UC Chinese Virus

**Iaro96** · 12-06-2016, 12:33 PM

[HEADING=1]Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:33:06 AM, on 12/6/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.e xe
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.ex e
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Bluestacks\HD-Agent.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe
C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\Users\Ivan Reyes Ortega\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Microsoft Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search - Microsoft Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Microsoft Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O4 - HKLM..\Run: [OSD Utility] C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe
O4 - HKLM..\Run: [Lenovo Silver Silk Wireless Keyboard] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
O4 - HKLM..\Run: [YouCam Mirage] “C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe”
O4 - HKLM..\Run: [YouCam Tray] “C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe” /s
O4 - HKLM..\Run: [CLMLServer] “C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe”
O4 - HKLM..\Run: [UpdateP2GoShortCut] “C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe ” “C:\Program Files (x86)\Lenovo\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”
O4 - HKLM..\Run: [Intel AppUp(SM) center] “C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe” --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM..\Run: [RemoteControl10] “C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe”
O4 - HKLM..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM..\Run: [APSDaemon] “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM..\Run: [ADSKAppManager] “C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe” -showminimized -checkautorun
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM..\Run: [EEventManager] “C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe”
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM..\Run: [AdobeCS6ServiceManager] “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e” -launchedbylogin
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] “C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe” --auto-start
O4 - HKLM..\Run: [Adobe Creative Cloud] “C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe” --showwindow=false --onOSstartup=true
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU..\Run: [Akamai NetSession Interface] “C:\Users\Ivan Reyes Ortega\AppData\Local\Akamai\netsession_win.exe”
O4 - HKCU..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU..\Run: [OneDrive] “C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.e xe” /background
O4 - HKCU..\Run: [Spotify Web Helper] “C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.ex e”
O4 - HKCU..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
O4 - HKCU..\Run: [Discord] C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\app-0.0.296\Discord.exe
O4 - HKCU..\Run: [CCleaner Monitoring] “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR
O4 - HKUS\S-1-5-18..\Run: [GarminExpressTrayApp] “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [GarminExpressTrayApp] “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘Default user’)
O4 - Startup: Monitor Ink Alerts - HP DeskJet 1110 series.lnk = ?
O4 - Global Startup: GoPro Importer.lnk = C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra ‘Tools’ menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: @oem30.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Plus Android Service (BstHdPlusAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dragon Assistant Core (DACoreService) - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.Sta ndardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.Standa rdCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing)
O23 - Service: Everything - Unknown owner - C:\Program Files\Everything\Everything.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: GoPro Device Detection Service (GoProDeviceDetectionService) - Unknown owner - C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[/HEADING]
End of file - 18069 bytes

**Iaro96** · 12-06-2016, 12:35 PM

I will go on with your instructions. Btw do I press fix on the HijackThis Menu after the scan? And what did you find in the FRST? Sorry if I’m being pushy, I’m just a but curious about my situation.

**Iaro96** · 12-06-2016, 12:41 PM

Here is the Autoruns

“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n” “” “” “” “11/29/2016 10:20 AM” “”

