:16 - 2016-11-02 06:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-08 17:16 - 2016-11-02 06:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-08 17:16 - 2016-11-02 04:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-08 17:15 - 2016-11-02 08:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-08 17:15 - 2016-11-02 07:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-08 17:15 - 2016-11-02 07:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-08 17:15 - 2016-11-02 07:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-08 17:15 - 2016-11-02 07:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-08 17:15 - 2016-11-02 07:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-08 17:15 - 2016-11-02 07:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2016-11-08 17:15 - 2016-11-02 07:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-08 17:15 - 2016-11-02 07:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-08 17:15 - 2016-11-02 07:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-08 17:15 - 2016-11-02 07:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-08 17:15 - 2016-11-02 07:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-08 17:15 - 2016-11-02 07:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-08 17:15 - 2016-11-02 07:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-08 17:15 - 2016-11-02 07:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2016-11-08 17:15 - 2016-11-02 07:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-08 17:15 - 2016-11-02 06:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-08 17:15 - 2016-11-02 06:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-08 17:15 - 2016-11-02 06:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-08 17:15 - 2016-11-02 06:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-08 17:15 - 2016-11-02 06:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-08 17:15 - 2016-11-02 06:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-08 17:15 - 2016-11-02 06:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-08 17:15 - 2016-11-02 06:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-08 17:15 - 2016-11-02 06:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-08 17:15 - 2016-11-02 06:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-08 17:15 - 2016-11-02 06:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-08 17:15 - 2016-11-02 06:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-08 17:15 - 2016-11-02 06:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-08 17:15 - 2016-11-02 06:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-08 17:15 - 2016-11-02 06:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-08 17:15 - 2016-11-02 06:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-08 17:15 - 2016-11-02 06:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-08 17:15 - 2016-11-02 06:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-08 17:15 - 2016-11-02 06:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-08 17:15 - 2016-11-02 06:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-08 17:15 - 2016-11-02 06:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-08 17:15 - 2016-11-02 06:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-08 17:15 - 2016-11-02 06:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-08 17:15 - 2016-11-02 06:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-08 17:15 - 2016-11-02 06:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-08 17:15 - 2016-11-02 06:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-08 17:15 - 2016-11-02 06:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-08 17:15 - 2016-11-02 06:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-08 17:15 - 2016-11-02 06:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockS creen.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-08 17:15 - 2016-11-02 06:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-08 17:15 - 2016-11-02 06:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-08 17:15 - 2016-11-02 06:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-08 17:15 - 2016-11-02 06:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-08 17:15 - 2016-11-02 06:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-08 17:15 - 2016-11-02 06:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-08 17:15 - 2016-11-02 06:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-08 17:15 - 2016-11-02 06:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-08 17:15 - 2016-11-02 06:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-08 17:15 - 2016-11-02 06:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHan dlers.dll
2016-11-08 17:15 - 2016-11-02 06:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-08 17:15 - 2016-11-02 06:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-08 17:15 - 2016-11-02 06:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-08 17:15 - 2016-11-02 06:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-08 17:15 - 2016-11-02 06:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-08 17:15 - 2016-11-02 06:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-08 17:15 - 2016-11-02 06:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-08 17:15 - 2016-11-02 06:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-08 17:15 - 2016-11-02 06:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-08 17:15 - 2016-11-02 06:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authenticatio n.OnlineId.dll
2016-11-08 17:15 - 2016-11-02 06:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-08 17:15 - 2016-11-02 06:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-08 17:15 - 2016-11-02 06:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-08 17:15 - 2016-11-02 06:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-08 17:15 - 2016-11-02 06:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-08 17:15 - 2016-11-02 06:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-08 17:15 - 2016-11-02 06:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-08 17:15 - 2016-11-02 06:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-08 17:15 - 2016-11-02 06:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-08 17:15 - 2016-11-02 06:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-08 17:15 - 2016-11-02 06:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-08 17:14 - 2016-11-02 07:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-08 17:14 - 2016-11-02 07:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-08 17:14 - 2016-11-02 07:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-08 17:14 - 2016-11-02 07:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-08 17:14 - 2016-11-02 07:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-08 17:14 - 2016-11-02 07:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-08 17:14 - 2016-11-02 07:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-08 17:14 - 2016-11-02 07:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-08 17:14 - 2016-11-02 07:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-08 17:14 - 2016-11-02 07:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-08 17:14 - 2016-11-02 07:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-08 17:14 - 2016-11-02 07:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-08 17:14 - 2016-11-02 07:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-08 17:14 - 2016-11-02 07:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-08 17:14 - 2016-11-02 07:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-08 17:14 - 2016-11-02 07:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-08 17:14 - 2016-11-02 07:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-08 17:14 - 2016-11-02 07:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-08 17:14 - 2016-11-02 07:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-08 17:14 - 2016-11-02 07:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-08 17:14 - 2016-11-02 07:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-08 17:14 - 2016-11-02 06:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-08 17:14 - 2016-11-02 06:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-08 17:14 - 2016-11-02 06:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-08 17:14 - 2016-11-02 06:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-08 17:14 - 2016-11-02 06:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-08 17:14 - 2016-11-02 06:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-08 17:14 - 2016-11-02 06:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-08 17:14 - 2016-11-02 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-08 17:14 - 2016-11-02 06:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-08 17:14 - 2016-11-02 06:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-08 17:14 - 2016-11-02 06:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-08 17:14 - 2016-11-02 06:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-08 17:14 - 2016-11-02 06:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-08 17:14 - 2016-11-02 06:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-08 17:14 - 2016-11-02 06:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-08 17:14 - 2016-11-02 06:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockS creen.dll
2016-11-08 17:14 - 2016-11-02 06:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-08 17:14 - 2016-11-02 06:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-08 17:14 - 2016-11-02 06:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-08 17:14 - 2016-11-02 06:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-08 17:14 - 2016-11-02 06:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-08 17:14 - 2016-11-02 06:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-08 17:14 - 2016-11-02 06:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterface Device.dll
2016-11-08 17:14 - 2016-11-02 06:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-08 17:14 - 2016-11-02 06:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-08 17:14 - 2016-11-02 06:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-08 17:14 - 2016-11-02 06:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-08 17:14 - 2016-11-02 06:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-08 17:14 - 2016-11-02 06:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-08 17:14 - 2016-11-02 06:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-08 17:14 - 2016-11-02 06:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-08 17:14 - 2016-11-02 06:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-08 17:14 - 2016-11-02 06:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-08 17:14 - 2016-11-02 06:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-08 17:14 - 2016-11-02 06:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-08 17:14 - 2016-11-02 06:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-08 17:14 - 2016-11-02 06:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-08 17:14 - 2016-11-02 06:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-08 17:14 - 2016-11-02 06:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-08 17:14 - 2016-11-02 06:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-08 17:14 - 2016-11-02 06:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-08 17:14 - 2016-11-02 06:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-08 17:14 - 2016-11-02 06:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-08 17:14 - 2016-11-02 06:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authenticatio n.OnlineId.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterface Device.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-08 17:14 - 2016-11-02 06:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-08 17:14 - 2016-11-02 06:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-08 17:14 - 2016-11-02 06:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-08 17:14 - 2016-11-02 06:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-08 17:14 - 2016-11-02 06:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-08 17:14 - 2016-11-02 06:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-08 17:14 - 2016-11-02 06:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-08 17:14 - 2016-11-02 06:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-08 17:14 - 2016-11-02 06:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-08 17:14 - 2016-11-02 06:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-08 17:14 - 2016-11-02 06:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2016-11-08 17:14 - 2016-11-02 06:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-08 17:14 - 2016-11-02 06:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-08 17:14 - 2016-11-02 06:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-08 17:14 - 2016-11-02 06:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-08 17:14 - 2016-11-02 06:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-08 17:14 - 2016-11-02 06:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-08 17:14 - 2016-11-02 06:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-08 17:14 - 2016-11-02 06:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-08 17:14 - 2016-11-02 06:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-08 17:14 - 2016-11-02 06:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-08 17:14 - 