“AdobeAAMUpdater-1.0” “Adobe Updater Startup Utility” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.e xe” “6/29/2016 3:29 AM” “”
“GoPro Tray App” “GoProDesktopSystemTray” “” “c:\program files\gopro\gopro desktop app\goprodesktopsystemtray.exe” “10/11/2016 7:35 PM” “”
“IAStorIcon” “Delayed launcher” “Intel Corporation” “c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe” “1/31/2013 7:23 PM” “”
“iTunesHelper” “iTunesHelper” “Apple Inc.” “c:\program files\itunes\ituneshelper.exe” “7/26/2016 3:26 PM” “”
“RtHDVBg_Dolby” “HD Audio Background Process” “Realtek Semiconductor” “c:\program files\realtek\audio\hda\ravbg64.exe” “7/10/2012 4:57 AM” “”
“RtHDVCpl” “Realtek HD Audio Manager” “Realtek Semiconductor” “c:\program files\realtek\audio\hda\ravcpl64.exe” “7/26/2012 11:03 PM” “”
“WindowsDefender” “Windows Defender notification icon” “Microsoft Corporation” “c:\program files\windows defender\msascuil.exe” “9/7/2016 12:50 AM” “”
“ZAM” “ZAM” “Zemana Ltd.” “c:\program files (x86)\zemana antimalware\zam.exe” “11/22/2016 8:24 AM” “”
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curre ntVersion\Run” “” “” “” “11/29/2016 3:35 PM” “”
“Adobe Creative Cloud” “Adobe Creative Cloud” “Adobe Systems Incorporated” “c:\program files (x86)\adobe\adobe creative cloud\acc\creative cloud.exe” “10/25/2016 1:24 PM” “”
“AdobeCS6ServiceManager” “Adobe CS6 Service Manager” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\cs6servicemanager\cs6servicemanager.ex e” “3/9/2012 11:25 AM” “”
“ADSKAppManager” “Autodesk Application Manager” “Autodesk Inc.” “c:\program files (x86)\common files\autodesk shared\appmanager\r1\adappmgr.exe” “12/4/2014 10:11 PM” “”
“APSDaemon” “Apple Push” “Apple Inc.” “c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe” “7/5/2016 4:24 PM” “”
“CLMLServer” “CyberLink MediaLibray Service” “CyberLink” “c:\program files (x86)\lenovo\power2go\clmlsvc.exe” “6/3/2009 8:46 AM” “”
“EEventManager” “EEventManager Application” “SEIKO EPSON CORPORATION” “c:\program files (x86)\epson software\event manager\eeventmanager.exe” “2/12/2015 12:13 AM” “”
“Intel AppUp(SM) center” “Intel Services Manager” “Intel Corporation” “c:\program files (x86)\intel\intelappstore\bin\ismagent.exe” “5/24/2012 8:46 AM” “”
“Lenovo Silver Silk Wireless Keyboard” “Lenovo Silver Silk Keyboard Software” “Lenovo” “c:\program files (x86)\lenovo\lenovo silver silk wireless keyboard\skd8861.exe” “2/17/2012 2:42 AM” “”
“LogMeIn Hamachi Ui” “Hamachi Client Application” “LogMeIn Inc.” “c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe” “11/11/2016 8:45 AM” “”
“LVT” “Lenovo” “Lenovo” “c:\program files\lenovo\lvt\ljyz.exe” “11/23/2011 10:44 PM” “”
“Nikon Message Center 2” “Nikon Message Center 2” “Nikon Corporation” “c:\program files (x86)\nikon\nikon message center 2\nkmc2.exe” “5/25/2010 6:16 AM” “”
“OSD Utility” “Lenovo Brightness & Volume OSD Service” “Quanta Computer Inc.” “c:\program files (x86)\lenovo\lenovo brgvolosd\brgvolosd.exe” “5/21/2012 3:55 PM” “”
“RemoteControl10” “PowerDVD RC Service” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\pdvd10serv.exe” “3/28/2012 6:22 AM” “”
“SunJavaUpdateSched” “Java Update Scheduler” “Oracle Corporation” “c:\program files (x86)\common files\java\java update\jusched.exe” “6/8/2015 10:08 PM” “”
“SwitchBoard” “SwitchBoard Server (32 bit)” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\switchboard\switchboard.exe” “2/19/2010 4:50 PM” “”
“UpdateP2GoShortCut” “MUI StartMenu Application” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\muitransfer\muistartmenu.exe ” “12/6/2011 5:40 AM” “”
“YouCam Mirage” “YouCam Mirage” “CyberLink” “c:\program files (x86)\lenovo\youcam\ycmmirage.exe” “6/29/2010 12:05 AM” “”
“YouCam Tray” “CyberLink YouCam Tray” “CyberLink Corp.” “c:\program files (x86)\lenovo\youcam\youcamtray.exe” “5/16/2012 2:21 AM” “”
“HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n” “” “” “” “12/5/2016 2:56 PM” “”
“Akamai NetSession Interface” “” “” “c:\users\ivan” “11/29/2016 2:51 PM” “”
“AppleIEDAV” “Apple IE DAV” “Apple Inc.” “c:\program files (x86)\common files\apple\internet services\appleiedav.exe” “8/4/2014 10:19 PM” “”
“ApplePhotoStreams” “iCloud Photos” “Apple Inc.” “c:\program files (x86)\common files\apple\internet services\applephotostreams.exe” “7/30/2014 6:24 PM” “”
“Autodesk Sync” “A360” “Autodesk, Inc.” “c:\program files\autodesk\autodesk sync\adsync.exe” “1/28/2015 2:00 AM” “”
“BlueStacks Agent” “BlueStacks Agent” “BlueStack Systems, Inc.” “c:\program files (x86)\bluestacks\hd-agent.exe” “7/21/2016 4:30 PM” “”
“CCleaner Monitoring” “CCleaner” “Piriform Ltd” “c:\program files\ccleaner\ccleaner64.exe” “11/15/2016 3:38 PM” “”
“Discord” “” “” “c:\users\ivan” “11/29/2016 2:51 PM” “”
“iCloudDrive” “iCloud Drive” “Apple Inc.” “c:\program files (x86)\common files\apple\internet services\iclouddrive.exe” “7/30/2014 6:24 PM” “”
“iCloudServices” “iCloud” “Apple Inc.” “c:\program files (x86)\common files\apple\internet services\icloudservices.exe” “7/30/2014 6:24 PM” “”
“OneDrive” “Microsoft OneDrive” “Microsoft Corporation” “c:\users\ivan reyes ortega\appdata\local\microsoft\onedrive\onedrive.e xe” “8/9/2016 2:30 PM” “”
“Spotify Web Helper” “SpotifyWebHelper” “Spotify Ltd” “c:\users\ivan reyes ortega\appdata\roaming\spotify\spotifywebhelper.ex e” “7/31/2015 6:01 AM” “”
“C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup” “” “” “” “10/1/2016 4:44 AM” “”
“GoPro Importer.lnk” “” “” “File not found: File” “” “”
“HP Digital Imaging Monitor.lnk” “HP Digital Imaging Monitor” “Hewlett-Packard Co.” “c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe” “4/29/2011 10:05 PM” “”
“C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup” “” “” “” “11/10/2016 10:51 AM” “”
“Monitor Ink Alerts - HP DeskJet 1110 series.lnk” “” “” “File not found: File” “” “”
“HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components” “” “” “” “11/22/2016 1:47 PM” “”
“Microsoft Windows” “Windows Mail” “Microsoft Corporation” “c:\program files\windows mail\winmail.exe” “7/15/2016 10:25 PM” “”
“Microsoft Windows Media Player” “” “” “File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe” “” “”
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components” “” “” “” “11/28/2016 1:54 PM” “”
“Microsoft Windows” “Windows Mail” “Microsoft Corporation” “c:\program files\windows mail\winmail.exe” “7/15/2016 10:25 PM” “”
“HKLM\Software\Classes*\ShellEx\ContextMenuHandler s” “” “” “” “12/2/2016 10:43 AM” “”
“2.0 Zemana AntiMalware” “Zemana AntiMalware” “Zemana Ltd.” “c:\program files (x86)\zemana antimalware\zamshellext64.dll” “9/29/2016 7:41 AM” “”
“9-lab Removal Tool” “9-lab Malware Removal Tool” “9-lab LLC” “c:\program files\9-lab\removal tool\shellext.dll” “2/10/2016 6:51 AM” “”
“AccExt” “Core Sync” “” “c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll” “10/25/2016 12:35 PM” “”
“AcShellExtension.AcContextMenuHandler” “AutoCAD Dwg common shell extension handler” “Autodesk” “c:\program files\common files\autodesk shared\acshellex\acshellextension.dll” “2/5/2015 10:29 PM” “”
“EPP” “Microsoft Security Client Shell Extension” “Microsoft Corporation” “c:\program files\windows defender\shellext.dll” “9/7/2016 12:50 AM” “”
“NP8ShellExtension” “Nitro Pro ShellExtension” “Nitro PDF” “c:\program files\common files\nitro\pro\8.0\npshellextension64.dll” “12/12/2012 6:09 AM” “”
“PhotoStreamsExt” “Apple Photostreams UI Shell Extension” “Apple Inc.” “c:\program files\common files\apple\internet services\shellstreams64.dll” “11/21/2014 5:07 PM” “”
“SugarSync” “SugarSync Explorer Shell Extensions” “SugarSync, Inc.” “c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll” “5/14/2012 1:39 PM” “”
“WinRAR” “WinRAR shell extension” “Alexander Roshal” “c:\program files (x86)\winrar\rarext64.dll” “2/15/2015 4:00 AM” “”
“WorkFolders” “” “” “c:\windows\syswow64\workfoldersshell.dll” “” “”
“HKLM\Software\Classes\Drive\ShellEx\ContextMenuHa ndlers” “” “” “” “12/2/2016 10:43 AM” “”
“9-lab Removal Tool” “9-lab Malware Removal Tool” “9-lab LLC” “c:\program files\9-lab\removal tool\shellext.dll” “2/10/2016 6:51 AM” “”
“EPP” “Microsoft Security Client Shell Extension” “Microsoft Corporation” “c:\program files\windows defender\shellext.dll” “9/7/2016 12:50 AM” “”
“HKLM\Software\Classes\AllFileSystemObjects\ShellE x\ContextMenuHandlers” “” “” “” “11/28/2016 11:52 PM” “”
“MBAMShlExt” “Malwarebytes Anti-Malware” “Malwarebytes” “c:\program files (x86)\malwarebytes anti-malware\mbamext.dll” “2/24/2016 1:14 PM” “”
“HKLM\Software\Classes\Directory\ShellEx\ContextMe nuHandlers” “” “” “” “12/2/2016 10:43 AM” “”
“9-lab Removal Tool” “9-lab Malware Removal Tool” “9-lab LLC” “c:\program files\9-lab\removal tool\shellext.dll” “2/10/2016 6:51 AM” “”
“EPP” “Microsoft Security Client Shell Extension” “Microsoft Corporation” “c:\program files\windows defender\shellext.dll” “9/7/2016 12:50 AM” “”
“WorkFolders” “” “” “c:\windows\syswow64\workfoldersshell.dll” “” “”
“HKLM\Software\Classes\Directory\Background\ShellE x\ContextMenuHandlers” “” “” “” “10/1/2016 4:19 AM” “”
“igfxDTCM” “igfxDTCM Module” “Intel Corporation” “c:\windows\system32\igfxdtcm.dll” “12/21/2015 3:45 PM” “”
“HKLM\Software\Classes\Folder\Shellex\ColumnHandle rs” “” “” “” “10/1/2016 4:32 AM” “”
“AcColumnHandler” “AutoCAD Dwg common shell extension handler” “Autodesk” “c:\program files\common files\autodesk shared\acshellex\acshellextension.dll” “2/5/2015 10:29 PM” “”
“HKLM\Software\Classes\Folder\ShellEx\ContextMenuH andlers” “” “” “” “12/2/2016 10:43 AM” “”
“2.0 Zemana AntiMalware” “Zemana AntiMalware” “Zemana Ltd.” “c:\program files (x86)\zemana antimalware\zamshellext64.dll” “9/29/2016 7:41 AM” “”
“9-lab Removal Tool” “9-lab Malware Removal Tool” “9-lab LLC” “c:\program files\9-lab\removal tool\shellext.dll” “2/10/2016 6:51 AM” “”
“AccExt” “Core Sync” “” “c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll” “10/25/2016 12:35 PM” “”
“MBAMShlExt” “Malwarebytes Anti-Malware” “Malwarebytes” “c:\program files (x86)\malwarebytes anti-malware\mbamext.dll” “2/24/2016 1:14 PM” “”
“SugarSync” “SugarSync Explorer Shell Extensions” “SugarSync, Inc.” “c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll” “5/14/2012 1:39 PM” “”
“WinRAR” “WinRAR shell extension” “Alexander Roshal” “c:\program files (x86)\winrar\rarext64.dll” “2/15/2015 4:00 AM” “”
“HKLM\Software\Classes\Folder\ShellEx\DragDropHand lers” “” “” “” “10/1/2016 4:32 AM” “”
“WinRAR” “WinRAR shell extension” “Alexander Roshal” “c:\program files (x86)\winrar\rarext64.dll” “2/15/2015 4:00 AM” “”
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers” “” “” “” “11/29/2016 3:32 PM” “”