2016-11-02 06:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-08 17:14 - 2016-11-02 06:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-08 17:14 - 2016-11-02 06:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2016-11-08 17:14 - 2016-11-02 06:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-08 17:14 - 2016-11-02 06:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-08 17:14 - 2016-11-02 06:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-08 17:14 - 2016-11-02 06:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-08 17:14 - 2016-11-02 06:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-08 17:14 - 2016-11-02 06:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-08 17:14 - 2016-11-02 06:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-08 17:14 - 2016-11-02 06:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-08 17:14 - 2016-11-02 06:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-08 17:14 - 2016-11-02 05:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-08 17:14 - 2016-11-02 05:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-08 17:14 - 2016-08-02 00:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-05 16:02 - 2016-11-05 16:29 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\discord
2016-11-05 16:02 - 2016-11-05 16:02 - 00002341 _____ C:\Users\Ivan Reyes Ortega\Desktop\Discord.lnk
2016-11-05 16:02 - 2016-11-05 16:02 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-11-05 16:01 - 2016-11-05 16:02 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\SquirrelTemp
2016-11-05 16:01 - 2016-11-05 16:02 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Discord
2016-11-05 15:58 - 2016-11-05 16:01 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Ivan Reyes Ortega\Downloads\DiscordSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-05 10:38 - 2016-10-01 04:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-05 10:00 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-12-05 10:00 - 2013-04-23 14:11 - 00000000 ____D C:\Program Files (x86)\FreeRide Games.$quar
2016-12-05 02:19 - 2016-10-06 22:21 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-05 02:00 - 2016-07-04 10:13 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Adobe
2016-12-04 21:26 - 2013-12-26 00:24 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-04 19:47 - 2015-08-20 18:18 - 01604362 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-04 19:42 - 2014-11-12 12:45 - 00000000 __SHD C:\Users\Ivan Reyes Ortega\IntelGraphicsProfiles
2016-12-04 19:40 - 2016-10-01 05:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-04 11:36 - 2016-10-01 04:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega
2016-12-04 01:48 - 2016-07-16 02:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-12-04 00:07 - 2014-11-13 14:28 - 00000000 __SHD C:\Users\Joanne\IntelGraphicsProfiles
2016-12-03 09:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-02 19:40 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-02 14:52 - 2015-12-04 22:16 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-02 08:21 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-02 02:32 - 2015-10-21 13:53 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-12-02 02:32 - 2015-01-07 22:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-30 23:54 - 2013-04-23 13:29 - 00299317 ____N C:\WINDOWS\Minidump\113016-28796-01.dmp
2016-11-30 12:56 - 2016-10-01 04:24 - 00000000 ____D C:\Users\Joanne
2016-11-30 10:37 - 2016-07-04 10:13 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Adobe
2016-11-30 10:36 - 2016-10-25 17:06 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-11-30 01:19 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-11-29 16:48 - 2016-10-22 14:13 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-11-29 16:40 - 2014-01-06 15:17 - 00000000 ____D C:\Program Files\Adobe
2016-11-29 15:36 - 2016-07-04 10:13 - 00000000 ____D C:\ProgramData\Adobe
2016-11-29 15:30 - 2014-02-19 19:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-29 14:51 - 2014-01-06 15:56 - 00000195 _____ C:\Users\Ivan
2016-11-29 14:47 - 2016-10-22 15:45 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Documents\Adobe CC 2015 Universal Patcher 1.5
2016-11-29 09:16 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SchCache
2016-11-29 00:44 - 2014-01-07 16:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Nitro PDF
2016-11-28 15:00 - 2015-08-23 20:37 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Spotify
2016-11-28 15:00 - 2015-08-23 20:31 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify
2016-11-28 11:05 - 2015-08-29 03:37 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-28 11:01 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-11-28 10:53 - 2014-01-20 21:14 - 00000000 ____D C:\Program Files (x86)\Hp
2016-11-28 10:39 - 2013-04-23 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-11-28 10:39 - 2013-04-23 13:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-28 10:39 - 2013-04-23 13:46 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-11-28 10:34 - 2016-10-01 04:16 - 05045416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-28 10:32 - 2014-02-14 00:39 - 00000000 ____D C:\ProgramData\HP
2016-11-28 10:31 - 2014-02-14 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-11-28 10:24 - 2016-10-01 04:40 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-11-28 10:24 - 2016-10-01 04:40 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-11-28 03:14 - 2014-06-30 18:07 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\LogMeIn Hamachi
2016-11-28 02:38 - 2015-08-12 22:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\NexonLauncher
2016-11-27 01:14 - 2016-01-29 14:37 - 00000000 ___RD C:\Users\Ivan Reyes Ortega\ivan.reor@gmail.com Creative Cloud Files
2016-11-24 02:06 - 2014-07-24 16:47 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Skype
2016-11-24 00:59 - 2014-07-24 16:47 - 00000000 ____D C:\ProgramData\Skype
2016-11-24 00:58 - 2016-01-05 15:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-23 14:23 - 2013-12-09 10:37 - 00000000 ____D C:\Users\Joanne\AppData\Local\Packages
2016-11-22 11:19 - 2013-12-25 13:13 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Packages
2016-11-20 01:42 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-19 11:36 - 2016-03-24 17:41 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\StardewValley
2016-11-13 17:03 - 2013-12-23 15:10 - 00000000 ____D C:\Users\Joanne\AppData\Roaming\Nitro PDF
2016-11-13 15:53 - 2015-01-07 22:28 - 00000000 ____D C:\Users\Joanne\AppData\Local\GoPro
2016-11-13 15:50 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-13 15:47 - 2016-10-18 20:10 - 00000000 ____D C:\Program Files (x86)\GoPro
2016-11-13 15:47 - 2016-01-24 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2016-11-13 15:46 - 2013-04-23 14:06 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2016-11-13 15:46 - 2013-04-23 14:06 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2016-11-13 15:46 - 2013-04-23 14:06 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2016-11-13 15:46 - 2013-04-23 14:06 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2016-11-13 07:35 - 2013-12-22 21:20 - 00000000 ____D C:\Users\Joanne\AppData\Local\Google
2016-11-13 00:21 - 2013-12-09 10:37 - 00000000 ____D C:\Users\Joanne\AppData\Roaming\Adobe
2016-11-13 00:19 - 2013-04-23 16:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-11 15:50 - 2015-01-24 13:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Documents\Books
2016-11-11 14:25 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 23:44 - 2013-12-21 17:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 23:38 - 2013-12-21 17:04 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-08 10:19 - 2016-10-01 05:08 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2016-11-30 10:29 - 2016-12-02 12:02 - 0000033 _____ () C:\Users\Ivan Reyes Ortega\AppData\Roaming\AdobeWLCMCache.dat
2016-11-28 11:04 - 2016-11-28 11:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-28 11:05 - 2016-11-28 11:05 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64. bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-02 12:15
[HEADING=1]==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2016
Ran by Ivan Reyes Ortega (05-12-2016 11:34:30)
Running from C:\Users\Ivan Reyes Ortega\Desktop\Defenses\FRST
Windows 10 Home Version 1607 (X64) (2016-10-01 09:16:13)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-2198469641-46685643-2895634536-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2198469641-46685643-2895634536-503 - Limited - Disabled)
Guest (S-1-5-21-2198469641-46685643-2895634536-501 - Limited - Disabled) => C:\Users\Guest
Ivan Reyes Ortega (S-1-5-21-2198469641-46685643-2895634536-1004 - Administrator - Enabled) => C:\Users\Ivan Reyes Ortega
Joanne (S-1-5-21-2198469641-46685643-2895634536-1002 - Administrator - Enabled) => C:\Users\Joanne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1500 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
1500_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1500Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
9-lab Removal Tool (HKLM-x32...\9-lab Removal Tool) (Version: - )
A360 Desktop (HKLM...{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32...{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8C E.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32...{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM...{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM...{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32...{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
aTube Catcher (HKLM-x32...\aTube Catcher) (Version: 3.8.5187 - DsNET Corp)
aTube Catcher version 3.8 (HKLM-x32...{D43B360E-722D-421B-BC77-20B9E0F8B6CD}is1) (Version: 3.8 - DsNET Corp)
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32...{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32...{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32...{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM...{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Design Review 2013 (HKLM-x32...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Featured Apps 2016 (HKLM-x32...{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32...{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32...{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32...{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.15 - Autodesk)
Autodesk ReCap 2016 (HKLM...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
Battle.net (HKLM-x32...\Battle.net) (Version: - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32...\Steam App 238460) (Version: - The Behemoth)
BlueStacks App Player (HKLM-x32...\BlueStacks) (Version: 2.3.41.6024 - BlueStack Systems, Inc.)
Bonjour (HKLM...{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brawlhalla (HKLM-x32...\Steam App 291550) (Version: - Blue Mammoth Games)
Broforce (HKLM-x32...\Steam App 274190) (Version: - Free Lives)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Castle Crashers (HKLM-x32...\Steam App 204360) (Version: - The Behemoth)
CCleaner (HKLM...\CCleaner) (Version: 5.24 - Piriform)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32...{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Don’t Starve Together Beta (HKLM-x32...\Steam App 322330) (Version: - Klei Entertainment)
Dragon Assistant Application en-US version 1.5.0 (HKLM-x32...{1CCBE73F-4948-4711-8D12-22E2FD65D706}is1) (Version: 1.5.0 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.4 (HKLM-x32...{E97BA7A6-46FC-4EBF-B24A-B8362948C696}is1) (Version: 1.1.4 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.1 (HKLM-x32...{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}is1) (Version: 1.1.1 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.0 (HKLM-x32...{D57A8269-3BE5-4D10-B882-64D0F2D448BF}is1) (Version: 1.5.0 - Nuance Communications, Inc.)
Driver & Application Installation (HKLM-x32...{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo)
Easy Photo Scan (HKLM-x32...{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
EducationPortal (HKLM-x32...{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
Elevated Installer (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Copy Utility 4 (HKLM-x32...{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32...{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32...{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.00 - SEIKO EPSON Corp.)
Everything 1.3.4.686 (x64) (HKLM...\Everything) (Version: - )
Ezvid (HKLM-x32...{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}is1) (Version: 1.002 - Ezvid, inc.)
FARO LS 1.1.502.0 (64bit) (HKLM-x32...{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Find the Differences (HKLM-x32...\InstallShield{65F9B587-24A7-466A-999A-9C5F9D452400}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Find the Differences (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32...\InstallShield{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
FreeRide Games (HKLM-x32...{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Fruits (HKLM-x32...\InstallShield{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
GamePortal (HKLM-x32...{530A0CD0-4158-45BE-AD45-8DC7019C597F}) (Version: 5.00.012.0605 - Lenovo)