" AccExtIco1" “Core Sync” “” “c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll” “10/25/2016 12:35 PM” “”
" AccExtIco2" “Core Sync” “” “c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll” “10/25/2016 12:35 PM” “”
" AccExtIco3" “Core Sync” “” “c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll” “10/25/2016 12:35 PM” “”
“AutoCAD Digital Signatures Icon Overlay Handler” “AutoCAD component” “Autodesk, Inc.” “c:\windows\system32\acsignicon.dll” “2/5/2015 11:45 PM” “”
“SugarSyncBackedUp” “SugarSync Explorer Shell Extensions” “SugarSync, Inc.” “c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll” “5/14/2012 1:39 PM” “”
“SugarSyncPending” “SugarSync Explorer Shell Extensions” “SugarSync, Inc.” “c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll” “5/14/2012 1:39 PM” “”
“SugarSyncRoot” “SugarSync Explorer Shell Extensions” “SugarSync, Inc.” “c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll” “5/14/2012 1:39 PM” “”
“SugarSyncShared” “SugarSync Explorer Shell Extensions” “SugarSync, Inc.” “c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll” “5/14/2012 1:39 PM” “”
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects” “” “” “” “11/28/2016 11:01 AM” “”
“{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}” “Java™ Platform SE binary” “Oracle Corporation” “c:\program files (x86)\java\jre1.8.0_51\bin\ssv.dll” “6/8/2015 9:34 PM” “”
“{DBC80044-A445-435b-BC74-9C25C1C588A9}” “Java™ Platform SE binary” “Oracle Corporation” “c:\program files (x86)\java\jre1.8.0_51\bin\jp2ssv.dll” “6/8/2015 9:34 PM” “”
“HKLM\Software\Microsoft\Internet Explorer\Extensions” “” “” “” “10/1/2016 4:33 AM” “”
“HP Smart Print” “SmartPrintSetup” “Hewlett-Packard” “c:\program files (x86)\hewlett-packard\smart print\smartprintsetup.exe” “5/21/2014 5:24 AM” “”
“HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions” “” “” “” “10/1/2016 4:39 AM” “”
“&Blog This in Windows Live Writer” “Windows Live Writer Blog This Extension” “Microsoft Corporation” “c:\program files (x86)\windows live\writer\writerbrowserextension.dll” “4/1/2014 12:28 AM” “”
“HP Smart Print” “SmartPrintSetup” “Hewlett-Packard” “c:\program files (x86)\hewlett-packard\smart print\smartprintsetup.exe” “5/21/2014 5:24 AM” “”
“Task Scheduler” “” “” “” “” “”
“\Adobe Acrobat Update Task” “Adobe Reader and Acrobat Manager” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe” “10/21/2016 9:56 PM” “”
“\Adobe Uninstaller” “Adobe Creative Cloud” “Adobe Systems Incorporated” “c:\program files (x86)\adobe\adobe creative cloud\acc\creative cloud.exe” “10/25/2016 1:24 PM” “”
“\AdobeAAMUpdater-1.0-MicrosoftAccount...reor@gmail.com” “Adobe Updater Startup Utility” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.e xe” “6/29/2016 3:29 AM” “”
“\Apple Diagnostics” “YSLoaderW.exe” “Apple Inc.” “c:\program files (x86)\common files\apple\internet services\ereporter.exe” “7/30/2014 6:24 PM” “”
“\Apple\AppleSoftwareUpdate” “Apple Software Update” “Apple Inc.” “c:\program files (x86)\apple software update\softwareupdate.exe” “2/23/2016 7:31 PM” “”
“\CCleanerSkipUAC” “CCleaner” “Piriform Ltd” “c:\program files\ccleaner\ccleaner.exe” “11/15/2016 3:34 PM” “”
“\Microsoft\Windows\ApplicationData\appuriverifier daily” “” “” “c:\windows\syswow64\apphostregistrationverifier.e xe” “” “”
“\Microsoft\Windows\CloudExperienceHost\CreateObje ctTask” “” “” “c:\windows\syswow64\cloudexperiencehostbroker.exe ” “” “”
“\Microsoft\Windows\Defrag\ScheduledDefrag” “” “” “c:\windows\syswow64\defrag.exe” “” “”
X “\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector” “” “” “c:\windows\syswow64\dfdts.dll” “” “”
“\Microsoft\Windows\DiskFootprint\Diagnostics” “” “” “c:\windows\syswow64\disksnapshot.exe” “” “”
“\Microsoft\Windows\DUSM\dusmtask” “” “” “c:\windows\syswow64\dusmtask.exe” “” “”
“\Microsoft\Windows\Feedback\Siuf\DmClient” “” “” “c:\windows\syswow64\dmclient.exe” “” “”
“\Microsoft\Windows\Multimedia\Manager” “” “” “c:\users\ivan” “11/29/2016 2:51 PM” “”
“\Microsoft\Windows\NetTrace\GatherNetworkInfo” “” “” “c:\windows\system32\gathernetworkinfo.vbs” “7/16/2016 7:42 AM” “”
“\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers” “” “” “c:\windows\syswow64\drvinst.exe” “” “”
X “\Microsoft\Windows\SharedPC\Account Cleanup” “” “” “c:\windows\syswow64\windows.sharedpc.accountmanag er.dll” “” “”
“\Microsoft\Windows\Time Zone\SynchronizeTimeZone” “” “” “c:\windows\syswow64\tzsync.exe” “” “”
“\Microsoft\Windows\UpdateOrchestrator\MusUx_Updat eInterval” “” “” “c:\windows\syswow64\musnotification.exe” “” “”
“\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance” “Microsoft Malware Protection Command Line Utility” “Microsoft Corporation” “c:\program files\windows defender\mpcmdrun.exe” “7/15/2016 10:23 PM” “”
“\Microsoft\Windows\Windows Defender\Windows Defender Cleanup” “Microsoft Malware Protection Command Line Utility” “Microsoft Corporation” “c:\program files\windows defender\mpcmdrun.exe” “7/15/2016 10:23 PM” “”
“\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan” “Microsoft Malware Protection Command Line Utility” “Microsoft Corporation” “c:\program files\windows defender\mpcmdrun.exe” “7/15/2016 10:23 PM” “”
“\Microsoft\Windows\Windows Defender\Windows Defender Verification” “Microsoft Malware Protection Command Line Utility” “Microsoft Corporation” “c:\program files\windows defender\mpcmdrun.exe” “7/15/2016 10:23 PM” “”
“\Microsoft\Windows\Windows Media Sharing\UpdateLibrary” “Windows Media Player Network Sharing Service Configuration Application” “Microsoft Corporation” “c:\program files\windows media player\wmpnscfg.exe” “7/15/2016 10:25 PM” “”
“\Microsoft\Windows\WindowsUpdate\sih” “” “” “c:\windows\syswow64\sihclient.exe” “” “”
X “\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join” “” “” “File not found: C:\WINDOWS\System32\AutoWorkplace.exe” “” “”
“\MirageAgent” “YouCam Mirage” “CyberLink” “c:\program files (x86)\lenovo\youcam\ycmmirage.exe” “6/29/2010 12:05 AM” “”
“\OneDrive Standalone Update Task” “Standalone Updater” “Microsoft Corporation” “c:\users\ivan reyes ortega\appdata\local\microsoft\onedrive\17.3.6517. 0809\onedrivestandaloneupdater.exe” “8/9/2016 2:20 PM” “”
“{7C134AF1-A52C-45FB-A769-590205637799}” “Internet Explorer” “Microsoft Corporation” “c:\program files\internet explorer\iexplore.exe” “7/15/2016 10:17 PM” “”
“HKLM\System\CurrentControlSet\Services” “” “” “” “12/6/2016 7:34 AM” “”
“AdAppMgrSvc” “Autodesk Application Manager Service” “Autodesk Inc.” "c:\program files (x86)\common files\autodesk shared\appmanager\r1\adappmgrsvc.exe " “12/4/2014 10:06 PM” “”
“AdobeARMservice” “Adobe Acrobat Updater keeps your Adobe software up to date.” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe” “10/21/2016 9:55 PM” “”
“AdobeUpdateService” “Adobe Update Service” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\adobe desktop common\elevationmanager\adobeupdateservice.exe” “10/25/2016 1:23 PM” “”
“AGSService” “Adobe Genuine Software Integrity Service” “Adobe Systems, Incorporated” “c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe” “9/26/2016 8:45 AM” “”
“Apple Mobile Device Service” “Provides the interface to Apple mobile devices.” “Apple Inc.” “c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe” “2/12/2015 11:18 PM” “”
“Autodesk Content Service” “Autodesk Content Service” “Autodesk, Inc.” “c:\program files\autodesk\content service\connect.service.contentservice.exe” “2/6/2015 12:00 AM” “”
“BcmBtRSupport” “Manages BTW drivers.” “Broadcom Corporation.” “c:\windows\system32\btwrsupportservice.exe” “10/21/2013 3:41 PM” “”
“Bonjour Service” “Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.” “Apple Inc.” “c:\program files\bonjour\mdnsresponder.exe” “8/12/2015 6:47 PM” “”
“BstHdAndroidSvc” “BlueStacks Service” “BlueStack Systems, Inc.” “c:\program files (x86)\bluestacks\hd-service.exe” “7/21/2016 4:28 PM” “”
“BstHdLogRotatorSvc” “BlueStacks Log Rotator Service” “BlueStack Systems, Inc.” “c:\program files (x86)\bluestacks\hd-logrotatorservice.exe” “7/21/2016 4:29 PM” “”
“BstHdPlusAndroidSvc” “BlueStacks Service” “BlueStack Systems, Inc.” “c:\program files (x86)\bluestacks\hd-plus-service.exe” “7/21/2016 4:26 PM” “”
“cphs” “Intel(R) Content Protection HECI Service - enables communication with the Content Protection FW” “Intel Corporation” “c:\windows\syswow64\intelcphecisvc.exe” “6/13/2013 7:35 PM” “”
“CryptSvc” “Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.” “” “c:\windows\syswow64\cryptsvc.dll” “” “”
“DACoreService” “Dragon Assistant Core Recognition Service” “Nuance Communications, Inc.” “c:\program files (x86)\nuance\dragon assistant\core\dacore.exe” “2/22/2013 4:04 PM” “”
“Dashboard Service” “Lenovo Dashboard Service” “Microsoft” “c:\program files (x86)\lenovo\lenovo dashboard\ddmgr.exe” “7/4/2012 4:44 AM” “”
“DsmSvc” “Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.” “” “c:\windows\syswow64\devicesetupmanager.dll” “” “”
“EpsonScanSvc” “Epson Scanner Service (64bit)” “Seiko Epson Corporation” “c:\windows\system32\escsvc64.exe” “5/17/2012 7:12 AM” “”
“Everything” “Everything” “” “c:\program files\everything\everything.exe” “8/5/2014 9:04 PM” “”
“FlexNet Licensing Service 64” “This service performs licensing functions on behalf of FlexNet enabled products.” “Flexera Software LLC” “c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe” “9/2/2014 7:05 AM” “”
“Garmin Device Interaction Service” “Keeps the software and content on your Garmin devices and the Garmin software on your PC up to date.” “Garmin Ltd. or its subsidiaries” “c:\program files (x86)\garmin\device interaction service\garminservice.exe” “11/29/2016 3:43 PM” “”
“GoProDeviceDetectionService” “Monitors GoPro devices.” “” “c:\program files\gopro\gopro desktop app\goprodevicedetection.exe” “10/11/2016 7:35 PM” “”
“Hamachi2Svc” “Hamachi Client Tunneling Engine” “LogMeIn Inc.” “c:\program files (x86)\logmein hamachi\x64\hamachi-2.exe” “11/11/2016 8:46 AM” “”
“hpqcxs08” “HP CUE Context Manager Objects” “Hewlett-Packard Co.” “c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll” “9/1/2011 2:24 PM” “”
“hpqddsvc” “This service detects and monitors CUE devices on the system.” “Hewlett-Packard Co.” “c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll” “4/29/2011 5:22 PM” “”
“HPSLPSVC” “Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable” “Hewlett-Packard Co.” “c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll” “8/18/2011 4:29 AM” “”
“HPSupportSolutionsFrameworkService” “This service allows for the detection of HP products and enables identification of support solutions for detected products.” “Hewlett-Packard Company” “c:\program files (x86)\hp\common\hpsupportsolutionsframeworkservice .exe” “12/17/2013 12:42 PM” “”