Garmin Express (HKLM-x32...{00bf033c-5ade-400f-a174-be74932eebc6}) (Version: 4.5.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
GoPro Studio (x32 Version: 5.10.4320 - GoPro, Inc.) Hidden
Grow Home (HKLM-x32...\Steam App 323320) (Version: - Reflections, a Ubisoft Studio)
Guacamelee! Gold Edition (HKLM...\Steam App 214770) (Version: - DrinkBox Studios)
HP DeskJet 1110 series Basic Device Software (HKLM...{87DEBE9C-FD90-4E36-8AD8-608F871B9BD9}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP Imaging Device Functions 14.0 (HKLM...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM...{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM...{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32...{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM...{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32...{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32...{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
iTunes (HKLM...{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 51 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM...{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1900 - Broadcom Corporation)
Lenovo BrgVolOSD (HKLM-x32...{B0CAB976-C41D-4800-A7BA-CBD4BF4EA920}) (Version: 1.1.05 - Lenovo)
Lenovo Dashboard (HKLM-x32...{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)
Lenovo Photos (HKLM-x32...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32...\InstallShield{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32...\InstallShield{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4409.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4409.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32...\InstallShield{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
Lenovo Silver Silk Wireless Keyboard (HKLM-x32...\InstallShield_{B88AD4F5-58A6-425D-9282-92228FEB7067}) (Version: 1.03 - Lenovo)
Lenovo Silver Silk Wireless Keyboard (x32 Version: 1.03 - Lenovo) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32...{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LenovoUtility version 1.0 (HKLM-x32...{4F949BD9-1E99-40C7-9102-C67E2D384995}is1) (Version: 1.0 - Lenovo)
LogMeIn Hamachi (HKLM-x32...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
LVT (HKLM-x32...{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manual Perfection V19_V39 versión 1.0 (HKLM-x32...\UsersGuideManual Perfection V19_V39_is1) (Version: 1.0 - )
MapleStory (HKLM-x32...\MapleStory) (Version: - )
Mark of the Ninja (HKLM...\Steam App 214560) (Version: - Klei Entertainment)
Matching Roles (HKLM-x32...\InstallShield{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
MATLAB R2015a (HKLM...\Matlab R2015a) (Version: 8.5 - MathWorks)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32...{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32...{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32...{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32...{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32...{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nexon Game Manager (HKLM-x32...{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Nexon Launcher (HKLM-x32...\Nexon Nexon Launcher) (Version: 1.3.0 - Nexon)
Nikon File Uploader 2 (HKLM-x32...{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.00.0001 - Nikon)
Nikon Message Center 2 (HKLM-x32...{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Nitro Pro 8 (HKLM...{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA PhysX (HKLM-x32...{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM...\HPOCR) (Version: 14.0 - HP)
OpenAL (HKLM-x32...\OpenAL) (Version: - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32...{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)
Portal (HKLM-x32...\Steam App 400) (Version: - Valve)
Puzzle (HKLM-x32...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Quik (HKLM-x32...{0d91b40f-e179-491c-a726-cd71dc297e8a}) (Version: 2.0.0.4320 - GoPro, Inc.)
Quik (Version: 0.1.4320 - GoPro, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32...{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32...{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Relic Hunters Zero (HKLM-x32...\Steam App 382490) (Version: - Rogue Snail)
Risk of Rain (HKLM-x32...\Steam App 248820) (Version: - )
Rocket League (HKLM-x32...\Steam App 252950) (Version: - Psyonix)
Samsung Kies3 (HKLM-x32...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM...{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM...{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM...\Shop for HP Supplies) (Version: 14.0 - HP)
SketchUp Import 2016 (HKLM-x32...{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Skype™ 7.30 (HKLM-x32...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Snowflake Suite (HKLM-x32...{E03B9D73-3806-4466-97B1-75C4486F65DF}) (Version: 1.0 - Natural User Interface Technologies AB)
Software Updater (HKLM-x32...{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB)
StageLight version 1.0.0.3497 (HKLM...\StageLight) (Version: version 1.0.0.3497 - Open Labs, LLC.)
Starbound (HKLM...\Steam App 211820) (Version: - )
Stardew Valley (HKLM...\Steam App 413150) (Version: - ConcernedApe)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32...\Steam) (Version: - Valve Corporation)
SugarSync Manager (HKLM-x32...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
System Requirements Lab Detection (HKLM-x32...{06A5D553-A6B5-481C-958E-53C79C1AC3CB}) (Version: 6.1.6.0 - Husdawg, LLC)
Terraria (HKLM-x32...\Steam App 105600) (Version: - Re-Logic)
timer (HKLM-x32...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Video Viewer (HKLM-x32...\Video Viewer) (Version: 0.1.9.9 - AVTECH Corporation, Inc.)
ViewNX 2 (HKLM-x32...{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.0.1 - Nikon)
VLC media player (HKLM...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM-x32...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32...{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.25 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 → C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID{0E270DAA-1BE6-48F2-AC49-BCB9FC4F747E}\InprocServer32 → %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 → C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID{5370C727-1451-4700-A960-77630950AF6D}\localserver32 → C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 → C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 → C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A5EB38C-CF67-4132-9854-60015B62260D} - System32\Tasks\Microsoft\Windows\Multimedia\Manage r => C:\Users\Ivan Reyes Ortega\AppData\Roaming\Adobe\Manager.exe