“IAStorDataMgrSvc” “Provides storage event notification and manages communication between the storage driver and user space applications.” “Intel Corporation” “c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe” “1/16/2013 12:41 PM” “”
“IdeaTouch.LocalDataServer.Education” “IdeaTouchDataServer.EducationPortal” “Microsoft” “c:\program files (x86)\lenovo\educationportal\services\ideatouch.lo caldataserver.education.exe” “5/16/2012 11:30 PM” “”
“IdeaTouch.LocalDataServer.Game” “IdeaTouchDataServer.GamePortal” “Microsoft” “c:\program files (x86)\lenovo\gameportal\services\ideatouch.localda taserver.game.exe” “5/17/2012 2:18 AM” “”
“IDriverT” “Provides support for the Running Object Table for InstallShield Drivers” “Macrovision Corporation” “c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe” “4/4/2005 1:41 AM” “”
“igfxCUIService1.0.0.0” “Service for Intel(R) HD Graphics Control Panel” “Intel Corporation” “c:\windows\system32\igfxcuiservice.exe” “12/21/2015 3:43 PM” “”
“Intel(R) Capability Licensing Service Interface” “Version: 1.24.388.1” “Intel(R) Corporation” “c:\program files\intel\icls client\heciserver.exe” “4/20/2012 8:16 AM” “”
“Intel(R) ME Service” “Intel® Manageability Engine Service (Intel® ME Service)” “Intel Corporation” “c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe” “6/27/2012 3:39 PM” “”
“iphlpsvc” “Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.” “” “c:\windows\syswow64\iphlpsvc.dll” “” “”
“iPod Service” “iPod hardware management services” “Apple Inc.” “c:\program files\ipod\bin\ipodservice.exe” “7/26/2016 3:26 PM” “”
“iumsvc” “Intel(R) Update Manager helps you keep your system up-to-date.” “Intel Corporation” “c:\program files (x86)\intel\intel(r) update manager\bin\iumsvc.exe” “7/1/2015 7:03 PM” “”
“jhi_service” “Intel(R) Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel (R) DAL” “Intel Corporation” “c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe” “6/25/2012 1:43 PM” “”
“LMIGuardianSvc” “Support LogMeIn processes with quality assurance feedback” “LogMeIn, Inc.” “c:\program files (x86)\logmein hamachi\x64\lmiguardiansvc.exe” “5/27/2016 9:03 AM” “”
“LMS” “Allows applications to access the local Intel(R) Management and Security Application using its locally-available selected network interfaces.” “Intel Corporation” “c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe” “6/25/2012 1:36 PM” “”
“Net Driver HPZ12” “Dot4Net Module” “Hewlett-Packard” “c:\windows\system32\hpzinw12.dll” “8/6/2010 1:45 AM” “”
“NitroDriverReadSpool8” “Nitro PDF Driver Read Spool 8” “Nitro PDF Software” “c:\program files\common files\nitro\pro\8.0\nitropdfdriverservice8x64.exe” “12/12/2012 6:16 AM” “”
“nlsX86cc” “Nalpeiron Licensing Service” “Nalpeiron Ltd.” “c:\windows\syswow64\nlssrv32.exe” “11/8/2012 9:20 PM” “”
“Pml Driver HPZ12” “PmlDrv Module” “Hewlett-Packard” “c:\windows\system32\hpzipm12.dll” “8/6/2010 1:45 AM” “”
“SkypeUpdate” “Enables the detection, download and installation of updates for Skype.” “Skype Technologies” “c:\program files (x86)\skype\updater\updater.exe” “9/20/2016 8:51 AM” “”
“ss_conn_service” “MSS CS Connectivity Service” “DEVGURU Co., LTD.” “c:\program files (x86)\samsung\usb drivers\25_escape\conn\ss_conn_service.exe” “10/1/2014 2:23 AM” “”
“Steam Client Service” “Steam Client Service monitors and updates Steam content” “Valve Corporation” “c:\program files (x86)\common files\steam\steamservice.exe” “10/12/2016 8:47 PM” “”
“SwitchBoard” “Adobe SwitchBoard” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\switchboard\switchboard.exe” “2/19/2010 4:50 PM” “”
“UNS” “Intel(R) Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel(R) Management and Security Application Device.” “Intel Corporation” “c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe” “6/25/2012 1:38 PM” “”
“vmictimesync” “Synchronizes the system time of this virtual machine with the system time of the physical computer.” “” “c:\windows\syswow64\icsvc.dll” “” “”
“WdNisSvc” “Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols” “Microsoft Corporation” “c:\program files\windows defender\nissrv.exe” “7/15/2016 10:24 PM” “”
“WinDefend” “Helps protect users from malware and other potentially unwanted software” “Microsoft Corporation” “c:\program files\windows defender\msmpeng.exe” “7/15/2016 10:27 PM” “”
“WMPNetworkSvc” “Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play” “Microsoft Corporation” “c:\program files\windows media player\wmpnetwk.exe” “9/7/2016 12:41 AM” “”
“wuauserv” “Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.” “” “c:\windows\syswow64\wuaueng.dll” “” “”
“ZAMSvc” “ZAM” “Zemana Ltd.” “c:\program files (x86)\zemana antimalware\zam.exe” “11/22/2016 8:24 AM” “”
“HKLM\System\CurrentControlSet\Services” “” “” “” “12/6/2016 7:34 AM” “”
“3ware” “LSI 3ware SCSI Storport Driver” “LSI” “c:\windows\system32\drivers\3ware.sys” “5/18/2015 6:28 PM” “”
“ADP80XX” “PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller” “PMC-Sierra” “c:\windows\system32\drivers\adp80xx.sys” “4/9/2015 4:49 PM” “”
“amdsata” “AHCI 1.3 Device Driver” “Advanced Micro Devices” “c:\windows\system32\drivers\amdsata.sys” “5/14/2015 8:14 AM” “”
“amdsbs” “” “” “c:\windows\syswow64\drivers\amdsbs.sys” “” “”
“amdxata” “Storage Filter Driver” “Advanced Micro Devices” “c:\windows\system32\drivers\amdxata.sys” “4/30/2015 8:55 PM” “”
“arcsas” “Adaptec SAS RAID WS03 Driver” “PMC-Sierra, Inc.” “c:\windows\system32\drivers\arcsas.sys” “4/9/2015 3:12 PM” “”
“atapi” “” “” “c:\windows\syswow64\drivers\atapi.sys” “” “”
“b06bdrv” “QLogic Gigabit Ethernet VBD” “QLogic Corporation” “c:\windows\system32\drivers\bxvbda.sys” “5/25/2016 3:03 AM” “”
“bcbtums” “Broadcom Bluetooth Firmware Download Filter” “Broadcom Corporation.” “c:\windows\system32\drivers\bcbtums.sys” “3/23/2015 5:31 PM” “”
“bcmfn” “BCM Function 2 Device Driver” “Windows (R) Win 7 DDK provider” “c:\windows\system32\drivers\bcmfn.sys” “6/8/2015 4:32 AM” “”
“bcmfn2” “BCM Function 2 Device Driver” “Windows (R) Win 7 DDK provider” “c:\windows\system32\drivers\bcmfn2.sys” “3/16/2014 6:07 AM” “”
“BstHdDrv” “BlueStacks Hypervisor for amd64” “BlueStack Systems” “c:\program files (x86)\bluestacks\hd-hypervisor-amd64.sys” “7/21/2016 4:28 PM” “”
“BstkDrv” “Bluestacks Support Driver” "Bluestack System Inc. " “c:\program files (x86)\bluestacks\bstkdrv.sys” “5/9/2016 6:25 AM” “”
“BTHMODEM” “” “” “c:\windows\syswow64\drivers\bthmodem.sys” “” “”
“btwampfl” “@oem30.inf,%btwampfl.ServiceDescription%;btwampfl Bluetooth filter driver” “Broadcom Corporation.” “c:\windows\system32\drivers\btwampfl.sys” “3/23/2015 5:30 PM” “”
“cht4iscsi” “Chelsio iSCSI VMiniport Driver” “Chelsio Communications” “c:\windows\system32\drivers\cht4sx64.sys” “4/20/2016 5:54 AM” “”
“cht4vbd” “Virtual Bus Driver for Chelsio ® T4 Chipset” “Chelsio Communications” “c:\windows\system32\drivers\cht4vx64.sys” “4/15/2016 3:32 AM” “”
“dg_ssudbus” “SAMSUNG USB Composite Device Driver” “Samsung Electronics Co., Ltd.” “c:\windows\system32\drivers\ssudbus.sys” “8/24/2016 4:00 AM” “”
“DrvAgent64” “DriverAgent Direct I/O for 64-bit Windows” “Phoenix Technologies” “c:\windows\syswow64\drivers\drvagent64.sys” “12/14/2009 6:23 AM” “”
“ebdrv” “” “” “c:\windows\syswow64\drivers\evbda.sys” “” “”
“GEARAspiWDM” “CD DVD Filter” “GEAR Software Inc.” “c:\windows\system32\drivers\gearaspiwdm.sys” “5/3/2012 3:56 PM” “”
“Hamachi” “LogMeIn Hamachi Virtual Miniport Driver” “LogMeIn Inc.” “c:\windows\system32\drivers\hamdrv.sys” “3/30/2015 9:28 AM” “”
“HpSAMD” “Smart Array SAS/SATA Controller Media Driver” “Hewlett-Packard Company” “c:\windows\system32\drivers\hpsamd.sys” “3/26/2013 5:36 PM” “”
“iagpio” “Intel(R) Serial IO GPIO Controller Driver” “Intel(R) Corporation” “c:\windows\system32\drivers\iagpio.sys” “2/18/2016 3:35 AM” “”
“iai2c” “Intel(R) Serial IO I2C Driver” “Intel(R) Corporation” “c:\windows\system32\drivers\iai2c.sys” “9/22/2015 2:53 AM” “”
“iaLPSS2i_GPIO2” “Intel(R) Serial IO GPIO Driver v2” “Intel Corporation” “c:\windows\system32\drivers\ialpss2i_gpio2.sys” “3/2/2016 10:06 PM” “”
“iaLPSS2i_I2C” “Intel(R) Serial IO I2C Driver v2” “Intel Corporation” “c:\windows\system32\drivers\ialpss2i_i2c.sys” “3/2/2016 10:06 PM” “”
“iaLPSSi_GPIO” “Intel(R) Serial IO GPIO Controller Driver” “Intel Corporation” “c:\windows\system32\drivers\ialpssi_gpio.sys” “2/2/2015 5:00 AM” “”
“iaLPSSi_I2C” “Intel(R) Serial IO I2C Controller Driver” “Intel Corporation” “c:\windows\system32\drivers\ialpssi_i2c.sys” “2/24/2015 11:52 AM” “”
“iaStorA” “Intel Rapid Storage Technology driver - x64” “Intel Corporation” “c:\windows\system32\drivers\iastora.sys” “1/14/2013 2:00 PM” “”
“iaStorAV” “Intel(R) Rapid Storage Technology driver (inbox) - x64” “Intel Corporation” “c:\windows\system32\drivers\iastorav.sys” “2/19/2015 8:08 AM” “”
“iaStorV” “Intel Matrix Storage Manager driver - x64” “Intel Corporation” “c:\windows\system32\drivers\iastorv.sys” “4/11/2011 2:48 PM” “”
“ibbus” “InfiniBand Fabric Bus Driver” “Mellanox” “c:\windows\system32\drivers\ibbus.sys” “4/10/2016 9:46 AM” “”
“igfx” “Intel Graphics Kernel Mode Driver” “Intel Corporation” “c:\windows\system32\drivers\igdkmd64.sys” “12/21/2015 3:46 PM” “”
“intaud_WaveExtensible” “Intel® WiDi Solution” “Intel Corporation” “c:\windows\system32\drivers\intelaud.sys” “7/8/2015 6:17 PM” “”
“IntcAzAudAddService” “Realtek(r) High Definition Audio Function Driver” “Realtek Semiconductor Corp.” “c:\windows\system32\drivers\rtkvhd64.sys” “7/31/2012 5:46 AM” “”
“IntcDAud” “Intel(R) Display Audio Driver” “Intel(R) Corporation” “c:\windows\system32\drivers\intcdaud.sys” “9/9/2014 8:13 AM” “”
“iwdbus” “Intel® WiDi Solution” “Intel Corporation” “c:\windows\system32\drivers\iwdbus.sys” “11/19/2015 7:37 PM” “”
“libusb0” “LibUSB-Win32 - Kernel Driver” " http://libusb-win32.sourceforge.net " “c:\windows\system32\drivers\libusb0.sys” “4/8/2011 6:29 PM” “”
“LSI_SAS” “LSI Fusion-MPT SAS Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_sas.sys” “3/25/2015 3:36 PM” “”
“LSI_SAS2i” “LSI SAS Gen2 Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_sas2i.sys” “3/28/2016 2:49 PM” “”
“LSI_SAS3i” “Avago SAS Gen3 Driver (StorPort)” “Avago Technologies” “c:\windows\system32\drivers\lsi_sas3i.sys” “3/28/2016 2:49 PM” “”
“LSI_SSS” “LSI SSS PCIe/Flash Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_sss.sys” “3/15/2013 7:39 PM” “”
“megasas” “MEGASAS RAID Controller Driver for Windows” “Avago Technologies” “c:\windows\system32\drivers\megasas.sys” “3/4/2015 10:36 PM” “”