Task: {2112063D-C2C4-4ED2-8D91-EA33E01EA3AC} - {8DD3EE36-D507-432E-A9B1-FA7778A3BE83} → No File <==== ATTENTION
Task: {319B2FFE-9D83-4724-AEEA-BE39FAF40990} - System32\Tasks\Lenovo\Lenovo-31951 => C:\ProgramData\Lenovo-31951.vbs
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3C84829D-6B42-418D-A771-458A407DE3B3} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {5063F521-19C3-4E5A-81CB-5C8F68385746} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {65F1D94F-1B83-49CD-A06C-67FBB06EDB1C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {718CA63A-5FCD-4CED-947B-D96C8A446393} - System32\Tasks\Lenovo\Lenovo-31886 => C:\ProgramData\Lenovo-31886.vbs
Task: {8FA5B345-C64D-46AF-A01C-712450EF5DF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {94F39B2E-640A-4BC1-8B69-188EE055C68A} - {7C134AF1-A52C-45FB-A769-590205637799} → No File <==== ATTENTION
Task: {96BB6801-483A-46F9-B8E5-4BE2680F272B} - {DB50062B-1108-4516-B07E-CB933EB55684} → No File <==== ATTENTION
Task: {B306BF30-CC03-476B-8B69-6B5F0A7DC52B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-11-29] ()
Task: {D6C1286E-91A8-4393-AD41-582D3C15E675} - \CCleanerSkipUAC → No File <==== ATTENTION
Task: {DFB4AF5D-A014-4D89-8F4D-3FBAA5976A0D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {E50365B6-808E-46BC-9625-F32BD3C44B89} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F6FD2841-898E-44AE-981A-D8E14760DC8B} - System32\Tasks\EPSON Perfection V19 Update => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {F8532917-B977-40D5-B99C-A712A571A196} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount...reor@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [2016-07-01] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON Perfection V19 Update.job => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe7/EXE_S:EPSON Perfection V19,ES010C.DAT /F:Update www\JoanneĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job => C:\Program Files\MATLAB\MATLAB Production Server\R2015a\bin\win64\MATLABStartupAccelerator.e xe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ivan Reyes Ortega\Desktop\Nеxon Launcher.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen .bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Intеrnet Exрlorеr Вrowsеr.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Gоogl e Сhrоmе.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Chrоmе.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Ваttle.nеt.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat (No File) <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-01 08:08 - 2016-10-01 08:08 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-29 11:21 - 2014-08-05 21:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2016-10-01 08:08 - 2016-10-01 08:08 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-10-02 13:50 - 2016-10-02 13:51 - 01864384 _____ () C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\amd64\ClientTelemetry.dll
2016-10-01 08:08 - 2016-10-01 08:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.Share dUtilities.dll
2016-11-08 17:15 - 2016-11-02 06:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-11 23:48 - 2016-10-11 23:48 - 00866224 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2016-11-17 10:15 - 2016-11-17 10:19 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x6 4__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 10:15 - 2016-11-17 10:19 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x6 4__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-10-11 23:48 - 2016-10-11 23:48 - 00037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2016-11-08 17:14 - 2016-11-02 06:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CortanaApi.dll
2016-11-08 17:14 - 2016-11-02 06:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2016-11-08 17:15 - 2016-11-02 06:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 17:15 - 2016-11-02 06:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Actions.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 17:15 - 2016-11-02 06:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersUI.dll
2015-05-05 23:31 - 2014-12-04 22:27 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-05-05 23:31 - 2014-12-04 22:27 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2013-04-23 14:15 - 2013-02-22 18:04 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2016-11-29 13:41 - 2016-11-29 13:41 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2016-10-02 13:50 - 2016-10-02 13:50 - 01383616 _____ () C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\ClientTelemetry.dll
2016-10-02 13:53 - 2016-10-02 13:53 - 00118976 _____ () C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncViews.dll
2016-08-01 16:39 - 2016-03-09 02:28 - 03306496 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-03-12 13:55 - 2012-03-12 13:55 - 00008192 _____ () C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\CD_DLL.dll
2011-11-03 14:48 - 2011-11-03 14:48 - 00056320 _____ () C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skfunc.dll
2009-12-04 19:59 - 2009-12-04 19:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 20:04 - 2009-12-04 20:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2016-10-25 10:51 - 2016-10-25 10:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release \binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release \ffi_bindings.node
2016-10-25 10:49 - 2016-10-25 10:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2013-04-23 13:47 - 2012-07-26 22:12 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-10-19 23:31 - 2016-09-07 23:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-21 16:03 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-10-19 23:31 - 2016-10-12 21:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-21 16:03 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-21 16:03 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-21 16:03 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-21 16:03 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-21 16:03 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-21 16:03 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-21 16:03 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2013-12-26 01:02 - 2016-10-12 21:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 15:30 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-13 23:01 - 2016-08-04 16:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2015-04-21 16:03 - 2015-09-24 19:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-12-21 02:04 - 2013-12-21 02:04 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Hamachi2Svc => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Software\Classes.scr: AutoCADScriptFile =>

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Control Panel\Desktop\Wallpaper → C:\Users\Ivan Reyes Ortega\Desktop\bxifRla.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM...\StartupApproved\StartupFolder: => “GoPro Importer.lnk”
HKLM...\StartupApproved\Run32: => “LogMeIn Hamachi Ui”
HKLM...\StartupApproved\Run32: => “ADSKAppManager”
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\StartupApproved\Run: => “iCloudServices”
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\StartupApproved\Run: => “iCloudDrive”
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\StartupApproved\Run: => “ApplePhotoStreams”
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\StartupApproved\Run: => “Autodesk Sync”

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{35EB6970-F44A-4BA5-854A-5D1F0BC262F4}C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe] => C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4D64E4B3-39A9-4A78-9299-6A2837D9FEA6}C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe] => C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CD34829A-724D-4DEE-9DD7-48CB328573EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{AEE409BB-BE72-46ED-AB25-46A4DE1363FE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7285CD80-EF16-48A6-8F6C-9E0050FC57C0}] => C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe
FirewallRules: [{165B5F0A-2DDA-4FAC-B848-4558F4DA785B}] => C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{C7E8E5CE-6AE5-40DD-9A4D-5F934516DAB1}C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe] => C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A6508F02-FA4D-4D74-B1A0-9D8CB6EF1857}C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe] => C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6AC1F417-D148-4924-B07F-4D4177BD93D5}] => C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe
FirewallRules: [{188B15F5-DFB0-48DE-9421-FE0EC34BE8F9}] => C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4E01245D-5F71-458E-B928-BB3DE24A7742}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F6E94F35-1A07-419D-8FC8-909847F656BE}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C1CE3B11-0E35-46DA-A474-39C49B7836D9}] => C:\Program Files (x86)\Steam\SteamApps\common\Don’t Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{9411089F-4F9A-4D35-B89C-674F9D55B264}] => C:\Program Files (x86)\Steam\SteamApps\common\Don’t Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{8634A362-654A-4DB3-B16E-DA6826F54A8C}] => C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle .exe
FirewallRules: [{7E58C9AE-C565-4A13-B0DA-27E40937D881}] => C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle .exe
FirewallRules: [{58A0A716-737C-4D7E-8D6C-61353098FC80}] => C:\Program Files (x86)\Steam\SteamApps\common\Brawlhalla\Brawlhalla .exe
FirewallRules: [{50EA0755-F971-44B9-924E-5F403F1BB859}] => C:\Program Files (x86)\Steam\SteamApps\common\Brawlhalla\Brawlhalla .exe
FirewallRules: [TCP Query User{F9D49A88-4A33-43D4-A7DC-F3824D9550E5}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe] => C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe
FirewallRules: [UDP Query User{E3A1ADCF-0F98-4656-B447-5D0AD2821F6C}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe] => C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe
FirewallRules: [{27FFEAC5-035D-4F63-A492-8F8505AA4C43}] => C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe
FirewallRules: [{9EB0F39D-B507-4FE0-804E-5DB0249D6B8F}] => C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe

==================== Restore Points =========================

03-12-2016 09:44:06 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (12/05/2016 11:15:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 6c4

Start Time: 01d24f09e3a9a4c5

Termination Time: 15

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 9cd5cd6d-bafd-11e6-bf4e-e006e6c0e8d9

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wek yb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (12/05/2016 11:11:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3190

Start Time: 01d24f09c8a7cddb

Termination Time: 64

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 213a5eff-bafd-11e6-bf4e-e006e6c0e8d9

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wek yb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (12/05/2016 11:10:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e78

Start Time: 01d24f09b1e0eda2

Termination Time: 40

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 063de644-bafd-11e6-bf4e-e006e6c0e8d9

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wek yb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (12/04/2016 08:21:00 PM) (Source: MsiInstaller) (EventID: 1024) (User: HOMEPC)
Description: Product: Adobe Reader XI (11.0.18) - Update ‘Adobe Reader XI (11.0.18)’ could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/04/2016 08:20:59 PM) (Source: MsiInstaller) (EventID: 11706) (User: HOMEPC)
Description: Product: Adobe Reader XI (11.0.18) – Error 1706.No valid source could be found for product Adobe Reader XI (11.0.18). The Windows Installer cannot continue.

Error: (12/04/2016 08:09:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOMEPC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2tx yewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2016 08:09:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOMEPC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2tx yewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2016 08:08:49 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

Error: (12/04/2016 08:08:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOMEPC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2tx yewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2016 08:08:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOMEPC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2tx yewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
[HEADING=1]System errors:[/HEADING]
Error: (12/04/2016 07:51:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (12/04/2016 07:49:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (12/04/2016 07:49:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Software Protection service hung on starting.

Error: (12/04/2016 07:46:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (12/04/2016 07:44:40 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (12/04/2016 07:44:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/04/2016 07:43:44 PM) (Source: DCOM) (EventID: 10010) (User: HOMEPC)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (12/04/2016 07:42:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/04/2016 07:42:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (12/04/2016 07:41:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2016-12-02 02:17:22.126
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-02 02:17:22.123
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-02 02:17:22.116
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-02 02:17:19.393
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-02 02:17:19.347
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-29 14:48:15.393
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-29 14:48:15.391
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-29 10:18:07.666
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-29 10:18:07.665
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-29 10:18:07.337
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core™ i3-3130M CPU @ 2.60GHz
Percentage of memory in use: 63%
Total physical RAM: 6029.13 MB
Available physical RAM: 2226.98 MB
Total Virtual: 6989.13 MB
Available Virtual: 2358.91 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:375.74 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: 1B3DE834)

Partition: GPT.

==================== End of Addition.txt ============================

Likely not, some are malware some are just Potentially unwanted programs, or PUPs. Looking over the scan log some things are already in quarantine, but the items appear to be useless, and your machine will run better for not having them installed.



Step 1: HijackThis.

1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

Step 2: Autoruns Log.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

Step 3: Poweliks Cleaner.

Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.
2. Read the terms of the End-user license agreement and click Agree.
3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

https://ssl-proxy.herokuapp.com/86f1...036652e706e67/

1. If Poweliks was detected “Win32/Poweliks was successfully removed from your system” will be displayed. Press any key to exit the tool and reboot your PC.

The tool will produce a log in the same directory the tool was run from.
Please copy and paste the log in your next reply.

Step 4: Inquiry

Please tell me how your machine is running.

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.