“megasas2i” “MEGASAS RAID Controller Driver for Windows” “Avago Technologies” “c:\windows\system32\drivers\megasas2i.sys” “7/22/2016 5:36 PM” “”
“megasr” “LSI MegaRAID Software RAID Driver” “LSI Corporation, Inc.” “c:\windows\system32\drivers\megasr.sys” “6/3/2013 6:02 PM” “”
“MEIx64” “Intel(R) Management Engine Interface” “Intel Corporation” “c:\windows\system32\drivers\hecix64.sys” “7/2/2012 6:14 PM” “”
“mlx4_bus” “MLX4 Bus Driver” “Mellanox” “c:\windows\system32\drivers\mlx4_bus.sys” “4/10/2016 9:49 AM” “”
“mouclass” “” “” “c:\windows\syswow64\drivers\mouclass.sys” “” “”
“mrxsmb10” “Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers” “” “c:\windows\syswow64\drivers\mrxsmb10.sys” “” “”
“mrxsmb20” “Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers” “” “c:\windows\syswow64\drivers\mrxsmb20.sys” “” “”
“mvumis” “Marvell Flash Controller Driver” “Marvell Semiconductor, Inc.” “c:\windows\system32\drivers\mvumis.sys” “5/23/2014 4:39 PM” “”
“NativeWifiP” “” “” “c:\windows\syswow64\drivers\nwifi.sys” “” “”
“ndfltr” “NetworkDirect Support Filter Driver” “Mellanox” “c:\windows\system32\drivers\ndfltr.sys” “4/10/2016 9:46 AM” “”
“Ndisuio” “” “” “c:\windows\syswow64\drivers\ndisuio.sys” “” “”
“NetAdapterCx” “” “” “c:\windows\syswow64\drivers\netadaptercx.sys” “” “”
“nvraid” “NVIDIA® nForce™ RAID Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvraid.sys” “4/21/2014 2:28 PM” “”
“nvstor” “NVIDIA® nForce™ Sata Performance Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvstor.sys” “4/21/2014 2:34 PM” “”
“percsas2i” “MEGASAS RAID Controller Driver for Windows” “Avago Technologies” “c:\windows\system32\drivers\percsas2i.sys” “3/14/2016 8:50 PM” “”
“percsas3i” “MEGASAS RAID Controller Driver for Windows” “Avago Technologies” “c:\windows\system32\drivers\percsas3i.sys” “3/4/2016 5:22 PM” “”
“RasPppoe” “Remote Access PPPOE Driver” “” “c:\windows\syswow64\drivers\raspppoe.sys” “” “”
“RSP2STOR” “Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8” “Realtek Semiconductor Corp.” “c:\windows\system32\drivers\rtsp2stor.sys” “5/15/2015 3:44 AM” “”
“rt640x64” "Realtek 8136/8168/8169 NDIS 6.40 64-bit Driver " "Realtek " “c:\windows\system32\drivers\rt640x64.sys” “1/21/2016 4:17 AM” “”
“RtlWlanu_OldIC” “Realtek WLAN USB NDIS Driver 28199” "Realtek Semiconductor Corporation " “c:\windows\system32\drivers\rtwlanu_oldic.sys” “4/20/2016 9:43 PM” “”
“scmbus” “” “” “c:\windows\syswow64\drivers\scmbus.sys” “” “”
“SiSRaid2” “SiS RAID Stor Miniport Driver” “Silicon Integrated Systems Corp.” “c:\windows\system32\drivers\sisraid2.sys” “9/24/2008 2:28 PM” “”
“SiSRaid4” “SiS AHCI Stor-Miniport Driver” “Silicon Integrated Systems” “c:\windows\system32\drivers\sisraid4.sys” “10/1/2008 5:56 PM” “”
“ssudmdm” “@oem24.inf,%ssud.Service.Desc%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)” “Samsung Electronics Co., Ltd.” “c:\windows\system32\drivers\ssudmdm.sys” “8/24/2016 4:00 AM” “”
“stexstor” “Promise SuperTrak EX Series Driver for Windows x64” “Promise Technology, Inc.” “c:\windows\system32\drivers\stexstor.sys” “11/26/2012 8:02 PM” “”
“Tcpip” “TCP/IP Protocol Driver” “” “c:\windows\syswow64\drivers\tcpip.sys” “” “”
“UrsChipidea” “” “” “c:\windows\syswow64\drivers\urschipidea.sys” “” “”
“usbcir” “” “” “c:\windows\syswow64\drivers\usbcir.sys” “” “”
“usbser” “” “” “c:\windows\syswow64\drivers\usbser.sys” “” “”
“vdrvroot” “” “” “c:\windows\syswow64\drivers\vdrvroot.sys” “” “”
“VMC412” “” “” “c:\windows\syswow64\drivers\vmc412.sys” “” “”
“vsmraid” “VIA RAID DRIVER FOR AMD-X86-64” “VIA Technologies Inc.,Ltd” “c:\windows\system32\drivers\vsmraid.sys” “4/22/2014 3:21 PM” “”
“VSTXRAID” “VIA StorX RAID Controller Driver” “VIA Corporation” “c:\windows\system32\drivers\vstxraid.sys” “1/21/2013 3:00 PM” “”
“WinMad” “Kernel WinMad” “Mellanox” “c:\windows\system32\drivers\winmad.sys” “4/10/2016 9:46 AM” “”
“WinVerbs” “Kernel WinVerbs” “Mellanox” “c:\windows\system32\drivers\winverbs.sys” “4/10/2016 9:46 AM” “”
“Wof” “” “” “c:\windows\syswow64\drivers\wof.sys” “” “”
“wsvd” “CyberLink Virtual Disk Driver” "“CyberLink” “c:\windows\system32\drivers\wsvd.sys” “6/13/2012 5:10 AM” “”
“ZAM” “ZAM” “Zemana Ltd.” “c:\windows\system32\drivers\zam64.sys” “8/17/2016 1:06 PM” “”
“ZAM_Guard” “ZAM” “Zemana Ltd.” “c:\windows\system32\drivers\zamguard64.sys” “8/17/2016 1:06 PM” “”
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers” “” “” “” “10/1/2016 4:17 AM” “”
“Adobe Type Manager” “Windows NT OpenType/Type 1 Font Driver” “Adobe Systems Incorporated” “c:\windows\system32\atmfd.dll” “11/2/2016 6:31 AM” “”
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32” “” “” “” “11/13/2016 3:48 PM” “”
“msacm.l3acm” “MPEG Layer-3 Audio Codec for MSACM” “Fraunhofer Institut Integrierte Schaltungen IIS” “c:\windows\system32\l3codeca.acm” “7/15/2016 10:26 PM” “”
“VIDC.CFHD” “CineForm VFW CODEC” “CineForm Inc.” “c:\windows\system32\cfhd.dll” “9/15/2016 3:48 PM” “”
“VIDC.LAGS” “Lagarith” " " “c:\windows\system32\lagarith.dll” “12/7/2011 8:37 PM” “”
“HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32” “” “” “” “11/13/2016 3:48 PM” “”
“msacm.l3acm” “MPEG Layer-3 Audio Codec for MSACM” “Fraunhofer Institut Integrierte Schaltungen IIS” “c:\windows\syswow64\l3codeca.acm” “7/15/2016 9:41 PM” “”
“VIDC.CFHD” “CineForm VFW CODEC” “CineForm Inc.” “c:\windows\syswow64\cfhd.dll” “9/15/2016 3:46 PM” “”
“vidc.cvid” “Cinepak® Codec” “Radius Inc.” “c:\windows\syswow64\iccvid.dll” “7/15/2016 9:42 PM” “”
“VIDC.FMVC” “FM Screen Capture Codec (VFW)” “Fox Magic Software” “c:\windows\syswow64\fmcodec.dll” “6/12/2005 10:29 AM” “”
“VIDC.LAGS” “Lagarith” " " “c:\windows\syswow64\lagarith.dll” “12/7/2011 8:32 PM” “”
“HKLM\Software\Wow6432Node\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance” “” “” “” “11/13/2016 3:47 PM” “”
“{080D0809-7456-4FBC-8493-0D2BF99EA48C}” “Photo Gallery Video Acquisition Filters” “Microsoft Corporation” “c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll” “4/1/2014 12:27 AM” “”
“{080D11FB-A303-4514-88FE-7DDA4DFE9E4B}” “Photo Gallery Video Acquisition Filters” “Microsoft Corporation” “c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll” “4/1/2014 12:27 AM” “”
“{080D1473-5FEA-4029-875C-53EE96549ACC}” “Photo Gallery Video Acquisition Filters” “Microsoft Corporation” “c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll” “4/1/2014 12:27 AM” “”
“{080D588E-9756-455B-BBDA-E8BCF9EC7769}” “Photo Gallery Video Acquisition Filters” “Microsoft Corporation” “c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll” “4/1/2014 12:27 AM” “”
“{080D5974-4B61-458B-921B-17628E423713}” “Photo Gallery Video Acquisition Filters” “Microsoft Corporation” “c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll” “4/1/2014 12:27 AM” “”
“{080DEAB4-60D9-4792-98A5-60A0F6A9ACF7}” “Photo Gallery Video Acquisition Filters” “Microsoft Corporation” “c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll” “4/1/2014 12:27 AM” “”
“{080DFEE8-4097-4BAB-B7A7-1B11F4958213}” “Photo Gallery Video Acquisition Filters” “Microsoft Corporation” “c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll” “4/1/2014 12:27 AM” “”
“{09C8D515-5C6A-434D-AD92-FEF7EB153310}” "CyberLink MPEG Video Encoder " "CyberLink Corp. " “c:\program files (x86)\lenovo\power2go\p2gvidenc.ax” “10/26/2005 7:41 AM” “”
“{09FA6191-EB28-4368-9701-A264F9487BDB}” “” “” “c:\program files (x86)\gopro\tools\cfvideochange.ax” “9/15/2016 4:02 PM” “”
“{0BD8F1CE-5F36-4A2B-B8E6-B3466F8EF8C2}” “” “” “c:\program files (x86)\gopro\tools\cftempochange.ax” “9/15/2016 3:52 PM” “”
“{0F5D4CE4-2166-4FF7-9AA1-91330D35978A}” “Bytescout Virtual Camera Filter acts like a video capture source.” “Bytescout” “c:\windows\syswow64\bytescoutscreencapturingfilte r.dll” “3/10/2015 1:25 PM” “”
“{11A947C3-BABC-466E-A678-1FFEC95EB2F8}” “CyberLink MP3 Wrapper” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gmp3wrap.ax” “1/13/2008 10:30 PM” “”
“{15C2BA5D-111A-4139-82A4-21A36546C8B4}” “CyberLink AudioCD Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gaudiocd.ax” “1/21/2008 6:35 AM” “”
“{1986FDCF-F657-4866-A83C-998B943A6321}” “CyberLink Audio Wizard Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\audiofilter\claudwizard.ax ” “8/14/2009 9:26 AM” “”
“{1B5715C6-3EBD-47BF-830A-4C91A6B5E0EE}” “” “” “c:\program files (x86)\gopro\tools\wafian.qtmux.dll” “9/15/2016 3:28 PM” “”
“{1C4F9736-ED6B-4303-8014-FCBEBFF0A0AA}” “” “” “c:\program files (x86)\gopro\tools\cfencoder2.ax” “9/15/2016 3:39 PM” “”
“{1D5BE324-AC17-482F-9070-234EB529AE12}” “Audio Data” “Viscom Software” “c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomaudiodata.dll” “12/2/2006 9:55 AM” “”
“{1EF9EBC1-1CF9-4D4F-A4D2-93FC9AA5E0C7}” “” “” “c:\program files (x86)\gopro\tools\cfencoderraw.ax” “7/2/2015 7:13 PM” “”
“{1FFBD0F1-80CD-4452-8AC4-8FBEED892AFD}” “CES Kernel” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gedtkrn.dll” “5/3/2007 2:18 AM” “”
“{24C79DBF-961B-4DF9-8440-3BEE8C76F1E1}” “CyberLink Line21 Decoder Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\videofilter\clline21.ax” “7/23/2009 10:21 PM” “”
“{2AF76B80-2BDA-4731-932D-3FCFA9276B11}” “CyberLink DVD Navigation Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\navfilter\clnavx.ax” “2/2/2012 8:46 AM” “”
“{2D6F8EBB-80A6-4CF1-8C86-F2A8932DED3F}” “CyberLink AudioCD Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\audiofilter\claudiocd.ax” “6/23/2009 10:00 AM” “”
“{2E9126B1-53F9-4312-B21D-035455BFC80F}” “” “” “c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomspeaker.dll” “6/20/2012 7:12 AM” “”
“{3484F78F-F8CE-4CF3-914F-10F1A76BF0D5}” “CyberLink Video/SP Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gvsd.ax” “11/16/2011 4:43 AM” “”
“{35F0AE98-673B-465F-A4D6-9F18A01F2454}” “CyberLink Matroska Splitter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\navfilter\clmkvsplter.ax” “7/2/2010 5:20 AM” “”
“{36F74DF0-12FF-4881-8A55-E7CE4D12688E}” “CLAuTS.ax” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\audiofilter\clauts.ax” “10/3/2010 11:39 PM” “”
“{38A6AC0C-4B7C-4922-8ADC-D22C55B86666}” “CyberLink RealMedia Splitter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\navfilter\clrmsplitter.ax” “5/6/2010 5:42 AM” “”
“{3A555849-2398-4D61-9B88-CA43CC659585}” “” “” “c:\program files (x86)\gopro\tools\jpegs2stream.dll” “9/15/2016 3:51 PM” “”
“{3C78B8E2-6C4D-11D1-ADE2-0000F8754B99}” “” “Viscom Software” “c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomwave.dll” “8/18/2003 1:31 AM” “”
“{4407F28D-97C2-41C5-A23F-2FAE465CE7BB}” “Bytescout Video Mixer Filter mixes two video streams into one.” “Bytescout” “c:\windows\syswow64\bytescoutvideomixerfilter.dll ” “3/10/2015 1:26 PM” “”
“{473FA820-DC78-4E38-9F13-7AAB9B26092F}” “Wave Form” “Viscom Software www.viscomsoft.com” “c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomwaveform.dll” “12/7/2008 12:19 PM” “”
“{4814F96F-AA42-495B-B6CD-04502698DEED}” “CLRGL” “Cyberlink” “c:\program files (x86)\lenovo\power2go\p2grgl.ax” “9/28/2005 6:42 AM” “”
“{49C53741-6362-47C9-90BE-CCB767141222}” “CyberLink Audio Decoder Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gaud.ax” “12/1/2006 1:59 AM” “”
“{4A55271F-A2C7-4EE5-BDCE-154FEB954E1C}” “CyberLink MPEG Splitter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\navfilter\clsplter.ax” “10/8/2010 4:23 AM” “”
“{4FCE4216-5C59-453B-894D-3E7569C6062F}” “Audio Encoder” “Viscom Software” “c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomaudioencoder.dll” “11/11/2006 9:38 AM” “”
“{501099E1-5C05-4ED3-B0CB-371F97F5412C}” “CyberLink Audio Decoder Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\audiofilter\claud.ax” “5/22/2012 4:03 AM” “”
“{516F1EFA-42F4-436E-801C-B752EB9343EB}” “CyberLink Video/SP Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\videofilter\clvsd.ax” “1/5/2011 7:11 AM” “”
“{5193BE4B-0FAF-4E3E-A7F8-5CB7140D7B7E}” “CLHBMixer” " " “c:\program files (x86)\lenovo\powerdvd10\audiofilter\clhbmixer.ax” “4/11/2012 6:03 AM” “”
“{53CAF9E4-0048-4CF5-A624-C11083C641C6}” “CLVidFx” “CyberLink” “c:\program files (x86)\lenovo\power2go\p2gvidfx.ax” “8/30/2005 12:01 AM” “”
“{55CB3F70-42A2-4B2D-BA9C-040059B124B2}” “” “” “c:\program files (x86)\gopro\tools\h264lpcmmovmux.dll” “9/15/2016 3:52 PM” “”
“{572E539F-D5D0-4AE9-BF0F-7110DC817EAE}” “viscomaudio.dll” “Viscom Software www.viscomsoft.com” “c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomaudio.dll” “12/8/2008 10:25 AM” “”
“{5E479EF1-9BDB-42AA-B273-6004D83C9212}” “CLAuNR” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gaunrwrapper.ax” “10/16/2005 10:34 PM” “”
“{5EFC04B3-68C0-4BFF-8BD4-61037272D70D}” “CyberLink Audio Effect Filter” “CyberLink Corporation” “c:\program files (x86)\lenovo\powerdvd10\audiofilter\claudfx.ax” “12/25/2009 4:54 AM” “”
“{61665621-5523-11D4-A717-80E5A24FE52B}” “CLImage” “CyberLink” “c:\program files (x86)\cyberlink\shared files\climage.ax” “11/7/2006 12:16 AM” “”
“{6263C176-0876-4B04-8DE0-44AB74489D72}” “CyberLink MPEG Splitter” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gm2spliter.ax” “12/3/2007 11:10 PM” “”
“{66855507-19B6-45B0-A83A-78178247CADC}” “CyberLink Audio Volume Booster Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gvb.ax” “10/8/2004 4:36 AM” “”
“{6E0EED5F-4B78-455F-B688-073E3E5D1079}” “Cyberlink File Dump Dispatch Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gdumpdispatch.ax” “12/12/2003 3:01 AM” “”
“{6F5BAD7B-9AE3-4937-B0B2-4CD4672523F7}” “” “” “c:\program files (x86)\gopro\tools\qtdemux.dll” “9/15/2016 3:28 PM” “”
“{74CFD057-E3A4-4352-8357-477084086D4B}” “viscomaudioprocess.dll” “” “c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomaudioprocess.dll” “6/9/2012 1:31 AM” “”
“{74DA3201-9816-42E9-88F6-8E0B72E639E0}” “CLAuRsmpl.ax” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gaursmpl.ax” “2/24/2005 10:41 PM” “”
“{781C76F5-5F6B-4F84-A987-FE6063313925}” “Photo Gallery Video Acquisition Filters” “Microsoft Corporation” “c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll” “4/1/2014 12:27 AM” “”
“{7A4A08EA-409C-4618-AE4A-FC7584FDCB7A}” “DigestFilter Dynamic Link Library” “” “c:\program files (x86)\lenovo\powerdvd10\digestfilter.dll” “4/28/2010 8:54 AM” “”
“{7D9070AB-371A-4614-A964-D21BDFE1030B}” “CyberLink MPEG Splitter” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gm1spliter.ax” “12/3/2007 11:11 PM” “”
“{8BF03152-F394-4C94-A2EB-44D6B80C9E91}” “CLSubTitle.ax” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\videofilter\clsubtitle.ax” “6/23/2011 3:22 AM” “”
“{8C56B364-6CD9-4907-B5C1-30A4B03D35B8}” “Cyberlink MPEG File Reader” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2greader.ax” “6/15/2003 11:35 PM” “”
“{8D508C0D-E1C3-4C85-A7B6-7B5CD4392105}” “CLM2VWriter” “CyberLink” “c:\program files (x86)\lenovo\power2go\p2gm2vwriter.ax” “8/17/2005 10:45 AM” “”
“{8DA364BE-DF1D-43F9-9A86-CC06F53C082C}” “Intel® Media SDK AAC Decoder” “Intel Corporation” “c:\program files (x86)\gopro\tools\imc_aac_dec_ds.dll” “7/27/2012 3:11 PM” “”
“{93D04A3E-1510-4FBF-9AAF-F1F09C3BC71E}” “Cyberlink File Dump Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gdump.ax” “11/22/2006 8:15 AM” “”
“{94F20D00-59CE-4FF7-BFB8-E6BF852AD4B0}” “CLVideoDeShaking” “CyberLink” “c:\program files (x86)\lenovo\power2go\p2gvideostabilizer.ax” “10/17/2005 2:28 AM” “”
“{9B16BA00-C8B5-48F6-BF4A-DE3E5E587BF0}” “CyberLink PCM Wrapper” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gpcmenc.ax” “3/21/2002 1:54 AM” “”
“{9C3913B7-EB91-427D-8404-D0EE84484250}” “” “” “c:\program files (x86)\gopro\tools\cfstereofixer.ax” “9/15/2016 3:51 PM” “”
“{A2A6B846-D118-4300-AE07-F31860887BC2}” “Intel® Media Codecs MPEG-4 Splitter” “Intel Corporation” “c:\program files (x86)\gopro\tools\imc_mp4_spl_ds.dll” “9/15/2016 3:27 PM” “”
“{A93F76CF-4B73-4B67-89ED-7E0AF90BBFED}” “CyberLink Video Decoder Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\videofilter\clcvd.ax” “11/9/2011 1:35 AM” “”
“{AD83011E-01D1-4623-91FD-6B75F183C5A9}” “CineForm DirectShow Decoder” “CineForm Inc.” “c:\program files (x86)\gopro\tools\cfdecode2.ax” “9/15/2016 3:43 PM” “”
“{B5F41335-A18B-4362-A406-F09E43658116}” “CyberLink Tzan Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\videofilter\cltzan.ax” “9/15/2011 2:04 AM” “”
“{B77D0683-4636-4550-98B6-E2713FDE2437}” “” “” “c:\program files (x86)\gopro\tools\cfvideosource.ax” “9/15/2016 3:49 PM” “”
“{C548BB6C-0E62-4A25-AE4E-DE41856BC682}” “CyberLink RealMedia Video Decoder” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\videofilter\clrmvd.ax” “12/24/2009 11:42 PM” “”
“{C88A3744-DE30-4316-BAFB-269C8A25856C}” “CLSubTitle.ax” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\videofilter\clsubtitle.ax” “6/23/2011 3:22 AM” “”
“{CB488050-23B8-411D-B861-D00BA44B8D02}” “Intel® Media Codecs MP4 Muxer” “Intel Corporation” “c:\program files (x86)\gopro\tools\imc_mp4_mux_ds.dll” “9/15/2016 3:27 PM” “”
“{CC29DF71-ECDE-4C60-BCD7-7503557AAB54}” “CLAuTS.ax” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gauts.ax” “10/12/2004 10:32 AM” “”
“{CCCE52FD-02CB-482C-AC81-1E55EF1D61EE}” “Intel® Media SDK H.264 Decoder” “Intel Corporation” “c:\program files (x86)\gopro\tools\h264_dec_filter.dll” “9/15/2016 3:26 PM” “”
“{CDCFDBB0-6518-4239-8085-A16AD63488AE}” “CyberLink MPEG Splitter” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gtlmsplter.ax” “10/19/2006 1:33 AM” “”
“{CF6ED441-FC79-4F1A-9D91-4AE01C570B81}” “MpgMux” “CyberLink” “c:\program files (x86)\lenovo\power2go\p2gmpgmux.ax” “5/23/2008 3:27 AM” “”
“{D00E73D7-06F5-44F9-8BE4-B7DB191E9E7E}” “CyberLink Video Decoder Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\videofilter\clcvd.ax” “11/9/2011 1:35 AM” “”
“{D2C12C78-9398-4ECA-9F88-2FE4D8C7A539}” “” “” “c:\program files (x86)\gopro\tools\cfsamplerate.ax” “9/15/2016 4:02 PM” “”
“{D8F506E3-899D-4E83-BA28-3139D6C71CE8}” “” “” “c:\program files (x86)\gopro\tools\cfstereomux.ax” “9/15/2016 3:51 PM” “”
“{DB17C0D7-EA02-4CC0-94A3-C8E07B1510F9}” “CyberLink MPEG-4 Splitter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\navfilter\clm4splt.ax” “5/6/2010 6:39 AM” “”
“{DB5D8193-CB8D-4C72-98A5-1C147E075EDF}” “CyberLink RealMedia Audio Decoder” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\audiofilter\clrmaud.ax” “12/24/2009 11:44 PM” “”
“{E022CD24-BED2-43C6-9140-B7E26BC1D91A}” “CineForm DirectShow Encoder” “CineForm Inc.” “c:\program files (x86)\gopro\tools\cfencode.ax” “7/2/2015 7:11 PM” “”
“{E51EF49D-DDB0-4874-A873-C5100171146F}” “Intel® Media Codecs AAC Encoder” “Intel Corporation” “c:\program files (x86)\gopro\tools\imc_aac_enc_ds.dll” “9/15/2016 3:27 PM” “”
“{E5B455E5-098A-4B65-B2A8-871274FF51CE}” “CyberLink Video Regulator” “CyberLink” “c:\program files (x86)\lenovo\power2go\p2gresample.ax” “6/17/2002 11:32 PM” “”
“{E8F36981-7D45-4AF4-ACA2-E7D960D5AD6F}” “CyberLink Audio Encoder Filter” “Cyberlink Corp.” “c:\program files (x86)\lenovo\power2go\p2gaudenc.ax” “12/20/2006 5:20 AM” “”
“{ECA099DE-D413-4500-B401-6C4FF1EB9580}” “CyberLink FLV Splitter” “CyberLink Corp.” “c:\program files (x86)\lenovo\powerdvd10\navfilter\clflvsplitter.ax ” “9/27/2011 3:30 AM” “”
“{F07E981B-0EC4-4665-A671-C24955D11A38}” “CLDemuxer2” “Cyberlink” “c:\program files (x86)\lenovo\powerdvd10\navfilter\cldemuxer2.ax” “1/18/2011 8:29 AM” “”
“{FF1715E9-885B-47A8-8F76-16C44539309B}” “CyberLink Video/SP Filter” “CyberLink Corp.” “c:\program files (x86)\lenovo\power2go\p2gmvd.ax” “9/29/2003 9:50 AM” “”
“HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command (Default)” “” “” “” “10/1/2016 4:59 AM” “”
“C:\Program Files\Internet Explorer\IEXPLORE.EXE” “Internet Explorer” “Microsoft Corporation” “c:\program files\internet explorer\iexplore.exe” “7/15/2016 10:17 PM” “”
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Au thentication\Credential Providers” “” “” “” “10/1/2016 4:34 AM” “”
“BtwCredentialProvider” “BtwCP DLL” “Broadcom Corporation.” “c:\program files\lenovo\bluetooth software\btwcp.dll” “8/17/2012 1:18 PM” “”
“HKLM\System\CurrentControlSet\Services\WinSock2\P arameters\NameSpace_Catalog5\Catalog_Entries” “” “” “” “10/1/2016 4:43 AM” “”
“mdnsNSP” “Bonjour Namespace Provider” “Apple Inc.” “c:\program files (x86)\bonjour\mdnsnsp.dll” “8/12/2015 6:48 PM” “”
“HKLM\System\CurrentControlSet\Services\WinSock2\P arameters\NameSpace_Catalog5\Catalog_Entries64” “” “” “” “10/1/2016 4:43 AM” “”
“mdnsNSP” “Bonjour Namespace Provider” “Apple Inc.” “c:\program files\bonjour\mdnsnsp.dll” “8/12/2015 6:47 PM” “”
“HKLM\SYSTEM\CurrentControlSet\Control\Print\Monit ors” “” “” “” “10/5/2016 11:20 PM” “”
“HP DF11 Status Monitor” “Print Status Language Monitor” “Hewlett-Packard Development Company, LP” “c:\windows\system32\hpinkstsdf11lm.dll” “9/4/2015 6:48 AM” “”
“Nitro PDF Port Monitor” “Windows NT Nitro Print PDF Interface Driver” “Nitro PDF Software” “c:\windows\system32\nitrolocalmon2.dll” “12/12/2012 6:24 AM” “”
“PCL hpz3llhn” “LanguageMonitor” “Hewlett-Packard Company” “c:\windows\system32\hpz3llhn.dll” “5/23/2007 5:26 PM” “”
“HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Securit y Packages” “” “” “” “12/4/2016 7:40 PM” “”
“livessp” “” “” “File not found: livessp” “” “”
“HKLM\Software\Microsoft\Office\Outlook\Addins” “” “” “” “10/1/2016 4:33 AM” “”
“Apple DAV Outlook Addin” “” “” “” “10/1/2016 4:33 AM” “”

**Malnutrition** · 12-06-2016, 07:41 PM

Fix with Autoruns.

Open Autoruns as administrator and under the “Task Scheduler” tab and uncheck these items.

“” “” “” “” “”

“\Adobe Acrobat Update Task” “Adobe Reader and Acrobat Manager” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe” “10/21/2016 9:56 PM” “”
“\Adobe Uninstaller” “Adobe Creative Cloud” “Adobe Systems Incorporated” “c:\program files (x86)\adobe\adobe creative cloud\acc\creative cloud.exe” “10/25/2016 1:24 PM” “”
“\AdobeAAMUpdater-1.0-MicrosoftAccount...reor@gmail.com” “Adobe Updater Startup Utility” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.e xe” “6/29/2016 3:29 AM” “”
“\Apple Diagnostics” “YSLoaderW.exe” “Apple Inc.” “c:\program files (x86)\common files\apple\internet services\ereporter.exe” “7/30/2014 6:24 PM” “”
“\Apple\AppleSoftwareUpdate” “Apple Software Update” “Apple Inc.” “c:\program files (x86)\apple software update\softwareupdate.exe” “2/23/2016 7:31 PM” “”
“\Microsoft\Windows\ApplicationData\appuriverifier daily” “” “” “c:\windows\syswow64\apphostregistrationverifier.e xe” “” “”
“\Microsoft\Windows\CloudExperienceHost\CreateObje ctTask” “” “” “c:\windows\syswow64\cloudexperiencehostbroker.exe ” “” “”
“\Microsoft\Windows\DiskFootprint\Diagnostics” “” “” “c:\windows\syswow64\disksnapshot.exe” “” “”
“\Microsoft\Windows\DUSM\dusmtask” “” “” “c:\windows\syswow64\dusmtask.exe” “” “”
“\Microsoft\Windows\Feedback\Siuf\DmClient” “” “” “c:\windows\syswow64\dmclient.exe” “” “”
“\Microsoft\Windows\Multimedia\Manager” “” “” “c:\users\ivan” “11/29/2016 2:51 PM” “”
“\Microsoft\Windows\NetTrace\GatherNetworkInfo” “” “” “c:\windows\system32\gathernetworkinfo.vbs” “7/16/2016 7:42 AM” “”
“\Microsoft\Windows\Time Zone\SynchronizeTimeZone” “” “” “c:\windows\syswow64\tzsync.exe” “” “”
“\Microsoft\Windows\UpdateOrchestrator\MusUx_Updat eInterval” “” “” “c:\windows\syswow64\musnotification.exe” “” “”
“\Microsoft\Windows\Windows Media Sharing\UpdateLibrary” “Windows Media Player Network Sharing Service Configuration Application” “Microsoft Corporation” “c:\program files\windows media player\wmpnscfg.exe” “7/15/2016 10:25 PM” “”
“\MirageAgent” “YouCam Mirage” “CyberLink” “c:\program files (x86)\lenovo\youcam\ycmmirage.exe” “6/29/2010 12:05 AM” “”

Fix with HijackThis!

Close all other programs!

Right Click Hijack this, run as administrator.
Click do a system scan only.
Place a tick next to the items below.

O4 - HKLM..\Run: [OSD Utility] C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe
O4 - HKLM..\Run: [Lenovo Silver Silk Wireless Keyboard] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
O4 - HKLM..\Run: [YouCam Mirage] “C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe”
O4 - HKLM..\Run: [YouCam Tray] “C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe” /s
O4 - HKLM..\Run: [CLMLServer] “C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe”
O4 - HKLM..\Run: [UpdateP2GoShortCut] “C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe ” “C:\Program Files (x86)\Lenovo\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”
O4 - HKLM..\Run: [Intel AppUp(SM) center] “C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe” --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM..\Run: [RemoteControl10] “C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe”
O4 - HKLM..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM..\Run: [APSDaemon] “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM..\Run: [ADSKAppManager] “C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe” -showminimized -checkautorun
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM..\Run: [EEventManager] “C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe”
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM..\Run: [AdobeCS6ServiceManager] “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e” -launchedbylogin
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] “C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe” --auto-start
O4 - HKLM..\Run: [Adobe Creative Cloud] “C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe” --showwindow=false --onOSstartup=true
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU..\Run: [Akamai NetSession Interface] “C:\Users\Ivan Reyes Ortega\AppData\Local\Akamai\netsession_win.exe”
O4 - HKCU..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU..\Run: [OneDrive] “C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.e xe” /background
O4 - HKCU..\Run: [Spotify Web Helper] “C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.ex e”
O4 - HKCU..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
O4 - HKCU..\Run: [Discord] C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\app-0.0.296\Discord.exe
O4 - HKCU..\Run: [CCleaner Monitoring] “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR
O4 - HKUS\S-1-5-18..\Run: [GarminExpressTrayApp] “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [GarminExpressTrayApp] “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘Default user’)
O4 - Startup: Monitor Ink Alerts - HP DeskJet 1110 series.lnk = ?
O4 - Global Startup: GoPro Importer.lnk = C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

Click fix checked.
Accept the prompt.
Reboot the machine after.

How abouot the FRST and Poweliks logs?
I have prepared a fix with Hijack this that will disable useless startups, to answer your question.
Also, I just found redundant useless files with FRST that are not needed on your machine.

**Iaro96** · 12-07-2016, 01:11 AM

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 05-12-2016
Ran by Ivan Reyes Ortega (06-12-2016 20:08:00) Run:3
Running from C:\Users\Ivan Reyes Ortega\Desktop\Defenses\FRST
Loaded Profiles: Ivan Reyes Ortega (Available Profiles: Joanne & Ivan Reyes Ortega & Guest)
Boot Mode: Normal[/HEADING]
fixlist content:

CreateRestorePoint:
HKU\S-1-5-21-2198469641-46685643-2895634536-1004...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
ShortcutTarget: GoPro Importer.lnk → C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
Tcpip..\Interfaces{0d7355bc-6532-4c94-b735-8764407bd143}: [DhcpNameServer] 10.0.0.1
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
2016-12-03 13:36 - 2016-12-03 13:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign24a766ecde44338e
2016-12-03 13:35 - 2016-12-03 13:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf09fbed49c3953e4
2016-12-03 13:35 - 2016-12-03 13:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1f33b77bdb865bb0
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna2fdc6ed1fe23680
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4e306507b2235406
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign25b2817565b6a165
2016-12-02 14:55 - 2016-12-02 14:55 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4113661bfbf9ec4
2016-12-02 14:55 - 2016-12-02 14:55 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1da0b20d8b0c50da
2016-12-02 14:54 - 2016-12-02 14:54 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign416e9ee4319f429f
2016-12-02 14:30 - 2016-12-02 14:30 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign86f116bd6107cff4
2016-12-02 12:04 - 2016-12-02 12:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2ace09325c114503
2016-12-02 12:04 - 2016-12-02 12:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign20a9e2558c5efb45
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb1634104eabce732
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign87cdf395b9e99bb2
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5de8bdc3fd576b90
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1ae5dd934df26a18
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigneb6f4281d561f241
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5f38946803be124d
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign076fcfe5d2dca300
C:\WINDOWS\System32\Tasks\GarminUpdaterTask
C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4217be0e706de9d
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna961d9b996b69b6a
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1fbdbf9ade0c62c0
2016-12-01 11:32 - 2016-12-01 11:32 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign6d5981f57fb8d901
2016-12-01 11:31 - 2016-12-01 11:31 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf98a8353c428fca7
2016-12-01 11:31 - 2016-12-01 11:31 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45d51b50f63c5ee9
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf733f83a8b8abf78
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign829839379033796c
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4eb3dfc44eeaf8bb
2016-12-01 03:57 - 2016-12-01 03:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2b7b54a26e1ef520
2016-12-01 03:04 - 2016-12-01 03:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc248ede3762bf2ad
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc24887e1e604e95c
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign682256ca7e561c64
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4da3bfde17a0b234
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3ab1887b15cdc5ff
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign379df4a28d7b0a04
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9eed872c99fc8b77
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a211b0077920826
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1584d9d439aae027
2016-12-01 00:28 - 2016-12-01 00:28 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9529c9df4bbf6a46
2016-12-01 00:28 - 2016-12-01 00:28 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign78c6c1ed6caffe3e
2016-12-01 00:26 - 2016-12-01 00:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign65bc5baca0181620
2016-12-01 00:24 - 2016-12-01 00:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc7cd6e62e15b1529
2016-12-01 00:24 - 2016-12-01 00:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5da3c183c298ade2
2016-12-01 00:12 - 2016-12-01 00:12 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0c0664295fa8a1e4
2016-11-30 13:30 - 2016-11-30 13:30 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign84b5d366502b6cec
2016-11-30 12:35 - 2016-11-30 12:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignbe840b5f627a8589
2016-11-30 12:35 - 2016-11-30 12:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2107f73f8e532d86
2016-11-30 10:37 - 2016-11-30 10:37 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd8e40a378942779a
2016-11-30 10:36 - 2016-11-30 10:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a739be8cf76bf28
2016-11-30 10:36 - 2016-11-30 10:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign14e14c73aa6fb958
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc59d70c7919ffb7d
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9465d48e85c1dbb5
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0d962e5933c6cf32
2016-11-30 10:24 - 2016-11-30 10:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb18e280626faf76f
2016-11-30 10:24 - 2016-11-30 10:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0a5ece4d67ce42fa
2016-11-30 10:23 - 2016-11-30 10:23 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0672381c9e7f3729
2016-11-30 00:01 - 2016-11-30 00:01 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd7901b76d0c6ca59
2016-11-30 00:01 - 2016-11-30 00:01 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1079eea9752a8bea
2016-11-30 00:00 - 2016-11-30 00:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigne0fb814359a08ec8
2016-11-29 16:10 - 2016-11-29 16:10 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1d0cf9aa9f0006bd
2016-11-29 16:10 - 2016-11-29 16:10 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1496dc2f1f5dc247
2016-11-29 16:03 - 2016-11-29 16:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf45da2ae1fcaddc0
2016-11-29 16:03 - 2016-11-29 16:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45400c04d65206d8
2016-11-28 02:29 - 2016-11-28 02:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC
2016-11-30 10:29 - 2016-12-02 12:02 - 0000033 _____ () C:\Users\Ivan Reyes Ortega\AppData\Roaming\AdobeWLCMCache.dat
2016-11-28 11:04 - 2016-11-28 11:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-28 11:05 - 2016-11-28 11:05 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64. bc
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID{0E270DAA-1BE6-48F2-AC49-BCB9FC4F747E}\InprocServer32 → %%systemroot%%\system32\shell32.dll => No File
Task: {2112063D-C2C4-4ED2-8D91-EA33E01EA3AC} - {8DD3EE36-D507-432E-A9B1-FA7778A3BE83} → No File <==== ATTENTION
Task: {94F39B2E-640A-4BC1-8B69-188EE055C68A} - {7C134AF1-A52C-45FB-A769-590205637799} → No File <==== ATTENTION
Task: {96BB6801-483A-46F9-B8E5-4BE2680F272B} - {DB50062B-1108-4516-B07E-CB933EB55684} → No File <==== ATTENTION
Shortcut: C:\Users\Ivan Reyes Ortega\Desktop\N?xon Launcher.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen .bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogle Chr?m?.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?unch Int?rnet Ex?lor?r ?rows?r.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\G?ogl e ?hr?m?.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gle Chr?m?.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop??ttle.n?t.lnk → C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat (No File) <===== Cyrillic
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

Restore point was successfully created.
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Software\Microsoft\Windows\CurrentVersion\Run \CCleaner Monitoring => value not found.
C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{0d7355bc-6532-4c94-b735-8764407bd143}\DhcpNameServer => value removed successfully
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units{4FF78044-96B4-4312-A5B7-FDA3CB328095}” => key removed successfully
HKCR\Wow6432Node\CLSID{4FF78044-96B4-4312-A5B7-FDA3CB328095} => key not found.
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign24a766ecde44338e => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf09fbed49c3953e4 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1f33b77bdb865bb0 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna2fdc6ed1fe23680 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4e306507b2235406 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign25b2817565b6a165 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4113661bfbf9ec4 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1da0b20d8b0c50da => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign416e9ee4319f429f => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign86f116bd6107cff4 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2ace09325c114503 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign20a9e2558c5efb45 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb1634104eabce732 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign87cdf395b9e99bb2 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5de8bdc3fd576b90 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1ae5dd934df26a18 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigneb6f4281d561f241 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5f38946803be124d => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign076fcfe5d2dca300 => moved successfully
C:\WINDOWS\System32\Tasks\GarminUpdaterTask => moved successfully
C:\WINDOWS\System32\Tasks\Apple Diagnostics => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4217be0e706de9d => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna961d9b996b69b6a => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1fbdbf9ade0c62c0 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign6d5981f57fb8d901 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf98a8353c428fca7 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45d51b50f63c5ee9 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf733f83a8b8abf78 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign829839379033796c => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4eb3dfc44eeaf8bb => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2b7b54a26e1ef520 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc248ede3762bf2ad => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc24887e1e604e95c => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign682256ca7e561c64 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4da3bfde17a0b234 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3ab1887b15cdc5ff => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign379df4a28d7b0a04 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9eed872c99fc8b77 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a211b0077920826 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1584d9d439aae027 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9529c9df4bbf6a46 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign78c6c1ed6caffe3e => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign65bc5baca0181620 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc7cd6e62e15b1529 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5da3c183c298ade2 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0c0664295fa8a1e4 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign84b5d366502b6cec => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignbe840b5f627a8589 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2107f73f8e532d86 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd8e40a378942779a => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a739be8cf76bf28 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign14e14c73aa6fb958 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc59d70c7919ffb7d => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9465d48e85c1dbb5 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0d962e5933c6cf32 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb18e280626faf76f => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0a5ece4d67ce42fa => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0672381c9e7f3729 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd7901b76d0c6ca59 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1079eea9752a8bea => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigne0fb814359a08ec8 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1d0cf9aa9f0006bd => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1496dc2f1f5dc247 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf45da2ae1fcaddc0 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45400c04d65206d8 => moved successfully
“C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC” => not found.
C:\Users\Ivan Reyes Ortega\AppData\Roaming\AdobeWLCMCache.dat => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.351.64. bc => moved successfully
“HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID{0E270DAA-1BE6-48F2-AC49-BCB9FC4F747E}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{2112063 D-C2C4-4ED2-8D91-EA33E01EA3AC}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2112063 D-C2C4-4ED2-8D91-EA33E01EA3AC}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{8DD3EE36-D507-432E-A9B1-FA7778A3BE83}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{94F39B2 E-640A-4BC1-8B69-188EE055C68A}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{94F39B2 E-640A-4BC1-8B69-188EE055C68A}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{7C134AF1-A52C-45FB-A769-590205637799}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{96BB680 1-483A-46F9-B8E5-4BE2680F272B}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{96BB680 1-483A-46F9-B8E5-4BE2680F272B}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{DB50062B-1108-4516-B07E-CB933EB55684}” => key removed successfully
“C:\Users\Ivan Reyes Ortega\Desktop\N?xon Launcher.lnk” => Could not move.
“C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogle Chr?m?.lnk” => Could not move.
“C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?unch Int?rnet Ex?lor?r ?rows?r.lnk” => Could not move.
“C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\G?ogl e ?hr?m?.lnk” => Could not move.
“C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gle Chr?m?.lnk” => Could not move.
“C:\Users\Public\Desktop??ttle.n?t.lnk” => Could not move.
========= ipconfig /flushdns =========
[HEADING=1]Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
“C:\Windows\System32\Drivers\etc\hosts” => Could not move.
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 177882780 B
Java, Flash, Steam htmlcache => 226889461 B
Windows/system/drivers => 51861934 B
Edge => 228104068 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Joanne => 18384334 B
Ivan Reyes Ortega => 134076673 B
Guest => 0 B
RecycleBin => 3178018440 B
EmptyTemp: => 3.7 GB temporary data Removed.[/HEADING]
The system needed a reboot.
==== End of Fixlog 20:09:44 ====

**Malnutrition** · 12-07-2016, 03:31 AM

So… how are things running now? Any issues to speak of?

**Malnutrition** · 12-07-2016, 06:59 PM

Issue solved or not?

@Iaro96

**Iaro96** · 12-08-2016, 04:27 PM

Sorry for the late response. I’m in finals week.
I’m bit paranoic about having viruses hiding. Did you see anything on the logs I sent you? or was everything safe?
If it seems like I’m safe, then the only problems left are the Lenovo error pop up at startup and Chrome, which I’m unable to install even with the ResetMyBrowser.

**Malnutrition** · 12-09-2016, 01:31 PM

I see no virus left on your machine. Can you post FRESH hijack this and autoruns logs.

**Malnutrition** · 12-09-2016, 10:07 PM

Can you tell me the exact error that pops up, and also try and install Chrome with the Patch My PC Tool. Or log into the built in admin account and install Chrome that way.

**Malnutrition** · 12-11-2016, 09:42 PM

@Iaro96 How about an update for us? If there is no update in 48 Hours, this thread will be closed.

**Iaro96** · 12-12-2016, 04:27 AM

Hello! Really sorry, finals week.
I’m unfamiliar with those tools, but will try. Ill post a picture of the error shortly.

**Iaro96** · 12-12-2016, 04:28 AM

[ATTACH]1064[/ATTACH]

**Malnutrition** · 12-12-2016, 04:39 AM

Ok, using Autoruns type or copy and paste Lenovo-31951.vbs & Lenovo-31886.vbs into the search window, then uncheck the item once found. Reboot the machine.

[ATTACH]1065[/ATTACH]

Use Patch My Pc to install Google Chrome.

Fresh FRST Logs.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked.[/li][li]Press Scan button and wait.[/li][li]The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.[/li][/ul]
Please Copy & Paste them into your next reply

**Iaro96** · 12-13-2016, 04:56 PM

Alright, will do these things in the same order as listed!

UC Chinese Virus

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment