Solved UC Chinese Virus

Iaro96 · Dec 1, 2016

However, after doing what @jmarket told me, I'll re run the scan (this time with sleep off) and follow the other commands listed by @Malnutrition.

Iaro96 · Dec 1, 2016

@jmarket , I ran the program... and it asked me if I wanted to use the "Visualization Technology", after researching on it, I pressed yes and I got a blue screen of death. Will try again without the visualization thingy.

Iaro96 · Dec 1, 2016

@jmarket
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-12-01 00:01:34
-----------------------------
00:01:34.466 OS Version: Windows x64 6.2.9200
00:01:34.467 Number of processors: 4 586 0x3A09
00:01:34.468 ComputerName: HOMEPC UserName:
00:01:48.000 Initialize success
00:01:48.297 VM: initialized successfully
00:01:48.299 VM: Intel CPU supported
00:02:18.378 VM: not used
00:03:12.013 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000029
00:03:12.019 Disk 0 Vendor: WDC_WD10JPVT-24A1YT0 01.01A01 Size: 953869MB BusType: 11
00:03:12.454 Disk 0 MBR read successfully
00:03:12.459 Disk 0 MBR scan
00:03:12.465 Disk 0 unknown MBR code
00:03:12.488 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
00:03:12.844 Disk 0 scanning C:\WINDOWS\system32\drivers
00:04:33.600 Service scanning
00:06:21.844 Modules scanning
00:06:21.844 Disk 0 trace - called modules:
00:06:21.875 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
00:06:22.391 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffdb01ffa48060]
00:06:22.391 3 CLASSPNP.SYS[fffff80162015efb] -> nt!IofCallDriver -> [0xffffdb01fd3cf7c0]
00:06:22.391 5 ACPI.sys[fffff80161854571] -> nt!IofCallDriver -> \Device\00000029[0xffffdb01fd3e9400]
00:06:22.406 Disk 0 statistics 27054/0/0 @ 0.27 MB/s
00:06:22.406 Scan finished successfully
00:09:07.821 Disk 0 MBR has been saved successfully to "C:\Users\Ivan Reyes Ortega\Desktop\MBR.dat"
00:09:07.837 The log file has been saved successfully to "C:\Users\Ivan Reyes Ortega\Desktop\aswMBR.txt"

jmarket · Dec 1, 2016

Looks good

You can continue with Mal's instructions

Iaro96 · Dec 1, 2016

I will continue tomorrow morning since I wont be be back till very late today and in order to complete the scan properly the computer should not sleep.

Iaro96 · Dec 2, 2016

Found out I had to change my settings to "Turn my monitor off after:" Never. Will leave the scan overnight once again (Hopefully, this time successfully)

Iaro96 · Dec 2, 2016

Iaro96 · Dec 2, 2016

As for the 9lab scan; it seems like it wont work.

Malnutrition · Dec 4, 2016

Sorry for the delay, can you post a fresh set of FRST logs and please tell me what issues remain.

Also, try and run 9-Lab in safe mode with networking.

Iaro96 · Dec 4, 2016

Alright! Will try the 9-lab in safe mode with networking. Tomorrow will post results and the FRST logs.

Malnutrition · Dec 5, 2016

If you can not get 9-Lab to run just skip it, just get me the FRST logs so that I can check for any lingering malware.

Iaro96 · Dec 5, 2016

The 9 lab scanner detected like 9000+ files! Are all of these really viruses? Could paste the file so I've attached it. Additionally, it got stuck and unable to delete 4 of the items. I'm also attaching a picture showing this.

Iaro96 · Dec 5, 2016

Here are the FRST logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-12-2016
Ran by Ivan Reyes Ortega (administrator) on HOMEPC (05-12-2016 11:31:54)
Running from C:\Users\Ivan Reyes Ortega\Desktop\Defenses\FRST
Loaded Profiles: Ivan Reyes Ortega (Available Profiles: Joanne & Ivan Reyes Ortega & Guest)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Everything\Everything.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Spotify Ltd) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Quanta Computer Inc.) C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-01] (Microsoft Corporation)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2016-10-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM-x32\...\Run: [OSD Utility] => C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe [18276352 2012-05-21] (Quanta Computer Inc.)
HKLM-x32\...\Run: [Lenovo Silver Silk Wireless Keyboard] => C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [392192 2012-02-17] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-04] (Autodesk Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-09-19] (Apple Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Run: [Akamai NetSession Interface] => "C:\Users\Ivan Reyes Ortega\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Run: [Spotify Web Helper] => C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-23] (Spotify Ltd)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [974360 2016-07-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Run: [Discord] => C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-01-07]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-02-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP DeskJet 1110 series.lnk [2016-12-04]
ShortcutTarget: Monitor Ink Alerts - HP DeskJet 1110 series.lnk -> C:\Program Files\HP\HP DeskJet 1110 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0d7355bc-6532-4c94-b735-8764407bd143}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-26] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-26] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-03-12] (Nexon)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2198469641-46685643-2895634536-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ivan Reyes Ortega\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-04] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2015-08-20] (Broadcom Corporation.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-07-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-07-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-07-21] (BlueStack Systems, Inc.)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [430480 2013-02-22] (Nuance Communications, Inc.)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-15] (Microsoft) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1029648 2016-11-29] (Garmin Ltd. or its subsidiaries)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-10-11] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2012-05-17] (Microsoft) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-26] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-26] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-08-20] (Broadcom Corporation.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-07-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-07-21] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2015-10-21] (hxxp://libusb-win32.sourceforge.net)
R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E779B6D3-1BBF-41CD-A3E2-813FD27FD992}\MpKslDrv.sys [44928 2016-12-04] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2016-03-08] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 VMC412; C:\WINDOWS\System32\Drivers\VMC412.sys [241920 2016-03-08] (Vimicro Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-11-29] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-11-29] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-05 11:16 - 2016-12-05 11:16 - 01852259 _____ C:\Users\Ivan Reyes Ortega\Desktop\9lab results.txt
2016-12-05 11:12 - 2016-12-05 11:12 - 01852259 _____ C:\Users\Ivan Reyes Ortega\Desktop\9lab-log-2016-12-05 (00-58-33).txt
2016-12-04 01:50 - 2016-12-04 01:50 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-12-03 13:36 - 2016-12-03 13:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign24a766ecde44338e
2016-12-03 13:35 - 2016-12-03 13:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf09fbed49c3953e4
2016-12-03 13:35 - 2016-12-03 13:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1f33b77bdb865bb0
2016-12-02 20:13 - 2016-12-02 20:13 - 00000000 ____D C:\Users\Joanne\AppData\Local\Zemana
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna2fdc6ed1fe23680
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4e306507b2235406
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign25b2817565b6a165
2016-12-02 14:55 - 2016-12-02 14:55 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4113661bfbf9ec4
2016-12-02 14:55 - 2016-12-02 14:55 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1da0b20d8b0c50da
2016-12-02 14:54 - 2016-12-02 14:54 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign416e9ee4319f429f
2016-12-02 14:30 - 2016-12-02 14:30 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign86f116bd6107cff4
2016-12-02 12:04 - 2016-12-02 12:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2ace09325c114503
2016-12-02 12:04 - 2016-12-02 12:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign20a9e2558c5efb45
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb1634104eabce732
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign87cdf395b9e99bb2
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5de8bdc3fd576b90
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1ae5dd934df26a18
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigneb6f4281d561f241
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5f38946803be124d
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign076fcfe5d2dca300
2016-12-02 10:43 - 2016-12-03 20:07 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Desktop\Clients
2016-12-02 10:43 - 2016-12-02 10:43 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\9-lab
2016-12-02 10:43 - 2016-12-02 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2016-12-02 10:43 - 2016-12-02 10:43 - 00000000 ____D C:\ProgramData\9-lab
2016-12-02 10:43 - 2016-12-02 10:43 - 00000000 ____D C:\Program Files\9-lab
2016-12-02 10:42 - 2016-12-02 10:43 - 06466144 _____ C:\Users\Ivan Reyes Ortega\Downloads\rmtool-setup-x64.exe
2016-12-02 02:32 - 2016-12-02 02:32 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-12-02 02:32 - 2016-12-02 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-12-01 23:58 - 2016-12-01 23:58 - 00003510 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4217be0e706de9d
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna961d9b996b69b6a
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1fbdbf9ade0c62c0
2016-12-01 11:32 - 2016-12-01 11:32 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign6d5981f57fb8d901
2016-12-01 11:31 - 2016-12-01 11:31 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf98a8353c428fca7
2016-12-01 11:31 - 2016-12-01 11:31 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45d51b50f63c5ee9
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf733f83a8b8abf78
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign829839379033796c
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4eb3dfc44eeaf8bb
2016-12-01 03:57 - 2016-12-01 03:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2b7b54a26e1ef520
2016-12-01 03:04 - 2016-12-01 03:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc248ede3762bf2ad
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc24887e1e604e95c
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign682256ca7e561c64
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4da3bfde17a0b234
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3ab1887b15cdc5ff
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign379df4a28d7b0a04
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9eed872c99fc8b77
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a211b0077920826
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1584d9d439aae027
2016-12-01 00:28 - 2016-12-01 00:28 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9529c9df4bbf6a46
2016-12-01 00:28 - 2016-12-01 00:28 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign78c6c1ed6caffe3e
2016-12-01 00:26 - 2016-12-01 00:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign65bc5baca0181620
2016-12-01 00:24 - 2016-12-01 00:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc7cd6e62e15b1529
2016-12-01 00:24 - 2016-12-01 00:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5da3c183c298ade2
2016-12-01 00:12 - 2016-12-01 00:12 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0c0664295fa8a1e4
2016-12-01 00:09 - 2016-12-01 00:09 - 00001672 _____ C:\Users\Ivan Reyes Ortega\Desktop\aswMBR.txt
2016-12-01 00:09 - 2016-12-01 00:09 - 00000512 _____ C:\Users\Ivan Reyes Ortega\Desktop\MBR.dat
2016-11-30 23:54 - 2016-11-30 23:54 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-30 23:51 - 2016-12-01 00:01 - 05200384 _____ (AVAST Software) C:\Users\Ivan Reyes Ortega\Downloads\aswmbr.exe
2016-11-30 15:09 - 2016-11-30 15:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ivan Reyes Ortega\Downloads\mbar-1.09.3.1001 (1).exe
2016-11-30 13:30 - 2016-11-30 13:30 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign84b5d366502b6cec
2016-11-30 12:35 - 2016-11-30 12:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignbe840b5f627a8589
2016-11-30 12:35 - 2016-11-30 12:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2107f73f8e532d86
2016-11-30 10:37 - 2016-11-30 10:37 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd8e40a378942779a
2016-11-30 10:36 - 2016-11-30 10:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a739be8cf76bf28
2016-11-30 10:36 - 2016-11-30 10:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign14e14c73aa6fb958
2016-11-30 10:29 - 2016-12-02 12:02 - 00000033 _____ C:\Users\Ivan Reyes Ortega\AppData\Roaming\AdobeWLCMCache.dat
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc59d70c7919ffb7d
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9465d48e85c1dbb5
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0d962e5933c6cf32
2016-11-30 10:24 - 2016-11-30 10:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb18e280626faf76f
2016-11-30 10:24 - 2016-11-30 10:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0a5ece4d67ce42fa
2016-11-30 10:23 - 2016-11-30 10:23 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0672381c9e7f3729
2016-11-30 01:57 - 2016-12-02 10:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-30 01:54 - 2016-11-30 01:55 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ivan Reyes Ortega\Downloads\mbar-1.09.3.1001.exe
2016-11-30 00:01 - 2016-11-30 00:01 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd7901b76d0c6ca59
2016-11-30 00:01 - 2016-11-30 00:01 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1079eea9752a8bea
2016-11-30 00:00 - 2016-11-30 00:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigne0fb814359a08ec8
2016-11-29 16:48 - 2016-11-29 16:48 - 00002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk
2016-11-29 16:10 - 2016-11-29 16:10 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1d0cf9aa9f0006bd
2016-11-29 16:10 - 2016-11-29 16:10 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1496dc2f1f5dc247
2016-11-29 16:03 - 2016-11-29 16:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf45da2ae1fcaddc0
2016-11-29 16:03 - 2016-11-29 16:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45400c04d65206d8
2016-11-29 15:51 - 2016-11-29 15:51 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2017.lnk
2016-11-29 15:36 - 2016-12-02 14:52 - 00000000 ___RD C:\Users\Ivan Reyes Ortega\Creative Cloud Files
2016-11-29 15:32 - 2016-11-29 15:32 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-11-29 15:32 - 2016-11-29 15:32 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-11-29 15:24 - 2016-11-29 15:24 - 00801984 _____ (Adobe Systems Incorporated) C:\Users\Ivan Reyes Ortega\Downloads\CreativeCloudSet-Up (1).exe
2016-11-29 15:17 - 2016-11-29 15:17 - 00179632 _____ C:\Users\Ivan Reyes Ortega\Desktop\ZHPDiag.txt
2016-11-29 14:50 - 2016-11-29 14:50 - 02511360 _____ C:\Users\Ivan Reyes Ortega\Downloads\ZHPDiag3.exe
2016-11-29 12:07 - 2016-12-02 16:16 - 00000385 _____ C:\Users\Ivan Reyes Ortega\Desktop\Fotosistema.txt
2016-11-29 11:21 - 2016-11-29 12:07 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Everything
2016-11-29 11:21 - 2016-11-29 11:21 - 00000000 ____D C:\Program Files\Everything
2016-11-29 10:20 - 2016-12-05 11:33 - 02805656 _____ C:\WINDOWS\ZAM.krnl.trace
2016-11-29 10:20 - 2016-12-05 11:32 - 00369764 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-11-29 10:20 - 2016-11-29 10:20 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-11-29 10:20 - 2016-11-29 10:20 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-11-29 10:20 - 2016-11-29 10:20 - 00001228 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-11-29 10:20 - 2016-11-29 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-29 10:20 - 2016-11-29 10:20 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-29 10:19 - 2016-11-29 10:19 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Zemana
2016-11-29 09:41 - 2016-11-29 10:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Desktop\Tripod
2016-11-29 09:13 - 2016-11-29 09:13 - 00087497 _____ C:\Users\Ivan Reyes Ortega\Desktop\Anti-Malware log.txt
2016-11-29 00:02 - 2016-12-02 00:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-28 23:52 - 2016-12-02 00:43 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-28 23:52 - 2016-11-28 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-28 23:52 - 2016-11-28 23:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-28 23:52 - 2016-11-28 23:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-28 23:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-28 23:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-28 13:57 - 2016-11-28 13:57 - 00001752 _____ C:\Users\Ivan Reyes Ortega\Desktop\Adobe Illustrator CS6.lnk
2016-11-28 13:57 - 2016-11-28 13:57 - 00001137 _____ C:\Users\Ivan Reyes Ortega\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2016-11-28 13:55 - 2016-11-28 14:02 - 01065376 _____ (Google Inc.) C:\Users\Ivan Reyes Ortega\Downloads\ChromeSetup.exe
2016-11-28 12:32 - 2016-11-28 12:32 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2016-11-28 12:32 - 2016-11-28 12:32 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-11-28 12:07 - 2016-11-28 12:16 - 00000000 ____D C:\AdwCleaner
2016-11-28 11:30 - 2016-11-28 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-28 11:30 - 2016-11-28 11:30 - 00000000 ____D C:\Program Files\CCleaner
2016-11-28 11:05 - 2016-11-28 11:05 - 00000133 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-11-28 11:04 - 2016-11-28 11:04 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-11-28 10:45 - 2016-12-02 10:44 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Desktop\Defenses
2016-11-28 10:11 - 2016-11-28 10:45 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Geek Uninstaller
2016-11-28 08:55 - 2016-12-05 11:31 - 00000000 ____D C:\FRST
2016-11-28 03:13 - 2016-11-28 03:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-11-28 03:13 - 2016-11-28 03:13 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-11-28 02:38 - 2016-11-28 02:38 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Crashpad
2016-11-28 02:29 - 2016-11-28 02:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-11-28 02:26 - 2016-11-28 12:27 - 00000000 ____D C:\Program Files (x86)\IObit
2016-11-28 02:26 - 2016-11-28 02:26 - 00002345 ___RS C:\Users\Public\Desktop\Ваttle.nеt.lnk
2016-11-28 02:26 - 2016-11-28 02:26 - 00002222 ___RS C:\Users\Ivan Reyes Ortega\Desktop\Nеxon Launcher.lnk
2016-11-28 02:26 - 2016-11-28 02:26 - 00001422 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Chrоmе.lnk
2016-11-28 02:12 - 2016-11-28 02:12 - 00003670 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ivan.reor@gmail.com
2016-11-28 02:04 - 2016-11-28 02:04 - 00000000 ____D C:\ProgramData\ALM
2016-11-28 01:55 - 2016-11-28 02:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2016-11-28 01:09 - 2016-11-28 01:18 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Desktop\MasterCollection_CS6_LS16
2016-11-27 18:23 - 2016-11-27 19:48 - 2365586577 _____ C:\Users\Ivan Reyes Ortega\Documents\MasterCollection_CS6_LS16.7z
2016-11-27 01:05 - 2016-11-27 01:05 - 00801984 _____ (Adobe Systems Incorporated) C:\Users\Ivan Reyes Ortega\Downloads\CreativeCloudSet-Up.exe
2016-11-27 00:48 - 2016-11-27 00:48 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2016-11-26 23:09 - 2016-11-26 23:09 - 00001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-11-26 23:09 - 2016-11-26 23:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-11-26 23:09 - 2016-11-26 23:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-11-26 10:07 - 2016-11-26 10:13 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-11-26 09:43 - 2016-11-28 02:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-11-26 09:43 - 2016-11-28 01:02 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Battle.net
2016-11-26 09:43 - 2016-11-26 09:43 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Blizzard Entertainment
2016-11-26 09:43 - 2016-11-26 09:43 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-11-26 09:41 - 2016-11-28 01:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-26 09:39 - 2016-11-26 09:44 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Battle.net
2016-11-26 09:39 - 2016-11-26 09:39 - 00000000 ____D C:\ProgramData\Battle.net
2016-11-26 09:37 - 2016-11-26 09:39 - 03126768 _____ (Blizzard Entertainment) C:\Users\Ivan Reyes Ortega\Downloads\Battle.net-Setup.exe
2016-11-23 11:55 - 2016-11-23 11:55 - 00062278 _____ C:\Users\Ivan Reyes Ortega\Downloads\Einari's Potraits Mod - FIX FOR 1.1-565-.zip
2016-11-23 11:55 - 2016-11-23 11:55 - 00011180 _____ C:\Users\Ivan Reyes Ortega\Downloads\Maru Hospital-565-.zip
2016-11-21 12:53 - 2016-11-21 12:53 - 00163797 _____ C:\Users\Ivan Reyes Ortega\Downloads\SVPortraits.zip
2016-11-20 01:42 - 2016-11-20 01:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-11-16 03:06 - 2016-11-16 03:06 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Desktop\Skype Screenshots
2016-11-13 15:48 - 2016-11-13 15:48 - 00000000 ____D C:\Users\Joanne\.QtWebEngineProcess
2016-11-13 15:48 - 2016-11-13 15:48 - 00000000 ____D C:\Users\Joanne\.GoPro
2016-11-13 15:46 - 2016-11-13 15:46 - 00000846 _____ C:\Users\Public\Desktop\Quik.lnk
2016-11-13 15:46 - 2016-11-13 15:46 - 00000000 ____D C:\Program Files\GoPro
2016-11-13 15:41 - 2016-11-13 15:45 - 252305280 _____ (GoPro, Inc.) C:\Users\Joanne\Downloads\Quik-WinInstaller-2.0.1.4320.exe
2016-11-11 15:49 - 2016-11-11 15:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Downloads\Introductory Circuit Analysis (11th Edition) by Robert L. Boylestad
2016-11-11 15:47 - 2016-11-11 15:47 - 25064085 _____ C:\Users\Ivan Reyes Ortega\Downloads\Introductory Circuit Analysis (11th Edition) by Robert L. Boylestad.zip
2016-11-08 17:16 - 2016-11-02 08:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-08 17:16 - 2016-11-02 07:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-08 17:16 - 2016-11-02 07:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-08 17:16 - 2016-11-02 07:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-08 17:16 - 2016-11-02 07:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-08 17:16 - 2016-11-02 07:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-08 17:16 - 2016-11-02 07:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-08 17:16 - 2016-11-02 07:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-08 17:16 - 2016-11-02 07:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-08 17:16 - 2016-11-02 07:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-08 17:16 - 2016-11-02 07:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-08 17:16 - 2016-11-02 07:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-08 17:16 - 2016-11-02 07:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-08 17:16 - 2016-11-02 06:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-08 17:16 - 2016-11-02 06:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-08 17:16 - 2016-11-02 06:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-08 17:16 - 2016-11-02 06:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-08 17:16 - 2016-11-02 06:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-08 17:16 - 2016-11-02 06:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-08 17:16 - 2016-11-02 06:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-08 17:16 - 2016-11-02 06:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-08 17:16 - 2016-11-02 06:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-08 17:16 - 2016-11-02 06:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-08 17:16 - 2016-11-02 06:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-08 17:16 - 2016-11-02 06:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-08 17:16 - 2016-11-02 06:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-08 17:16 - 2016-11-02 06:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-08 17:16 - 2016-11-02 06:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-08 17:16 - 2016-11-02 06:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-08 17:16 - 2016-11-02 06:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-08 17:16 - 2016-11-02 06:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-08 17:16 - 2016-11-02 06:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-08 17:16 - 2016-11-02 06:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-08 17:16 - 2016-11-02 06:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-08 17:16 - 2016-11-02 06:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-08 17:16 - 2016-11-02 06:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-08 17:16 - 2016-11-02 06:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-08 17:16 - 2016-11-02 06:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-08 17:16 - 2016-11-02 04:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-08 17:15 - 2016-11-02 08:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-08 17:15 - 2016-11-02 07:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-08 17:15 - 2016-11-02 07:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-08 17:15 - 2016-11-02 07:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-08 17:15 - 2016-11-02 07:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-08 17:15 - 2016-11-02 07:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-08 17:15 - 2016-11-02 07:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-08 17:15 - 2016-11-02 07:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-08 17:15 - 2016-11-02 07:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-08 17:15 - 2016-11-02 07:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-08 17:15 - 2016-11-02 07:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-08 17:15 - 2016-11-02 07:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-08 17:15 - 2016-11-02 07:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-08 17:15 - 2016-11-02 07:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-08 17:15 - 2016-11-02 07:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-08 17:15 - 2016-11-02 07:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-08 17:15 - 2016-11-02 06:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-08 17:15 - 2016-11-02 06:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-08 17:15 - 2016-11-02 06:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-08 17:15 - 2016-11-02 06:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-08 17:15 - 2016-11-02 06:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-08 17:15 - 2016-11-02 06:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-08 17:15 - 2016-11-02 06:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-08 17:15 - 2016-11-02 06:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-08 17:15 - 2016-11-02 06:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-08 17:15 - 2016-11-02 06:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-08 17:15 - 2016-11-02 06:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-08 17:15 - 2016-11-02 06:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-08 17:15 - 2016-11-02 06:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-08 17:15 - 2016-11-02 06:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-08 17:15 - 2016-11-02 06:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-08 17:15 - 2016-11-02 06:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-08 17:15 - 2016-11-02 06:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-08 17:15 - 2016-11-02 06:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-08 17:15 - 2016-11-02 06:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-08 17:15 - 2016-11-02 06:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-08 17:15 - 2016-11-02 06:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-08 17:15 - 2016-11-02 06:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-08 17:15 - 2016-11-02 06:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-08 17:15 - 2016-11-02 06:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-08 17:15 - 2016-11-02 06:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-08 17:15 - 2016-11-02 06:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-08 17:15 - 2016-11-02 06:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-08 17:15 - 2016-11-02 06:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-08 17:15 - 2016-11-02 06:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-08 17:15 - 2016-11-02 06:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-08 17:15 - 2016-11-02 06:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-08 17:15 - 2016-11-02 06:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-08 17:15 - 2016-11-02 06:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-08 17:15 - 2016-11-02 06:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-08 17:15 - 2016-11-02 06:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-08 17:15 - 2016-11-02 06:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-08 17:15 - 2016-11-02 06:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-08 17:15 - 2016-11-02 06:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-08 17:15 - 2016-11-02 06:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-08 17:15 - 2016-11-02 06:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-08 17:15 - 2016-11-02 06:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-08 17:15 - 2016-11-02 06:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-08 17:15 - 2016-11-02 06:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-08 17:15 - 2016-11-02 06:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-08 17:15 - 2016-11-02 06:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-08 17:15 - 2016-11-02 06:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-08 17:15 - 2016-11-02 06:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-08 17:15 - 2016-11-02 06:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-08 17:15 - 2016-11-02 06:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-08 17:15 - 2016-11-02 06:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-08 17:15 - 2016-11-02 06:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-08 17:15 - 2016-11-02 06:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-08 17:15 - 2016-11-02 06:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-08 17:15 - 2016-11-02 06:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-08 17:15 - 2016-11-02 06:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-08 17:15 - 2016-11-02 06:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-08 17:15 - 2016-11-02 06:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-08 17:15 - 2016-11-02 06:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-08 17:15 - 2016-11-02 06:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-08 17:15 - 2016-11-02 06:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-08 17:15 - 2016-11-02 06:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-08 17:15 - 2016-11-02 06:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-08 17:14 - 2016-11-02 07:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-08 17:14 - 2016-11-02 07:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-08 17:14 - 2016-11-02 07:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-08 17:14 - 2016-11-02 07:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-08 17:14 - 2016-11-02 07:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-08 17:14 - 2016-11-02 07:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-08 17:14 - 2016-11-02 07:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-08 17:14 - 2016-11-02 07:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-08 17:14 - 2016-11-02 07:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-08 17:14 - 2016-11-02 07:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-08 17:14 - 2016-11-02 07:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-08 17:14 - 2016-11-02 07:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-08 17:14 - 2016-11-02 07:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-08 17:14 - 2016-11-02 07:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-08 17:14 - 2016-11-02 07:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-08 17:14 - 2016-11-02 07:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-08 17:14 - 2016-11-02 07:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-08 17:14 - 2016-11-02 07:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-08 17:14 - 2016-11-02 07:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-08 17:14 - 2016-11-02 07:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-08 17:14 - 2016-11-02 07:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-08 17:14 - 2016-11-02 06:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-08 17:14 - 2016-11-02 06:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-08 17:14 - 2016-11-02 06:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-08 17:14 - 2016-11-02 06:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-08 17:14 - 2016-11-02 06:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-08 17:14 - 2016-11-02 06:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-08 17:14 - 2016-11-02 06:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-08 17:14 - 2016-11-02 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-08 17:14 - 2016-11-02 06:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-08 17:14 - 2016-11-02 06:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-08 17:14 - 2016-11-02 06:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-08 17:14 - 2016-11-02 06:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-08 17:14 - 2016-11-02 06:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-08 17:14 - 2016-11-02 06:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-08 17:14 - 2016-11-02 06:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-08 17:14 - 2016-11-02 06:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-08 17:14 - 2016-11-02 06:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-08 17:14 - 2016-11-02 06:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-08 17:14 - 2016-11-02 06:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-08 17:14 - 2016-11-02 06:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-08 17:14 - 2016-11-02 06:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-08 17:14 - 2016-11-02 06:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-08 17:14 - 2016-11-02 06:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 17:14 - 2016-11-02 06:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-08 17:14 - 2016-11-02 06:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-08 17:14 - 2016-11-02 06:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-08 17:14 - 2016-11-02 06:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-08 17:14 - 2016-11-02 06:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-08 17:14 - 2016-11-02 06:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-08 17:14 - 2016-11-02 06:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-08 17:14 - 2016-11-02 06:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-08 17:14 - 2016-11-02 06:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-08 17:14 - 2016-11-02 06:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-08 17:14 - 2016-11-02 06:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-08 17:14 - 2016-11-02 06:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-08 17:14 - 2016-11-02 06:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-08 17:14 - 2016-11-02 06:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-08 17:14 - 2016-11-02 06:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-08 17:14 - 2016-11-02 06:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-08 17:14 - 2016-11-02 06:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-08 17:14 - 2016-11-02 06:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-08 17:14 - 2016-11-02 06:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-08 17:14 - 2016-11-02 06:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-08 17:14 - 2016-11-02 06:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-08 17:14 - 2016-11-02 06:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-08 17:14 - 2016-11-02 06:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-08 17:14 - 2016-11-02 06:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-08 17:14 - 2016-11-02 06:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-08 17:14 - 2016-11-02 06:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-08 17:14 - 2016-11-02 06:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-08 17:14 - 2016-11-02 06:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-08 17:14 - 2016-11-02 06:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-08 17:14 - 2016-11-02 06:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-08 17:14 - 2016-11-02 06:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-08 17:14 - 2016-11-02 06:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-08 17:14 - 2016-11-02 06:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-08 17:14 - 2016-11-02 06:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-08 17:14 - 2016-11-02 06:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-08 17:14 - 2016-11-02 06:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-08 17:14 - 2016-11-02 06:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-08 17:14 - 2016-11-02 06:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-08 17:14 - 2016-11-02 06:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-08 17:14 - 2016-11-02 06:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-08 17:14 - 2016-11-02 06:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-08 17:14 - 2016-11-02 06:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-08 17:14 - 2016-11-02 06:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-08 17:14 - 2016-11-02 06:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-08 17:14 - 2016-11-02 06:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-08 17:14 - 2016-11-02 06:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-08 17:14 - 2016-11-02 06:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-08 17:14 - 2016-11-02 06:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-08 17:14 - 2016-11-02 06:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-08 17:14 - 2016-11-02 06:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-08 17:14 - 2016-11-02 06:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-08 17:14 - 2016-11-02 06:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-08 17:14 - 2016-11-02 06:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-08 17:14 - 2016-11-02 06:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-08 17:14 - 2016-11-02 06:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-08 17:14 - 2016-11-02 06:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-08 17:14 - 2016-11-02 06:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-08 17:14 - 2016-11-02 05:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-08 17:14 - 2016-11-02 05:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-08 17:14 - 2016-08-02 00:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-05 16:02 - 2016-11-05 16:29 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\discord
2016-11-05 16:02 - 2016-11-05 16:02 - 00002341 _____ C:\Users\Ivan Reyes Ortega\Desktop\Discord.lnk
2016-11-05 16:02 - 2016-11-05 16:02 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-11-05 16:01 - 2016-11-05 16:02 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\SquirrelTemp
2016-11-05 16:01 - 2016-11-05 16:02 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Discord
2016-11-05 15:58 - 2016-11-05 16:01 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Ivan Reyes Ortega\Downloads\DiscordSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-05 10:38 - 2016-10-01 04:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-05 10:00 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-12-05 10:00 - 2013-04-23 14:11 - 00000000 ____D C:\Program Files (x86)\FreeRide Games.$quar
2016-12-05 02:19 - 2016-10-06 22:21 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-05 02:00 - 2016-07-04 10:13 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Adobe
2016-12-04 21:26 - 2013-12-26 00:24 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-04 19:47 - 2015-08-20 18:18 - 01604362 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-04 19:42 - 2014-11-12 12:45 - 00000000 __SHD C:\Users\Ivan Reyes Ortega\IntelGraphicsProfiles
2016-12-04 19:40 - 2016-10-01 05:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-04 11:36 - 2016-10-01 04:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega
2016-12-04 01:48 - 2016-07-16 02:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-12-04 00:07 - 2014-11-13 14:28 - 00000000 __SHD C:\Users\Joanne\IntelGraphicsProfiles
2016-12-03 09:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-02 19:40 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-02 14:52 - 2015-12-04 22:16 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-02 08:21 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-02 02:32 - 2015-10-21 13:53 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-12-02 02:32 - 2015-01-07 22:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-30 23:54 - 2013-04-23 13:29 - 00299317 ____N C:\WINDOWS\Minidump\113016-28796-01.dmp
2016-11-30 12:56 - 2016-10-01 04:24 - 00000000 ____D C:\Users\Joanne
2016-11-30 10:37 - 2016-07-04 10:13 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Adobe
2016-11-30 10:36 - 2016-10-25 17:06 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-11-30 01:19 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-11-29 16:48 - 2016-10-22 14:13 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-11-29 16:40 - 2014-01-06 15:17 - 00000000 ____D C:\Program Files\Adobe
2016-11-29 15:36 - 2016-07-04 10:13 - 00000000 ____D C:\ProgramData\Adobe
2016-11-29 15:30 - 2014-02-19 19:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-29 14:51 - 2014-01-06 15:56 - 00000195 _____ C:\Users\Ivan
2016-11-29 14:47 - 2016-10-22 15:45 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Documents\Adobe CC 2015 Universal Patcher 1.5
2016-11-29 09:16 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SchCache
2016-11-29 00:44 - 2014-01-07 16:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Nitro PDF
2016-11-28 15:00 - 2015-08-23 20:37 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Spotify
2016-11-28 15:00 - 2015-08-23 20:31 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify
2016-11-28 11:05 - 2015-08-29 03:37 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-28 11:01 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-11-28 10:53 - 2014-01-20 21:14 - 00000000 ____D C:\Program Files (x86)\Hp
2016-11-28 10:39 - 2013-04-23 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-11-28 10:39 - 2013-04-23 13:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-28 10:39 - 2013-04-23 13:46 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-11-28 10:34 - 2016-10-01 04:16 - 05045416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-28 10:32 - 2014-02-14 00:39 - 00000000 ____D C:\ProgramData\HP
2016-11-28 10:31 - 2014-02-14 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-11-28 10:24 - 2016-10-01 04:40 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-11-28 10:24 - 2016-10-01 04:40 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-11-28 03:14 - 2014-06-30 18:07 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\LogMeIn Hamachi
2016-11-28 02:38 - 2015-08-12 22:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\NexonLauncher
2016-11-27 01:14 - 2016-01-29 14:37 - 00000000 ___RD C:\Users\Ivan Reyes Ortega\ivan.reor@gmail.com Creative Cloud Files
2016-11-24 02:06 - 2014-07-24 16:47 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\Skype
2016-11-24 00:59 - 2014-07-24 16:47 - 00000000 ____D C:\ProgramData\Skype
2016-11-24 00:58 - 2016-01-05 15:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-23 14:23 - 2013-12-09 10:37 - 00000000 ____D C:\Users\Joanne\AppData\Local\Packages
2016-11-22 11:19 - 2013-12-25 13:13 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Packages
2016-11-20 01:42 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-19 11:36 - 2016-03-24 17:41 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Roaming\StardewValley
2016-11-13 17:03 - 2013-12-23 15:10 - 00000000 ____D C:\Users\Joanne\AppData\Roaming\Nitro PDF
2016-11-13 15:53 - 2015-01-07 22:28 - 00000000 ____D C:\Users\Joanne\AppData\Local\GoPro
2016-11-13 15:50 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-13 15:47 - 2016-10-18 20:10 - 00000000 ____D C:\Program Files (x86)\GoPro
2016-11-13 15:47 - 2016-01-24 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2016-11-13 15:46 - 2013-04-23 14:06 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2016-11-13 15:46 - 2013-04-23 14:06 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2016-11-13 15:46 - 2013-04-23 14:06 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2016-11-13 15:46 - 2013-04-23 14:06 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2016-11-13 07:35 - 2013-12-22 21:20 - 00000000 ____D C:\Users\Joanne\AppData\Local\Google
2016-11-13 00:21 - 2013-12-09 10:37 - 00000000 ____D C:\Users\Joanne\AppData\Roaming\Adobe
2016-11-13 00:19 - 2013-04-23 16:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-11 15:50 - 2015-01-24 13:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\Documents\Books
2016-11-11 14:25 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 01:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 23:44 - 2013-12-21 17:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 23:38 - 2013-12-21 17:04 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-08 10:19 - 2016-10-01 05:08 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2016-11-30 10:29 - 2016-12-02 12:02 - 0000033 _____ () C:\Users\Ivan Reyes Ortega\AppData\Roaming\AdobeWLCMCache.dat
2016-11-28 11:04 - 2016-11-28 11:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-28 11:05 - 2016-11-28 11:05 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-02 12:15

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2016
Ran by Ivan Reyes Ortega (05-12-2016 11:34:30)
Running from C:\Users\Ivan Reyes Ortega\Desktop\Defenses\FRST
Windows 10 Home Version 1607 (X64) (2016-10-01 09:16:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2198469641-46685643-2895634536-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2198469641-46685643-2895634536-503 - Limited - Disabled)
Guest (S-1-5-21-2198469641-46685643-2895634536-501 - Limited - Disabled) => C:\Users\Guest
Ivan Reyes Ortega (S-1-5-21-2198469641-46685643-2895634536-1004 - Administrator - Enabled) => C:\Users\Ivan Reyes Ortega
Joanne (S-1-5-21-2198469641-46685643-2895634536-1002 - Administrator - Enabled) => C:\Users\Joanne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1500 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
1500_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1500Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version: - )
A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.5187 - DsNET Corp)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.15 - Autodesk)
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.41.6024 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Broforce (HKLM-x32\...\Steam App 274190) (Version: - Free Lives)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dragon Assistant Application en-US version 1.5.0 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.0 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.4 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.1 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.1 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.0 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.0 - Nuance Communications, Inc.)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo)
Easy Photo Scan (HKLM-x32\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
Elevated Installer (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.00 - SEIKO EPSON Corp.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.002 - Ezvid, inc.)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Find the Differences (HKLM-x32\...\InstallShield_{65F9B587-24A7-466A-999A-9C5F9D452400}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Find the Differences (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
GamePortal (HKLM-x32\...\{530A0CD0-4158-45BE-AD45-8DC7019C597F}) (Version: 5.00.012.0605 - Lenovo)
Garmin Express (HKLM-x32\...\{00bf033c-5ade-400f-a174-be74932eebc6}) (Version: 4.5.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
GoPro Studio (x32 Version: 5.10.4320 - GoPro, Inc.) Hidden
Grow Home (HKLM-x32\...\Steam App 323320) (Version: - Reflections, a Ubisoft Studio)
Guacamelee! Gold Edition (HKLM\...\Steam App 214770) (Version: - DrinkBox Studios)
HP DeskJet 1110 series Basic Device Software (HKLM\...\{87DEBE9C-FD90-4E36-8AD8-608F871B9BD9}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1900 - Broadcom Corporation)
Lenovo BrgVolOSD (HKLM-x32\...\{B0CAB976-C41D-4800-A7BA-CBD4BF4EA920}) (Version: 1.1.05 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4409.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4409.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
Lenovo Silver Silk Wireless Keyboard (HKLM-x32\...\InstallShield_{B88AD4F5-58A6-425D-9282-92228FEB7067}) (Version: 1.03 - Lenovo)
Lenovo Silver Silk Wireless Keyboard (x32 Version: 1.03 - Lenovo) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LenovoUtility version 1.0 (HKLM-x32\...\{4F949BD9-1E99-40C7-9102-C67E2D384995}_is1) (Version: 1.0 - Lenovo)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manual Perfection V19_V39 versión 1.0 (HKLM-x32\...\UsersGuideManual Perfection V19_V39_is1) (Version: 1.0 - )
MapleStory (HKLM-x32\...\MapleStory) (Version: - )
Mark of the Ninja (HKLM\...\Steam App 214560) (Version: - Klei Entertainment)
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
MATLAB R2015a (HKLM\...\Matlab R2015a) (Version: 8.5 - MathWorks)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.3.0 - Nexon)
Nikon File Uploader 2 (HKLM-x32\...\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.00.0001 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Quik (HKLM-x32\...\{0d91b40f-e179-491c-a726-cd71dc297e8a}) (Version: 2.0.0.4320 - GoPro, Inc.)
Quik (Version: 0.1.4320 - GoPro, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Relic Hunters Zero (HKLM-x32\...\Steam App 382490) (Version: - Rogue Snail)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Snowflake Suite (HKLM-x32\...\{E03B9D73-3806-4466-97B1-75C4486F65DF}) (Version: 1.0 - Natural User Interface Technologies AB)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB)
StageLight version 1.0.0.3497 (HKLM\...\StageLight) (Version: version 1.0.0.3497 - Open Labs, LLC.)
Starbound (HKLM\...\Steam App 211820) (Version: - )
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
System Requirements Lab Detection (HKLM-x32\...\{06A5D553-A6B5-481C-958E-53C79C1AC3CB}) (Version: 6.1.6.0 - Husdawg, LLC)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Video Viewer (HKLM-x32\...\Video Viewer) (Version: 0.1.9.9 - AVTECH Corporation, Inc.)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.0.1 - Nikon)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.25 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-BCB9FC4F747E}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A5EB38C-CF67-4132-9854-60015B62260D} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Ivan Reyes Ortega\AppData\Roaming\Adobe\Manager.exe
Task: {2112063D-C2C4-4ED2-8D91-EA33E01EA3AC} - \{8DD3EE36-D507-432E-A9B1-FA7778A3BE83} -> No File <==== ATTENTION
Task: {319B2FFE-9D83-4724-AEEA-BE39FAF40990} - System32\Tasks\Lenovo\Lenovo-31951 => C:\ProgramData\Lenovo-31951.vbs
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3C84829D-6B42-418D-A771-458A407DE3B3} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {5063F521-19C3-4E5A-81CB-5C8F68385746} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {65F1D94F-1B83-49CD-A06C-67FBB06EDB1C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {718CA63A-5FCD-4CED-947B-D96C8A446393} - System32\Tasks\Lenovo\Lenovo-31886 => C:\ProgramData\Lenovo-31886.vbs
Task: {8FA5B345-C64D-46AF-A01C-712450EF5DF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {94F39B2E-640A-4BC1-8B69-188EE055C68A} - \{7C134AF1-A52C-45FB-A769-590205637799} -> No File <==== ATTENTION
Task: {96BB6801-483A-46F9-B8E5-4BE2680F272B} - \{DB50062B-1108-4516-B07E-CB933EB55684} -> No File <==== ATTENTION
Task: {B306BF30-CC03-476B-8B69-6B5F0A7DC52B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-11-29] ()
Task: {D6C1286E-91A8-4393-AD41-582D3C15E675} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {DFB4AF5D-A014-4D89-8F4D-3FBAA5976A0D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {E50365B6-808E-46BC-9625-F32BD3C44B89} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F6FD2841-898E-44AE-981A-D8E14760DC8B} - System32\Tasks\EPSON Perfection V19 Update => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {F8532917-B977-40D5-B99C-A712A571A196} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ivan.reor@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON Perfection V19 Update.job => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe7/EXE_S:EPSON Perfection V19,ES010C.DAT /F:Update www\JoanneĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job => C:\Program Files\MATLAB\MATLAB Production Server\R2015a\bin\win64\MATLABStartupAccelerator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ivan Reyes Ortega\Desktop\Nеxon Launcher.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Intеrnet Exрlorеr Вrowsеr.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Gоogle Сhrоmе.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Chrоmе.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Ваttle.nеt.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat (No File) <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-01 08:08 - 2016-10-01 08:08 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-29 11:21 - 2014-08-05 21:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2016-10-01 08:08 - 2016-10-01 08:08 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-10-02 13:50 - 2016-10-02 13:51 - 01864384 _____ () C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-10-01 08:08 - 2016-10-01 08:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 17:15 - 2016-11-02 06:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-11 23:48 - 2016-10-11 23:48 - 00866224 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2016-11-17 10:15 - 2016-11-17 10:19 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 10:15 - 2016-11-17 10:19 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-10-11 23:48 - 2016-10-11 23:48 - 00037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2016-11-08 17:14 - 2016-11-02 06:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 17:14 - 2016-11-02 06:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 17:15 - 2016-11-02 06:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 17:15 - 2016-11-02 06:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 17:15 - 2016-11-02 06:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 17:15 - 2016-11-02 06:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-05-05 23:31 - 2014-12-04 22:27 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-05-05 23:31 - 2014-12-04 22:27 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2013-04-23 14:15 - 2013-02-22 18:05 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2013-04-23 14:15 - 2013-02-22 18:04 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2016-11-29 13:41 - 2016-11-29 13:41 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2016-10-02 13:50 - 2016-10-02 13:50 - 01383616 _____ () C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-10-02 13:53 - 2016-10-02 13:53 - 00118976 _____ () C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-08-01 16:39 - 2016-03-09 02:28 - 03306496 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-03-12 13:55 - 2012-03-12 13:55 - 00008192 _____ () C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\CD_DLL.dll
2011-11-03 14:48 - 2011-11-03 14:48 - 00056320 _____ () C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skfunc.dll
2009-12-04 19:59 - 2009-12-04 19:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 20:04 - 2009-12-04 20:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2016-10-25 10:51 - 2016-10-25 10:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 10:49 - 2016-10-25 10:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2013-04-23 13:47 - 2012-07-26 22:12 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-10-19 23:31 - 2016-09-07 23:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-21 16:03 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-10-19 23:31 - 2016-10-12 21:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-21 16:03 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-21 16:03 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-21 16:03 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-21 16:03 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-21 16:03 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-21 16:03 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-21 16:03 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2013-12-26 01:02 - 2016-10-12 21:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 15:30 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-13 23:01 - 2016-08-04 16:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2015-04-21 16:03 - 2015-09-24 19:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-12-21 02:04 - 2013-12-21 02:04 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Software\Classes\.scr: AutoCADScriptFile =>

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan Reyes Ortega\Desktop\bxifRla.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "GoPro Importer.lnk"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\StartupApproved\Run: => "Autodesk Sync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{35EB6970-F44A-4BA5-854A-5D1F0BC262F4}C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe] => C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4D64E4B3-39A9-4A78-9299-6A2837D9FEA6}C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe] => C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CD34829A-724D-4DEE-9DD7-48CB328573EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{AEE409BB-BE72-46ED-AB25-46A4DE1363FE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7285CD80-EF16-48A6-8F6C-9E0050FC57C0}] => C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe
FirewallRules: [{165B5F0A-2DDA-4FAC-B848-4558F4DA785B}] => C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{C7E8E5CE-6AE5-40DD-9A4D-5F934516DAB1}C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe] => C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A6508F02-FA4D-4D74-B1A0-9D8CB6EF1857}C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe] => C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6AC1F417-D148-4924-B07F-4D4177BD93D5}] => C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe
FirewallRules: [{188B15F5-DFB0-48DE-9421-FE0EC34BE8F9}] => C:\users\ivan reyes ortega\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4E01245D-5F71-458E-B928-BB3DE24A7742}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F6E94F35-1A07-419D-8FC8-909847F656BE}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C1CE3B11-0E35-46DA-A474-39C49B7836D9}] => C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{9411089F-4F9A-4D35-B89C-674F9D55B264}] => C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{8634A362-654A-4DB3-B16E-DA6826F54A8C}] => C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{7E58C9AE-C565-4A13-B0DA-27E40937D881}] => C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{58A0A716-737C-4D7E-8D6C-61353098FC80}] => C:\Program Files (x86)\Steam\SteamApps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{50EA0755-F971-44B9-924E-5F403F1BB859}] => C:\Program Files (x86)\Steam\SteamApps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{F9D49A88-4A33-43D4-A7DC-F3824D9550E5}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [UDP Query User{E3A1ADCF-0F98-4656-B447-5D0AD2821F6C}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [{27FFEAC5-035D-4F63-A492-8F8505AA4C43}] => C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [{9EB0F39D-B507-4FE0-804E-5DB0249D6B8F}] => C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe

==================== Restore Points =========================

03-12-2016 09:44:06 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2016 11:15:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 6c4

Start Time: 01d24f09e3a9a4c5

Termination Time: 15

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 9cd5cd6d-bafd-11e6-bf4e-e006e6c0e8d9

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (12/05/2016 11:11:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3190

Start Time: 01d24f09c8a7cddb

Termination Time: 64

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 213a5eff-bafd-11e6-bf4e-e006e6c0e8d9

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (12/05/2016 11:10:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e78

Start Time: 01d24f09b1e0eda2

Termination Time: 40

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 063de644-bafd-11e6-bf4e-e006e6c0e8d9

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (12/04/2016 08:21:00 PM) (Source: MsiInstaller) (EventID: 1024) (User: HOMEPC)
Description: Product: Adobe Reader XI (11.0.18) - Update 'Adobe Reader XI (11.0.18)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/04/2016 08:20:59 PM) (Source: MsiInstaller) (EventID: 11706) (User: HOMEPC)
Description: Product: Adobe Reader XI (11.0.18) -- Error 1706.No valid source could be found for product Adobe Reader XI (11.0.18). The Windows Installer cannot continue.

Error: (12/04/2016 08:09:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOMEPC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2016 08:09:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOMEPC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2016 08:08:49 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

Error: (12/04/2016 08:08:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOMEPC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2016 08:08:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOMEPC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (12/04/2016 07:51:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (12/04/2016 07:49:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (12/04/2016 07:49:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Software Protection service hung on starting.

Error: (12/04/2016 07:46:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (12/04/2016 07:44:40 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (12/04/2016 07:44:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/04/2016 07:43:44 PM) (Source: DCOM) (EventID: 10010) (User: HOMEPC)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (12/04/2016 07:42:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/04/2016 07:42:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (12/04/2016 07:41:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
Date: 2016-12-02 02:17:22.126
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-02 02:17:22.123
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-02 02:17:22.116
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-02 02:17:19.393
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-02 02:17:19.347
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-29 14:48:15.393
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-29 14:48:15.391
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-29 10:18:07.666
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-29 10:18:07.665
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-29 10:18:07.337
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3130M CPU @ 2.60GHz
Percentage of memory in use: 63%
Total physical RAM: 6029.13 MB
Available physical RAM: 2226.98 MB
Total Virtual: 6989.13 MB
Available Virtual: 2358.91 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:375.74 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1B3DE834)

Partition: GPT.

==================== End of Addition.txt ============================

Malnutrition · Dec 5, 2016

Iaro96 said:
9000+ files! Are all of these really viruses?

Likely not, some are malware some are just Potentially unwanted programs, or PUPs. Looking over the scan log some things are already in quarantine, but the items appear to be useless, and your machine will run better for not having them installed.

Step 1: HijackThis.

1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

Step 2: Autoruns Log.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

Step 3: Poweliks Cleaner.

Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.
2. Read the terms of the End-user license agreement and click Agree.
3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

687474703a2f2f6936382e70686f746f6275636b65742e636f6d2f616c62756d732f6933352f6361726e33732f6e6577746f6f6c315f7a707361316361613036652e706e67

4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

687474703a2f2f6936382e70686f746f6275636b65742e636f6d2f616c62756d732f6933352f6361726e33732f6e6577746f6f6c325f7a707330653664333962312e706e67

The tool will produce a log in the same directory the tool was run from.
Please copy and paste the log in your next reply.

Step 4: Inquiry

Please tell me how your machine is running.

Malnutrition · Dec 5, 2016

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Iaro96 · Dec 6, 2016

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:33:06 AM, on 12/6/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Bluestacks\HD-Agent.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe
C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\Users\Ivan Reyes Ortega\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OSD Utility] C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe
O4 - HKLM\..\Run: [Lenovo Silver Silk Wireless Keyboard] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ivan Reyes Ortega\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
O4 - HKCU\..\Run: [Discord] C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\app-0.0.296\Discord.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Startup: Monitor Ink Alerts - HP DeskJet 1110 series.lnk = ?
O4 - Global Startup: GoPro Importer.lnk = C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: @oem30.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Plus Android Service (BstHdPlusAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dragon Assistant Core (DACoreService) - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing)
O23 - Service: Everything - Unknown owner - C:\Program Files\Everything\Everything.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: GoPro Device Detection Service (GoProDeviceDetectionService) - Unknown owner - C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
--
End of file - 18069 bytes

Iaro96 · Dec 6, 2016

I will go on with your instructions. Btw do I press fix on the HijackThis Menu after the scan? And what did you find in the FRST? Sorry if I'm being pushy, I'm just a but curious about my situation.

Iaro96 · Dec 6, 2016

Here is the Autoruns

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "11/29/2016 10:20 AM" ""
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" "6/29/2016 3:29 AM" ""
+ "GoPro Tray App" "GoProDesktopSystemTray" "" "c:\program files\gopro\gopro desktop app\goprodesktopsystemtray.exe" "10/11/2016 7:35 PM" ""
+ "IAStorIcon" "Delayed launcher" "Intel Corporation" "c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe" "1/31/2013 7:23 PM" ""
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe" "7/26/2016 3:26 PM" ""
+ "RtHDVBg_Dolby" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe" "7/10/2012 4:57 AM" ""
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe" "7/26/2012 11:03 PM" ""
+ "WindowsDefender" "Windows Defender notification icon" "Microsoft Corporation" "c:\program files\windows defender\msascuil.exe" "9/7/2016 12:50 AM" ""
+ "ZAM" "ZAM" "Zemana Ltd." "c:\program files (x86)\zemana antimalware\zam.exe" "11/22/2016 8:24 AM" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "11/29/2016 3:35 PM" ""
+ "Adobe Creative Cloud" "Adobe Creative Cloud" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\adobe creative cloud\acc\creative cloud.exe" "10/25/2016 1:24 PM" ""
+ "AdobeCS6ServiceManager" "Adobe CS6 Service Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\cs6servicemanager\cs6servicemanager.exe" "3/9/2012 11:25 AM" ""
+ "ADSKAppManager" "Autodesk Application Manager" "Autodesk Inc." "c:\program files (x86)\common files\autodesk shared\appmanager\r1\adappmgr.exe" "12/4/2014 10:11 PM" ""
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" "7/5/2016 4:24 PM" ""
+ "CLMLServer" "CyberLink MediaLibray Service" "CyberLink" "c:\program files (x86)\lenovo\power2go\clmlsvc.exe" "6/3/2009 8:46 AM" ""
+ "EEventManager" "EEventManager Application" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson software\event manager\eeventmanager.exe" "2/12/2015 12:13 AM" ""
+ "Intel AppUp(SM) center" "Intel Services Manager" "Intel Corporation" "c:\program files (x86)\intel\intelappstore\bin\ismagent.exe" "5/24/2012 8:46 AM" ""
+ "Lenovo Silver Silk Wireless Keyboard" "Lenovo Silver Silk Keyboard Software" "Lenovo" "c:\program files (x86)\lenovo\lenovo silver silk wireless keyboard\skd8861.exe" "2/17/2012 2:42 AM" ""
+ "LogMeIn Hamachi Ui" "Hamachi Client Application" "LogMeIn Inc." "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" "11/11/2016 8:45 AM" ""
+ "LVT" "Lenovo" "Lenovo" "c:\program files\lenovo\lvt\ljyz.exe" "11/23/2011 10:44 PM" ""
+ "Nikon Message Center 2" "Nikon Message Center 2" "Nikon Corporation" "c:\program files (x86)\nikon\nikon message center 2\nkmc2.exe" "5/25/2010 6:16 AM" ""
+ "OSD Utility" "Lenovo Brightness & Volume OSD Service" "Quanta Computer Inc." "c:\program files (x86)\lenovo\lenovo brgvolosd\brgvolosd.exe" "5/21/2012 3:55 PM" ""
+ "RemoteControl10" "PowerDVD RC Service" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\pdvd10serv.exe" "3/28/2012 6:22 AM" ""
+ "SunJavaUpdateSched" "Java Update Scheduler" "Oracle Corporation" "c:\program files (x86)\common files\java\java update\jusched.exe" "6/8/2015 10:08 PM" ""
+ "SwitchBoard" "SwitchBoard Server (32 bit)" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe" "2/19/2010 4:50 PM" ""
+ "UpdateP2GoShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\muitransfer\muistartmenu.exe" "12/6/2011 5:40 AM" ""
+ "YouCam Mirage" "YouCam Mirage" "CyberLink" "c:\program files (x86)\lenovo\youcam\ycmmirage.exe" "6/29/2010 12:05 AM" ""
+ "YouCam Tray" "CyberLink YouCam Tray" "CyberLink Corp." "c:\program files (x86)\lenovo\youcam\youcamtray.exe" "5/16/2012 2:21 AM" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "12/5/2016 2:56 PM" ""
+ "Akamai NetSession Interface" "" "" "c:\users\ivan" "11/29/2016 2:51 PM" ""
+ "AppleIEDAV" "Apple IE DAV" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\appleiedav.exe" "8/4/2014 10:19 PM" ""
+ "ApplePhotoStreams" "iCloud Photos" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\applephotostreams.exe" "7/30/2014 6:24 PM" ""
+ "Autodesk Sync" "A360" "Autodesk, Inc." "c:\program files\autodesk\autodesk sync\adsync.exe" "1/28/2015 2:00 AM" ""
+ "BlueStacks Agent" "BlueStacks Agent" "BlueStack Systems, Inc." "c:\program files (x86)\bluestacks\hd-agent.exe" "7/21/2016 4:30 PM" ""
+ "CCleaner Monitoring" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner64.exe" "11/15/2016 3:38 PM" ""
+ "Discord" "" "" "c:\users\ivan" "11/29/2016 2:51 PM" ""
+ "iCloudDrive" "iCloud Drive" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\iclouddrive.exe" "7/30/2014 6:24 PM" ""
+ "iCloudServices" "iCloud" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\icloudservices.exe" "7/30/2014 6:24 PM" ""
+ "OneDrive" "Microsoft OneDrive" "Microsoft Corporation" "c:\users\ivan reyes ortega\appdata\local\microsoft\onedrive\onedrive.exe" "8/9/2016 2:30 PM" ""
+ "Spotify Web Helper" "SpotifyWebHelper" "Spotify Ltd" "c:\users\ivan reyes ortega\appdata\roaming\spotify\spotifywebhelper.exe" "7/31/2015 6:01 AM" ""
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "10/1/2016 4:44 AM" ""
+ "GoPro Importer.lnk" "" "" "File not found: File" "" ""
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe" "4/29/2011 10:05 PM" ""
"C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "11/10/2016 10:51 AM" ""
+ "Monitor Ink Alerts - HP DeskJet 1110 series.lnk" "" "" "File not found: File" "" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "11/22/2016 1:47 PM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/15/2016 10:25 PM" ""
+ "Microsoft Windows Media Player" "" "" "File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "11/28/2016 1:54 PM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/15/2016 10:25 PM" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "12/2/2016 10:43 AM" ""
+ "2.0 Zemana AntiMalware" "Zemana AntiMalware" "Zemana Ltd." "c:\program files (x86)\zemana antimalware\zamshellext64.dll" "9/29/2016 7:41 AM" ""
+ "9-lab Removal Tool" "9-lab Malware Removal Tool" "9-lab LLC" "c:\program files\9-lab\removal tool\shellext.dll" "2/10/2016 6:51 AM" ""
+ "AccExt" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "10/25/2016 12:35 PM" ""
+ "AcShellExtension.AcContextMenuHandler" "AutoCAD Dwg common shell extension handler" "Autodesk" "c:\program files\common files\autodesk shared\acshellex\acshellextension.dll" "2/5/2015 10:29 PM" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "9/7/2016 12:50 AM" ""
+ "NP8ShellExtension" "Nitro Pro ShellExtension" "Nitro PDF" "c:\program files\common files\nitro\pro\8.0\npshellextension64.dll" "12/12/2012 6:09 AM" ""
+ "PhotoStreamsExt" "Apple Photostreams UI Shell Extension" "Apple Inc." "c:\program files\common files\apple\internet services\shellstreams64.dll" "11/21/2014 5:07 PM" ""
+ "SugarSync" "SugarSync Explorer Shell Extensions" "SugarSync, Inc." "c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll" "5/14/2012 1:39 PM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext64.dll" "2/15/2015 4:00 AM" ""
+ "WorkFolders" "" "" "c:\windows\syswow64\workfoldersshell.dll" "" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "12/2/2016 10:43 AM" ""
+ "9-lab Removal Tool" "9-lab Malware Removal Tool" "9-lab LLC" "c:\program files\9-lab\removal tool\shellext.dll" "2/10/2016 6:51 AM" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "9/7/2016 12:50 AM" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "11/28/2016 11:52 PM" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes" "c:\program files (x86)\malwarebytes anti-malware\mbamext.dll" "2/24/2016 1:14 PM" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "12/2/2016 10:43 AM" ""
+ "9-lab Removal Tool" "9-lab Malware Removal Tool" "9-lab LLC" "c:\program files\9-lab\removal tool\shellext.dll" "2/10/2016 6:51 AM" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "9/7/2016 12:50 AM" ""
+ "WorkFolders" "" "" "c:\windows\syswow64\workfoldersshell.dll" "" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "10/1/2016 4:19 AM" ""
+ "igfxDTCM" "igfxDTCM Module" "Intel Corporation" "c:\windows\system32\igfxdtcm.dll" "12/21/2015 3:45 PM" ""
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "10/1/2016 4:32 AM" ""
+ "AcColumnHandler" "AutoCAD Dwg common shell extension handler" "Autodesk" "c:\program files\common files\autodesk shared\acshellex\acshellextension.dll" "2/5/2015 10:29 PM" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "12/2/2016 10:43 AM" ""
+ "2.0 Zemana AntiMalware" "Zemana AntiMalware" "Zemana Ltd." "c:\program files (x86)\zemana antimalware\zamshellext64.dll" "9/29/2016 7:41 AM" ""
+ "9-lab Removal Tool" "9-lab Malware Removal Tool" "9-lab LLC" "c:\program files\9-lab\removal tool\shellext.dll" "2/10/2016 6:51 AM" ""
+ "AccExt" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "10/25/2016 12:35 PM" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes" "c:\program files (x86)\malwarebytes anti-malware\mbamext.dll" "2/24/2016 1:14 PM" ""
+ "SugarSync" "SugarSync Explorer Shell Extensions" "SugarSync, Inc." "c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll" "5/14/2012 1:39 PM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext64.dll" "2/15/2015 4:00 AM" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "10/1/2016 4:32 AM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext64.dll" "2/15/2015 4:00 AM" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "11/29/2016 3:32 PM" ""
+ " AccExtIco1" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "10/25/2016 12:35 PM" ""
+ " AccExtIco2" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "10/25/2016 12:35 PM" ""
+ " AccExtIco3" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "10/25/2016 12:35 PM" ""
+ "AutoCAD Digital Signatures Icon Overlay Handler" "AutoCAD component" "Autodesk, Inc." "c:\windows\system32\acsignicon.dll" "2/5/2015 11:45 PM" ""
+ "SugarSyncBackedUp" "SugarSync Explorer Shell Extensions" "SugarSync, Inc." "c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll" "5/14/2012 1:39 PM" ""
+ "SugarSyncPending" "SugarSync Explorer Shell Extensions" "SugarSync, Inc." "c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll" "5/14/2012 1:39 PM" ""
+ "SugarSyncRoot" "SugarSync Explorer Shell Extensions" "SugarSync, Inc." "c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll" "5/14/2012 1:39 PM" ""
+ "SugarSyncShared" "SugarSync Explorer Shell Extensions" "SugarSync, Inc." "c:\program files (x86)\sugarsync\sugarsyncshellext_x64.dll" "5/14/2012 1:39 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "11/28/2016 11:01 AM" ""
+ "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" "Java(TM) Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_51\bin\ssv.dll" "6/8/2015 9:34 PM" ""
+ "{DBC80044-A445-435b-BC74-9C25C1C588A9}" "Java(TM) Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_51\bin\jp2ssv.dll" "6/8/2015 9:34 PM" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "10/1/2016 4:33 AM" ""
+ "HP Smart Print" "SmartPrintSetup" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\smart print\smartprintsetup.exe" "5/21/2014 5:24 AM" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "10/1/2016 4:39 AM" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll" "4/1/2014 12:28 AM" ""
+ "HP Smart Print" "SmartPrintSetup" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\smart print\smartprintsetup.exe" "5/21/2014 5:24 AM" ""
"Task Scheduler" "" "" "" "" ""
+ "\Adobe Acrobat Update Task" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "10/21/2016 9:56 PM" ""
+ "\Adobe Uninstaller" "Adobe Creative Cloud" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\adobe creative cloud\acc\creative cloud.exe" "10/25/2016 1:24 PM" ""
+ "\AdobeAAMUpdater-1.0-MicrosoftAccount-ivan.reor@gmail.com" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" "6/29/2016 3:29 AM" ""
+ "\Apple Diagnostics" "YSLoaderW.exe" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\ereporter.exe" "7/30/2014 6:24 PM" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe" "2/23/2016 7:31 PM" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "11/15/2016 3:34 PM" ""
+ "\Microsoft\Windows\ApplicationData\appuriverifierdaily" "" "" "c:\windows\syswow64\apphostregistrationverifier.exe" "" ""
+ "\Microsoft\Windows\CloudExperienceHost\CreateObjectTask" "" "" "c:\windows\syswow64\cloudexperiencehostbroker.exe" "" ""
+ "\Microsoft\Windows\Defrag\ScheduledDefrag" "" "" "c:\windows\syswow64\defrag.exe" "" ""
X "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" "" "" "c:\windows\syswow64\dfdts.dll" "" ""
+ "\Microsoft\Windows\DiskFootprint\Diagnostics" "" "" "c:\windows\syswow64\disksnapshot.exe" "" ""
+ "\Microsoft\Windows\DUSM\dusmtask" "" "" "c:\windows\syswow64\dusmtask.exe" "" ""
+ "\Microsoft\Windows\Feedback\Siuf\DmClient" "" "" "c:\windows\syswow64\dmclient.exe" "" ""
+ "\Microsoft\Windows\Multimedia\Manager" "" "" "c:\users\ivan" "11/29/2016 2:51 PM" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "7/16/2016 7:42 AM" ""
+ "\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers" "" "" "c:\windows\syswow64\drvinst.exe" "" ""
X "\Microsoft\Windows\SharedPC\Account Cleanup" "" "" "c:\windows\syswow64\windows.sharedpc.accountmanager.dll" "" ""
+ "\Microsoft\Windows\Time Zone\SynchronizeTimeZone" "" "" "c:\windows\syswow64\tzsync.exe" "" ""
+ "\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" "" "" "c:\windows\syswow64\musnotification.exe" "" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/15/2016 10:23 PM" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/15/2016 10:23 PM" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/15/2016 10:23 PM" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Verification" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/15/2016 10:23 PM" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/15/2016 10:25 PM" ""
+ "\Microsoft\Windows\WindowsUpdate\sih" "" "" "c:\windows\syswow64\sihclient.exe" "" ""
X "\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" "" "" "File not found: C:\WINDOWS\System32\AutoWorkplace.exe" "" ""
+ "\MirageAgent" "YouCam Mirage" "CyberLink" "c:\program files (x86)\lenovo\youcam\ycmmirage.exe" "6/29/2010 12:05 AM" ""
+ "\OneDrive Standalone Update Task" "Standalone Updater" "Microsoft Corporation" "c:\users\ivan reyes ortega\appdata\local\microsoft\onedrive\17.3.6517.0809\onedrivestandaloneupdater.exe" "8/9/2016 2:20 PM" ""
+ "\{7C134AF1-A52C-45FB-A769-590205637799}" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "7/15/2016 10:17 PM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "12/6/2016 7:34 AM" ""
+ "AdAppMgrSvc" "Autodesk Application Manager Service" "Autodesk Inc." "c:\program files (x86)\common files\autodesk shared\appmanager\r1\adappmgrsvc.exe " "12/4/2014 10:06 PM" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe" "10/21/2016 9:55 PM" ""
+ "AdobeUpdateService" "Adobe Update Service" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe desktop common\elevationmanager\adobeupdateservice.exe" "10/25/2016 1:23 PM" ""
+ "AGSService" "Adobe Genuine Software Integrity Service" "Adobe Systems, Incorporated" "c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe" "9/26/2016 8:45 AM" ""
+ "Apple Mobile Device Service" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe" "2/12/2015 11:18 PM" ""
+ "Autodesk Content Service" "Autodesk Content Service" "Autodesk, Inc." "c:\program files\autodesk\content service\connect.service.contentservice.exe" "2/6/2015 12:00 AM" ""
+ "BcmBtRSupport" "Manages BTW drivers." "Broadcom Corporation." "c:\windows\system32\btwrsupportservice.exe" "10/21/2013 3:41 PM" ""
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe" "8/12/2015 6:47 PM" ""
+ "BstHdAndroidSvc" "BlueStacks Service" "BlueStack Systems, Inc." "c:\program files (x86)\bluestacks\hd-service.exe" "7/21/2016 4:28 PM" ""
+ "BstHdLogRotatorSvc" "BlueStacks Log Rotator Service" "BlueStack Systems, Inc." "c:\program files (x86)\bluestacks\hd-logrotatorservice.exe" "7/21/2016 4:29 PM" ""
+ "BstHdPlusAndroidSvc" "BlueStacks Service" "BlueStack Systems, Inc." "c:\program files (x86)\bluestacks\hd-plus-service.exe" "7/21/2016 4:26 PM" ""
+ "cphs" "Intel(R) Content Protection HECI Service - enables communication with the Content Protection FW" "Intel Corporation" "c:\windows\syswow64\intelcphecisvc.exe" "6/13/2013 7:35 PM" ""
+ "CryptSvc" "Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." "" "c:\windows\syswow64\cryptsvc.dll" "" ""
+ "DACoreService" "Dragon Assistant Core Recognition Service" "Nuance Communications, Inc." "c:\program files (x86)\nuance\dragon assistant\core\dacore.exe" "2/22/2013 4:04 PM" ""
+ "Dashboard Service" "Lenovo Dashboard Service" "Microsoft" "c:\program files (x86)\lenovo\lenovo dashboard\ddmgr.exe" "7/4/2012 4:44 AM" ""
+ "DsmSvc" "Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly." "" "c:\windows\syswow64\devicesetupmanager.dll" "" ""
+ "EpsonScanSvc" "Epson Scanner Service (64bit)" "Seiko Epson Corporation" "c:\windows\system32\escsvc64.exe" "5/17/2012 7:12 AM" ""
+ "Everything" "Everything" "" "c:\program files\everything\everything.exe" "8/5/2014 9:04 PM" ""
+ "FlexNet Licensing Service 64" "This service performs licensing functions on behalf of FlexNet enabled products." "Flexera Software LLC" "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe" "9/2/2014 7:05 AM" ""
+ "Garmin Device Interaction Service" "Keeps the software and content on your Garmin devices and the Garmin software on your PC up to date." "Garmin Ltd. or its subsidiaries" "c:\program files (x86)\garmin\device interaction service\garminservice.exe" "11/29/2016 3:43 PM" ""
+ "GoProDeviceDetectionService" "Monitors GoPro devices." "" "c:\program files\gopro\gopro desktop app\goprodevicedetection.exe" "10/11/2016 7:35 PM" ""
+ "Hamachi2Svc" "Hamachi Client Tunneling Engine" "LogMeIn Inc." "c:\program files (x86)\logmein hamachi\x64\hamachi-2.exe" "11/11/2016 8:46 AM" ""
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll" "9/1/2011 2:24 PM" ""
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll" "4/29/2011 5:22 PM" ""
+ "HPSLPSVC" "Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll" "8/18/2011 4:29 AM" ""
+ "HPSupportSolutionsFrameworkService" "This service allows for the detection of HP products and enables identification of support solutions for detected products." "Hewlett-Packard Company" "c:\program files (x86)\hp\common\hpsupportsolutionsframeworkservice.exe" "12/17/2013 12:42 PM" ""
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe" "1/16/2013 12:41 PM" ""
+ "IdeaTouch.LocalDataServer.Education" "IdeaTouchDataServer.EducationPortal" "Microsoft" "c:\program files (x86)\lenovo\educationportal\services\ideatouch.localdataserver.education.exe" "5/16/2012 11:30 PM" ""
+ "IdeaTouch.LocalDataServer.Game" "IdeaTouchDataServer.GamePortal" "Microsoft" "c:\program files (x86)\lenovo\gameportal\services\ideatouch.localdataserver.game.exe" "5/17/2012 2:18 AM" ""
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe" "4/4/2005 1:41 AM" ""
+ "igfxCUIService1.0.0.0" "Service for Intel(R) HD Graphics Control Panel" "Intel Corporation" "c:\windows\system32\igfxcuiservice.exe" "12/21/2015 3:43 PM" ""
+ "Intel(R) Capability Licensing Service Interface" "Version: 1.24.388.1" "Intel(R) Corporation" "c:\program files\intel\icls client\heciserver.exe" "4/20/2012 8:16 AM" ""
+ "Intel(R) ME Service" "Intel® Manageability Engine Service (Intel® ME Service)" "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe" "6/27/2012 3:39 PM" ""
+ "iphlpsvc" "Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer." "" "c:\windows\syswow64\iphlpsvc.dll" "" ""
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe" "7/26/2016 3:26 PM" ""
+ "iumsvc" "Intel(R) Update Manager helps you keep your system up-to-date." "Intel Corporation" "c:\program files (x86)\intel\intel(r) update manager\bin\iumsvc.exe" "7/1/2015 7:03 PM" ""
+ "jhi_service" "Intel(R) Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel (R) DAL" "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe" "6/25/2012 1:43 PM" ""
+ "LMIGuardianSvc" "Support LogMeIn processes with quality assurance feedback" "LogMeIn, Inc." "c:\program files (x86)\logmein hamachi\x64\lmiguardiansvc.exe" "5/27/2016 9:03 AM" ""
+ "LMS" "Allows applications to access the local Intel(R) Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe" "6/25/2012 1:36 PM" ""
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll" "8/6/2010 1:45 AM" ""
+ "NitroDriverReadSpool8" "Nitro PDF Driver Read Spool 8" "Nitro PDF Software" "c:\program files\common files\nitro\pro\8.0\nitropdfdriverservice8x64.exe" "12/12/2012 6:16 AM" ""
+ "nlsX86cc" "Nalpeiron Licensing Service" "Nalpeiron Ltd." "c:\windows\syswow64\nlssrv32.exe" "11/8/2012 9:20 PM" ""
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll" "8/6/2010 1:45 AM" ""
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "9/20/2016 8:51 AM" ""
+ "ss_conn_service" "MSS CS Connectivity Service" "DEVGURU Co., LTD." "c:\program files (x86)\samsung\usb drivers\25_escape\conn\ss_conn_service.exe" "10/1/2014 2:23 AM" ""
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe" "10/12/2016 8:47 PM" ""
+ "SwitchBoard" "Adobe SwitchBoard" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe" "2/19/2010 4:50 PM" ""
+ "UNS" "Intel(R) Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel(R) Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe" "6/25/2012 1:38 PM" ""
+ "vmictimesync" "Synchronizes the system time of this virtual machine with the system time of the physical computer." "" "c:\windows\syswow64\icsvc.dll" "" ""
+ "WdNisSvc" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\windows defender\nissrv.exe" "7/15/2016 10:24 PM" ""
+ "WinDefend" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\msmpeng.exe" "7/15/2016 10:27 PM" ""
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "9/7/2016 12:41 AM" ""
+ "wuauserv" "Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API." "" "c:\windows\syswow64\wuaueng.dll" "" ""
+ "ZAMSvc" "ZAM" "Zemana Ltd." "c:\program files (x86)\zemana antimalware\zam.exe" "11/22/2016 8:24 AM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "12/6/2016 7:34 AM" ""
+ "3ware" "LSI 3ware SCSI Storport Driver" "LSI" "c:\windows\system32\drivers\3ware.sys" "5/18/2015 6:28 PM" ""
+ "ADP80XX" "PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller" "PMC-Sierra" "c:\windows\system32\drivers\adp80xx.sys" "4/9/2015 4:49 PM" ""
+ "amdsata" "AHCI 1.3 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "5/14/2015 8:14 AM" ""
+ "amdsbs" "" "" "c:\windows\syswow64\drivers\amdsbs.sys" "" ""
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "4/30/2015 8:55 PM" ""
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "PMC-Sierra, Inc." "c:\windows\system32\drivers\arcsas.sys" "4/9/2015 3:12 PM" ""
+ "atapi" "" "" "c:\windows\syswow64\drivers\atapi.sys" "" ""
+ "b06bdrv" "QLogic Gigabit Ethernet VBD" "QLogic Corporation" "c:\windows\system32\drivers\bxvbda.sys" "5/25/2016 3:03 AM" ""
+ "bcbtums" "Broadcom Bluetooth Firmware Download Filter" "Broadcom Corporation." "c:\windows\system32\drivers\bcbtums.sys" "3/23/2015 5:31 PM" ""
+ "bcmfn" "BCM Function 2 Device Driver" "Windows (R) Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn.sys" "6/8/2015 4:32 AM" ""
+ "bcmfn2" "BCM Function 2 Device Driver" "Windows (R) Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn2.sys" "3/16/2014 6:07 AM" ""
+ "BstHdDrv" "BlueStacks Hypervisor for amd64" "BlueStack Systems" "c:\program files (x86)\bluestacks\hd-hypervisor-amd64.sys" "7/21/2016 4:28 PM" ""
+ "BstkDrv" "Bluestacks Support Driver" "Bluestack System Inc. " "c:\program files (x86)\bluestacks\bstkdrv.sys" "5/9/2016 6:25 AM" ""
+ "BTHMODEM" "" "" "c:\windows\syswow64\drivers\bthmodem.sys" "" ""
+ "btwampfl" "@oem30.inf,%btwampfl.ServiceDescription%;btwampfl Bluetooth filter driver" "Broadcom Corporation." "c:\windows\system32\drivers\btwampfl.sys" "3/23/2015 5:30 PM" ""
+ "cht4iscsi" "Chelsio iSCSI VMiniport Driver" "Chelsio Communications" "c:\windows\system32\drivers\cht4sx64.sys" "4/20/2016 5:54 AM" ""
+ "cht4vbd" "Virtual Bus Driver for Chelsio ® T4 Chipset" "Chelsio Communications" "c:\windows\system32\drivers\cht4vx64.sys" "4/15/2016 3:32 AM" ""
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver" "Samsung Electronics Co., Ltd." "c:\windows\system32\drivers\ssudbus.sys" "8/24/2016 4:00 AM" ""
+ "DrvAgent64" "DriverAgent Direct I/O for 64-bit Windows" "Phoenix Technologies" "c:\windows\syswow64\drivers\drvagent64.sys" "12/14/2009 6:23 AM" ""
+ "ebdrv" "" "" "c:\windows\syswow64\drivers\evbda.sys" "" ""
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys" "5/3/2012 3:56 PM" ""
+ "Hamachi" "LogMeIn Hamachi Virtual Miniport Driver" "LogMeIn Inc." "c:\windows\system32\drivers\hamdrv.sys" "3/30/2015 9:28 AM" ""
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "3/26/2013 5:36 PM" ""
+ "iagpio" "Intel(R) Serial IO GPIO Controller Driver" "Intel(R) Corporation" "c:\windows\system32\drivers\iagpio.sys" "2/18/2016 3:35 AM" ""
+ "iai2c" "Intel(R) Serial IO I2C Driver" "Intel(R) Corporation" "c:\windows\system32\drivers\iai2c.sys" "9/22/2015 2:53 AM" ""
+ "iaLPSS2i_GPIO2" "Intel(R) Serial IO GPIO Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_gpio2.sys" "3/2/2016 10:06 PM" ""
+ "iaLPSS2i_I2C" "Intel(R) Serial IO I2C Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_i2c.sys" "3/2/2016 10:06 PM" ""
+ "iaLPSSi_GPIO" "Intel(R) Serial IO GPIO Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_gpio.sys" "2/2/2015 5:00 AM" ""
+ "iaLPSSi_I2C" "Intel(R) Serial IO I2C Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_i2c.sys" "2/24/2015 11:52 AM" ""
+ "iaStorA" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastora.sys" "1/14/2013 2:00 PM" ""
+ "iaStorAV" "Intel(R) Rapid Storage Technology driver (inbox) - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorav.sys" "2/19/2015 8:08 AM" ""
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "4/11/2011 2:48 PM" ""
+ "ibbus" "InfiniBand Fabric Bus Driver" "Mellanox" "c:\windows\system32\drivers\ibbus.sys" "4/10/2016 9:46 AM" ""
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys" "12/21/2015 3:46 PM" ""
+ "intaud_WaveExtensible" "Intel® WiDi Solution" "Intel Corporation" "c:\windows\system32\drivers\intelaud.sys" "7/8/2015 6:17 PM" ""
+ "IntcAzAudAddService" "Realtek(r) High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "7/31/2012 5:46 AM" ""
+ "IntcDAud" "Intel(R) Display Audio Driver" "Intel(R) Corporation" "c:\windows\system32\drivers\intcdaud.sys" "9/9/2014 8:13 AM" ""
+ "iwdbus" "Intel® WiDi Solution" "Intel Corporation" "c:\windows\system32\drivers\iwdbus.sys" "11/19/2015 7:37 PM" ""
+ "libusb0" "LibUSB-Win32 - Kernel Driver" "http://libusb-win32.sourceforge.net" "c:\windows\system32\drivers\libusb0.sys" "4/8/2011 6:29 PM" ""
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "3/25/2015 3:36 PM" ""
+ "LSI_SAS2i" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2i.sys" "3/28/2016 2:49 PM" ""
+ "LSI_SAS3i" "Avago SAS Gen3 Driver (StorPort)" "Avago Technologies" "c:\windows\system32\drivers\lsi_sas3i.sys" "3/28/2016 2:49 PM" ""
+ "LSI_SSS" "LSI SSS PCIe/Flash Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sss.sys" "3/15/2013 7:39 PM" ""
+ "megasas" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas.sys" "3/4/2015 10:36 PM" ""
+ "megasas2i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas2i.sys" "7/22/2016 5:36 PM" ""
+ "megasr" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "6/3/2013 6:02 PM" ""
+ "MEIx64" "Intel(R) Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys" "7/2/2012 6:14 PM" ""
+ "mlx4_bus" "MLX4 Bus Driver" "Mellanox" "c:\windows\system32\drivers\mlx4_bus.sys" "4/10/2016 9:49 AM" ""
+ "mouclass" "" "" "c:\windows\syswow64\drivers\mouclass.sys" "" ""
+ "mrxsmb10" "Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers" "" "c:\windows\syswow64\drivers\mrxsmb10.sys" "" ""
+ "mrxsmb20" "Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers" "" "c:\windows\syswow64\drivers\mrxsmb20.sys" "" ""
+ "mvumis" "Marvell Flash Controller Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mvumis.sys" "5/23/2014 4:39 PM" ""
+ "NativeWifiP" "" "" "c:\windows\syswow64\drivers\nwifi.sys" "" ""
+ "ndfltr" "NetworkDirect Support Filter Driver" "Mellanox" "c:\windows\system32\drivers\ndfltr.sys" "4/10/2016 9:46 AM" ""
+ "Ndisuio" "" "" "c:\windows\syswow64\drivers\ndisuio.sys" "" ""
+ "NetAdapterCx" "" "" "c:\windows\syswow64\drivers\netadaptercx.sys" "" ""
+ "nvraid" "NVIDIA® nForce(TM) RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "4/21/2014 2:28 PM" ""
+ "nvstor" "NVIDIA® nForce(TM) Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "4/21/2014 2:34 PM" ""
+ "percsas2i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas2i.sys" "3/14/2016 8:50 PM" ""
+ "percsas3i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas3i.sys" "3/4/2016 5:22 PM" ""
+ "RasPppoe" "Remote Access PPPOE Driver" "" "c:\windows\syswow64\drivers\raspppoe.sys" "" ""
+ "RSP2STOR" "Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsp2stor.sys" "5/15/2015 3:44 AM" ""
+ "rt640x64" "Realtek 8136/8168/8169 NDIS 6.40 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt640x64.sys" "1/21/2016 4:17 AM" ""
+ "RtlWlanu_OldIC" "Realtek WLAN USB NDIS Driver 28199" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtwlanu_oldic.sys" "4/20/2016 9:43 PM" ""
+ "scmbus" "" "" "c:\windows\syswow64\drivers\scmbus.sys" "" ""
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/24/2008 2:28 PM" ""
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/1/2008 5:56 PM" ""
+ "ssudmdm" "@oem24.inf,%ssud.Service.Desc%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)" "Samsung Electronics Co., Ltd." "c:\windows\system32\drivers\ssudmdm.sys" "8/24/2016 4:00 AM" ""
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows x64" "Promise Technology, Inc." "c:\windows\system32\drivers\stexstor.sys" "11/26/2012 8:02 PM" ""
+ "Tcpip" "TCP/IP Protocol Driver" "" "c:\windows\syswow64\drivers\tcpip.sys" "" ""
+ "UrsChipidea" "" "" "c:\windows\syswow64\drivers\urschipidea.sys" "" ""
+ "usbcir" "" "" "c:\windows\syswow64\drivers\usbcir.sys" "" ""
+ "usbser" "" "" "c:\windows\syswow64\drivers\usbser.sys" "" ""
+ "vdrvroot" "" "" "c:\windows\syswow64\drivers\vdrvroot.sys" "" ""
+ "VMC412" "" "" "c:\windows\syswow64\drivers\vmc412.sys" "" ""
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "4/22/2014 3:21 PM" ""
+ "VSTXRAID" "VIA StorX RAID Controller Driver" "VIA Corporation" "c:\windows\system32\drivers\vstxraid.sys" "1/21/2013 3:00 PM" ""
+ "WinMad" "Kernel WinMad" "Mellanox" "c:\windows\system32\drivers\winmad.sys" "4/10/2016 9:46 AM" ""
+ "WinVerbs" "Kernel WinVerbs" "Mellanox" "c:\windows\system32\drivers\winverbs.sys" "4/10/2016 9:46 AM" ""
+ "Wof" "" "" "c:\windows\syswow64\drivers\wof.sys" "" ""
+ "wsvd" "CyberLink Virtual Disk Driver" ""CyberLink" "c:\windows\system32\drivers\wsvd.sys" "6/13/2012 5:10 AM" ""
+ "ZAM" "ZAM" "Zemana Ltd." "c:\windows\system32\drivers\zam64.sys" "8/17/2016 1:06 PM" ""
+ "ZAM_Guard" "ZAM" "Zemana Ltd." "c:\windows\system32\drivers\zamguard64.sys" "8/17/2016 1:06 PM" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "10/1/2016 4:17 AM" ""
+ "Adobe Type Manager" "Windows NT OpenType/Type 1 Font Driver" "Adobe Systems Incorporated" "c:\windows\system32\atmfd.dll" "11/2/2016 6:31 AM" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "11/13/2016 3:48 PM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/15/2016 10:26 PM" ""
+ "VIDC.CFHD" "CineForm VFW CODEC" "CineForm Inc." "c:\windows\system32\cfhd.dll" "9/15/2016 3:48 PM" ""
+ "VIDC.LAGS" "Lagarith" " " "c:\windows\system32\lagarith.dll" "12/7/2011 8:37 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "11/13/2016 3:48 PM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "7/15/2016 9:41 PM" ""
+ "VIDC.CFHD" "CineForm VFW CODEC" "CineForm Inc." "c:\windows\syswow64\cfhd.dll" "9/15/2016 3:46 PM" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "7/15/2016 9:42 PM" ""
+ "VIDC.FMVC" "FM Screen Capture Codec (VFW)" "Fox Magic Software" "c:\windows\syswow64\fmcodec.dll" "6/12/2005 10:29 AM" ""
+ "VIDC.LAGS" "Lagarith" " " "c:\windows\syswow64\lagarith.dll" "12/7/2011 8:32 PM" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "11/13/2016 3:47 PM" ""
+ "{080D0809-7456-4FBC-8493-0D2BF99EA48C}" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "4/1/2014 12:27 AM" ""
+ "{080D11FB-A303-4514-88FE-7DDA4DFE9E4B}" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "4/1/2014 12:27 AM" ""
+ "{080D1473-5FEA-4029-875C-53EE96549ACC}" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "4/1/2014 12:27 AM" ""
+ "{080D588E-9756-455B-BBDA-E8BCF9EC7769}" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "4/1/2014 12:27 AM" ""
+ "{080D5974-4B61-458B-921B-17628E423713}" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "4/1/2014 12:27 AM" ""
+ "{080DEAB4-60D9-4792-98A5-60A0F6A9ACF7}" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "4/1/2014 12:27 AM" ""
+ "{080DFEE8-4097-4BAB-B7A7-1B11F4958213}" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "4/1/2014 12:27 AM" ""
+ "{09C8D515-5C6A-434D-AD92-FEF7EB153310}" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\lenovo\power2go\p2gvidenc.ax" "10/26/2005 7:41 AM" ""
+ "{09FA6191-EB28-4368-9701-A264F9487BDB}" "" "" "c:\program files (x86)\gopro\tools\cfvideochange.ax" "9/15/2016 4:02 PM" ""
+ "{0BD8F1CE-5F36-4A2B-B8E6-B3466F8EF8C2}" "" "" "c:\program files (x86)\gopro\tools\cftempochange.ax" "9/15/2016 3:52 PM" ""
+ "{0F5D4CE4-2166-4FF7-9AA1-91330D35978A}" "Bytescout Virtual Camera Filter acts like a video capture source." "Bytescout" "c:\windows\syswow64\bytescoutscreencapturingfilter.dll" "3/10/2015 1:25 PM" ""
+ "{11A947C3-BABC-466E-A678-1FFEC95EB2F8}" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gmp3wrap.ax" "1/13/2008 10:30 PM" ""
+ "{15C2BA5D-111A-4139-82A4-21A36546C8B4}" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaudiocd.ax" "1/21/2008 6:35 AM" ""
+ "{1986FDCF-F657-4866-A83C-998B943A6321}" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\audiofilter\claudwizard.ax" "8/14/2009 9:26 AM" ""
+ "{1B5715C6-3EBD-47BF-830A-4C91A6B5E0EE}" "" "" "c:\program files (x86)\gopro\tools\wafian.qtmux.dll" "9/15/2016 3:28 PM" ""
+ "{1C4F9736-ED6B-4303-8014-FCBEBFF0A0AA}" "" "" "c:\program files (x86)\gopro\tools\cfencoder2.ax" "9/15/2016 3:39 PM" ""
+ "{1D5BE324-AC17-482F-9070-234EB529AE12}" "Audio Data" "Viscom Software" "c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomaudiodata.dll" "12/2/2006 9:55 AM" ""
+ "{1EF9EBC1-1CF9-4D4F-A4D2-93FC9AA5E0C7}" "" "" "c:\program files (x86)\gopro\tools\cfencoderraw.ax" "7/2/2015 7:13 PM" ""
+ "{1FFBD0F1-80CD-4452-8AC4-8FBEED892AFD}" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gedtkrn.dll" "5/3/2007 2:18 AM" ""
+ "{24C79DBF-961B-4DF9-8440-3BEE8C76F1E1}" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\videofilter\clline21.ax" "7/23/2009 10:21 PM" ""
+ "{2AF76B80-2BDA-4731-932D-3FCFA9276B11}" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\navfilter\clnavx.ax" "2/2/2012 8:46 AM" ""
+ "{2D6F8EBB-80A6-4CF1-8C86-F2A8932DED3F}" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\audiofilter\claudiocd.ax" "6/23/2009 10:00 AM" ""
+ "{2E9126B1-53F9-4312-B21D-035455BFC80F}" "" "" "c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomspeaker.dll" "6/20/2012 7:12 AM" ""
+ "{3484F78F-F8CE-4CF3-914F-10F1A76BF0D5}" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gvsd.ax" "11/16/2011 4:43 AM" ""
+ "{35F0AE98-673B-465F-A4D6-9F18A01F2454}" "CyberLink Matroska Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\navfilter\clmkvsplter.ax" "7/2/2010 5:20 AM" ""
+ "{36F74DF0-12FF-4881-8A55-E7CE4D12688E}" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\audiofilter\clauts.ax" "10/3/2010 11:39 PM" ""
+ "{38A6AC0C-4B7C-4922-8ADC-D22C55B86666}" "CyberLink RealMedia Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\navfilter\clrmsplitter.ax" "5/6/2010 5:42 AM" ""
+ "{3A555849-2398-4D61-9B88-CA43CC659585}" "" "" "c:\program files (x86)\gopro\tools\jpegs2stream.dll" "9/15/2016 3:51 PM" ""
+ "{3C78B8E2-6C4D-11D1-ADE2-0000F8754B99}" "" "Viscom Software" "c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomwave.dll" "8/18/2003 1:31 AM" ""
+ "{4407F28D-97C2-41C5-A23F-2FAE465CE7BB}" "Bytescout Video Mixer Filter mixes two video streams into one." "Bytescout" "c:\windows\syswow64\bytescoutvideomixerfilter.dll" "3/10/2015 1:26 PM" ""
+ "{473FA820-DC78-4E38-9F13-7AAB9B26092F}" "Wave Form" "Viscom Software www.viscomsoft.com" "c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomwaveform.dll" "12/7/2008 12:19 PM" ""
+ "{4814F96F-AA42-495B-B6CD-04502698DEED}" "CLRGL" "Cyberlink" "c:\program files (x86)\lenovo\power2go\p2grgl.ax" "9/28/2005 6:42 AM" ""
+ "{49C53741-6362-47C9-90BE-CCB767141222}" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaud.ax" "12/1/2006 1:59 AM" ""
+ "{4A55271F-A2C7-4EE5-BDCE-154FEB954E1C}" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\navfilter\clsplter.ax" "10/8/2010 4:23 AM" ""
+ "{4FCE4216-5C59-453B-894D-3E7569C6062F}" "Audio Encoder" "Viscom Software" "c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomaudioencoder.dll" "11/11/2006 9:38 AM" ""
+ "{501099E1-5C05-4ED3-B0CB-371F97F5412C}" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\audiofilter\claud.ax" "5/22/2012 4:03 AM" ""
+ "{516F1EFA-42F4-436E-801C-B752EB9343EB}" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\videofilter\clvsd.ax" "1/5/2011 7:11 AM" ""
+ "{5193BE4B-0FAF-4E3E-A7F8-5CB7140D7B7E}" "CLHBMixer" " " "c:\program files (x86)\lenovo\powerdvd10\audiofilter\clhbmixer.ax" "4/11/2012 6:03 AM" ""
+ "{53CAF9E4-0048-4CF5-A624-C11083C641C6}" "CLVidFx" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gvidfx.ax" "8/30/2005 12:01 AM" ""
+ "{55CB3F70-42A2-4B2D-BA9C-040059B124B2}" "" "" "c:\program files (x86)\gopro\tools\h264lpcmmovmux.dll" "9/15/2016 3:52 PM" ""
+ "{572E539F-D5D0-4AE9-BF0F-7110DC817EAE}" "viscomaudio.dll" "Viscom Software www.viscomsoft.com" "c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomaudio.dll" "12/8/2008 10:25 AM" ""
+ "{5E479EF1-9BDB-42AA-B273-6004D83C9212}" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaunrwrapper.ax" "10/16/2005 10:34 PM" ""
+ "{5EFC04B3-68C0-4BFF-8BD4-61037272D70D}" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\lenovo\powerdvd10\audiofilter\claudfx.ax" "12/25/2009 4:54 AM" ""
+ "{61665621-5523-11D4-A717-80E5A24FE52B}" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax" "11/7/2006 12:16 AM" ""
+ "{6263C176-0876-4B04-8DE0-44AB74489D72}" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gm2spliter.ax" "12/3/2007 11:10 PM" ""
+ "{66855507-19B6-45B0-A83A-78178247CADC}" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gvb.ax" "10/8/2004 4:36 AM" ""
+ "{6E0EED5F-4B78-455F-B688-073E3E5D1079}" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gdumpdispatch.ax" "12/12/2003 3:01 AM" ""
+ "{6F5BAD7B-9AE3-4937-B0B2-4CD4672523F7}" "" "" "c:\program files (x86)\gopro\tools\qtdemux.dll" "9/15/2016 3:28 PM" ""
+ "{74CFD057-E3A4-4352-8357-477084086D4B}" "viscomaudioprocess.dll" "" "c:\program files (x86)\dsnet corp\atube catcher 2.0\viscomaudioprocess.dll" "6/9/2012 1:31 AM" ""
+ "{74DA3201-9816-42E9-88F6-8E0B72E639E0}" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaursmpl.ax" "2/24/2005 10:41 PM" ""
+ "{781C76F5-5F6B-4F84-A987-FE6063313925}" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "4/1/2014 12:27 AM" ""
+ "{7A4A08EA-409C-4618-AE4A-FC7584FDCB7A}" "DigestFilter Dynamic Link Library" "" "c:\program files (x86)\lenovo\powerdvd10\digestfilter.dll" "4/28/2010 8:54 AM" ""
+ "{7D9070AB-371A-4614-A964-D21BDFE1030B}" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gm1spliter.ax" "12/3/2007 11:11 PM" ""
+ "{8BF03152-F394-4C94-A2EB-44D6B80C9E91}" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\videofilter\clsubtitle.ax" "6/23/2011 3:22 AM" ""
+ "{8C56B364-6CD9-4907-B5C1-30A4B03D35B8}" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2greader.ax" "6/15/2003 11:35 PM" ""
+ "{8D508C0D-E1C3-4C85-A7B6-7B5CD4392105}" "CLM2VWriter" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gm2vwriter.ax" "8/17/2005 10:45 AM" ""
+ "{8DA364BE-DF1D-43F9-9A86-CC06F53C082C}" "Intel® Media SDK AAC Decoder" "Intel Corporation" "c:\program files (x86)\gopro\tools\imc_aac_dec_ds.dll" "7/27/2012 3:11 PM" ""
+ "{93D04A3E-1510-4FBF-9AAF-F1F09C3BC71E}" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gdump.ax" "11/22/2006 8:15 AM" ""
+ "{94F20D00-59CE-4FF7-BFB8-E6BF852AD4B0}" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gvideostabilizer.ax" "10/17/2005 2:28 AM" ""
+ "{9B16BA00-C8B5-48F6-BF4A-DE3E5E587BF0}" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gpcmenc.ax" "3/21/2002 1:54 AM" ""
+ "{9C3913B7-EB91-427D-8404-D0EE84484250}" "" "" "c:\program files (x86)\gopro\tools\cfstereofixer.ax" "9/15/2016 3:51 PM" ""
+ "{A2A6B846-D118-4300-AE07-F31860887BC2}" "Intel® Media Codecs MPEG-4 Splitter" "Intel Corporation" "c:\program files (x86)\gopro\tools\imc_mp4_spl_ds.dll" "9/15/2016 3:27 PM" ""
+ "{A93F76CF-4B73-4B67-89ED-7E0AF90BBFED}" "CyberLink Video Decoder Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\videofilter\clcvd.ax" "11/9/2011 1:35 AM" ""
+ "{AD83011E-01D1-4623-91FD-6B75F183C5A9}" "CineForm DirectShow Decoder" "CineForm Inc." "c:\program files (x86)\gopro\tools\cfdecode2.ax" "9/15/2016 3:43 PM" ""
+ "{B5F41335-A18B-4362-A406-F09E43658116}" "CyberLink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\videofilter\cltzan.ax" "9/15/2011 2:04 AM" ""
+ "{B77D0683-4636-4550-98B6-E2713FDE2437}" "" "" "c:\program files (x86)\gopro\tools\cfvideosource.ax" "9/15/2016 3:49 PM" ""
+ "{C548BB6C-0E62-4A25-AE4E-DE41856BC682}" "CyberLink RealMedia Video Decoder" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\videofilter\clrmvd.ax" "12/24/2009 11:42 PM" ""
+ "{C88A3744-DE30-4316-BAFB-269C8A25856C}" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\videofilter\clsubtitle.ax" "6/23/2011 3:22 AM" ""
+ "{CB488050-23B8-411D-B861-D00BA44B8D02}" "Intel® Media Codecs MP4 Muxer" "Intel Corporation" "c:\program files (x86)\gopro\tools\imc_mp4_mux_ds.dll" "9/15/2016 3:27 PM" ""
+ "{CC29DF71-ECDE-4C60-BCD7-7503557AAB54}" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gauts.ax" "10/12/2004 10:32 AM" ""
+ "{CCCE52FD-02CB-482C-AC81-1E55EF1D61EE}" "Intel® Media SDK H.264 Decoder" "Intel Corporation" "c:\program files (x86)\gopro\tools\h264_dec_filter.dll" "9/15/2016 3:26 PM" ""
+ "{CDCFDBB0-6518-4239-8085-A16AD63488AE}" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gtlmsplter.ax" "10/19/2006 1:33 AM" ""
+ "{CF6ED441-FC79-4F1A-9D91-4AE01C570B81}" "MpgMux" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gmpgmux.ax" "5/23/2008 3:27 AM" ""
+ "{D00E73D7-06F5-44F9-8BE4-B7DB191E9E7E}" "CyberLink Video Decoder Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\videofilter\clcvd.ax" "11/9/2011 1:35 AM" ""
+ "{D2C12C78-9398-4ECA-9F88-2FE4D8C7A539}" "" "" "c:\program files (x86)\gopro\tools\cfsamplerate.ax" "9/15/2016 4:02 PM" ""
+ "{D8F506E3-899D-4E83-BA28-3139D6C71CE8}" "" "" "c:\program files (x86)\gopro\tools\cfstereomux.ax" "9/15/2016 3:51 PM" ""
+ "{DB17C0D7-EA02-4CC0-94A3-C8E07B1510F9}" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\navfilter\clm4splt.ax" "5/6/2010 6:39 AM" ""
+ "{DB5D8193-CB8D-4C72-98A5-1C147E075EDF}" "CyberLink RealMedia Audio Decoder" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\audiofilter\clrmaud.ax" "12/24/2009 11:44 PM" ""
+ "{E022CD24-BED2-43C6-9140-B7E26BC1D91A}" "CineForm DirectShow Encoder" "CineForm Inc." "c:\program files (x86)\gopro\tools\cfencode.ax" "7/2/2015 7:11 PM" ""
+ "{E51EF49D-DDB0-4874-A873-C5100171146F}" "Intel® Media Codecs AAC Encoder" "Intel Corporation" "c:\program files (x86)\gopro\tools\imc_aac_enc_ds.dll" "9/15/2016 3:27 PM" ""
+ "{E5B455E5-098A-4B65-B2A8-871274FF51CE}" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gresample.ax" "6/17/2002 11:32 PM" ""
+ "{E8F36981-7D45-4AF4-ACA2-E7D960D5AD6F}" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\lenovo\power2go\p2gaudenc.ax" "12/20/2006 5:20 AM" ""
+ "{ECA099DE-D413-4500-B401-6C4FF1EB9580}" "CyberLink FLV Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\powerdvd10\navfilter\clflvsplitter.ax" "9/27/2011 3:30 AM" ""
+ "{F07E981B-0EC4-4665-A671-C24955D11A38}" "CLDemuxer2" "Cyberlink" "c:\program files (x86)\lenovo\powerdvd10\navfilter\cldemuxer2.ax" "1/18/2011 8:29 AM" ""
+ "{FF1715E9-885B-47A8-8F76-16C44539309B}" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gmvd.ax" "9/29/2003 9:50 AM" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "10/1/2016 4:59 AM" ""
+ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "7/15/2016 10:17 PM" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "10/1/2016 4:34 AM" ""
+ "BtwCredentialProvider" "BtwCP DLL" "Broadcom Corporation." "c:\program files\lenovo\bluetooth software\btwcp.dll" "8/17/2012 1:18 PM" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "10/1/2016 4:43 AM" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll" "8/12/2015 6:48 PM" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "10/1/2016 4:43 AM" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "8/12/2015 6:47 PM" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "10/5/2016 11:20 PM" ""
+ "HP DF11 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Development Company, LP" "c:\windows\system32\hpinkstsdf11lm.dll" "9/4/2015 6:48 AM" ""
+ "Nitro PDF Port Monitor" "Windows NT Nitro Print PDF Interface Driver" "Nitro PDF Software" "c:\windows\system32\nitrolocalmon2.dll" "12/12/2012 6:24 AM" ""
+ "PCL hpz3llhn" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3llhn.dll" "5/23/2007 5:26 PM" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages" "" "" "" "12/4/2016 7:40 PM" ""
+ "livessp" "" "" "File not found: livessp" "" ""
"HKLM\Software\Microsoft\Office\Outlook\Addins" "" "" "" "10/1/2016 4:33 AM" ""
+ "Apple DAV Outlook Addin" "" "" "" "10/1/2016 4:33 AM" ""

Malnutrition · Dec 6, 2016

Fix with Autoruns.

Open Autoruns as administrator and under the "Task Scheduler" tab and uncheck these items.

"" "" "" "" ""
+ "\Adobe Acrobat Update Task" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "10/21/2016 9:56 PM" ""
+ "\Adobe Uninstaller" "Adobe Creative Cloud" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\adobe creative cloud\acc\creative cloud.exe" "10/25/2016 1:24 PM" ""
+ "\AdobeAAMUpdater-1.0-MicrosoftAccount-ivan.reor@gmail.com" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" "6/29/2016 3:29 AM" ""
+ "\Apple Diagnostics" "YSLoaderW.exe" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\ereporter.exe" "7/30/2014 6:24 PM" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe" "2/23/2016 7:31 PM" ""
+ "\Microsoft\Windows\ApplicationData\appuriverifierdaily" "" "" "c:\windows\syswow64\apphostregistrationverifier.exe" "" ""
+ "\Microsoft\Windows\CloudExperienceHost\CreateObjectTask" "" "" "c:\windows\syswow64\cloudexperiencehostbroker.exe" "" ""
+ "\Microsoft\Windows\DiskFootprint\Diagnostics" "" "" "c:\windows\syswow64\disksnapshot.exe" "" ""
+ "\Microsoft\Windows\DUSM\dusmtask" "" "" "c:\windows\syswow64\dusmtask.exe" "" ""
+ "\Microsoft\Windows\Feedback\Siuf\DmClient" "" "" "c:\windows\syswow64\dmclient.exe" "" ""
+ "\Microsoft\Windows\Multimedia\Manager" "" "" "c:\users\ivan" "11/29/2016 2:51 PM" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "7/16/2016 7:42 AM" ""
+ "\Microsoft\Windows\Time Zone\SynchronizeTimeZone" "" "" "c:\windows\syswow64\tzsync.exe" "" ""
+ "\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" "" "" "c:\windows\syswow64\musnotification.exe" "" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/15/2016 10:25 PM" ""
+ "\MirageAgent" "YouCam Mirage" "CyberLink" "c:\program files (x86)\lenovo\youcam\ycmmirage.exe" "6/29/2010 12:05 AM" ""

Fix with HijackThis!

Close all other programs!

Right Click Hijack this, run as administrator.
Click do a system scan only.
Place a tick next to the items below.

O4 - HKLM\..\Run: [OSD Utility] C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe
O4 - HKLM\..\Run: [Lenovo Silver Silk Wireless Keyboard] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ivan Reyes Ortega\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
O4 - HKCU\..\Run: [Discord] C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\app-0.0.296\Discord.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Startup: Monitor Ink Alerts - HP DeskJet 1110 series.lnk = ?
O4 - Global Startup: GoPro Importer.lnk = C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

Click fix checked.
Accept the prompt.
Reboot the machine after.

How abouot the FRST and Poweliks logs?
I have prepared a fix with Hijack this that will disable useless startups, to answer your question.
Also, I just found redundant useless files with FRST that are not needed on your machine.

Iaro96 · Dec 7, 2016

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-12-2016
Ran by Ivan Reyes Ortega (06-12-2016 20:08:00) Run:3
Running from C:\Users\Ivan Reyes Ortega\Desktop\Defenses\FRST
Loaded Profiles: Ivan Reyes Ortega (Available Profiles: Joanne & Ivan Reyes Ortega & Guest)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
Tcpip\..\Interfaces\{0d7355bc-6532-4c94-b735-8764407bd143}: [DhcpNameServer] 10.0.0.1
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
2016-12-03 13:36 - 2016-12-03 13:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign24a766ecde44338e
2016-12-03 13:35 - 2016-12-03 13:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf09fbed49c3953e4
2016-12-03 13:35 - 2016-12-03 13:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1f33b77bdb865bb0
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna2fdc6ed1fe23680
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4e306507b2235406
2016-12-02 14:56 - 2016-12-02 14:56 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign25b2817565b6a165
2016-12-02 14:55 - 2016-12-02 14:55 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4113661bfbf9ec4
2016-12-02 14:55 - 2016-12-02 14:55 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1da0b20d8b0c50da
2016-12-02 14:54 - 2016-12-02 14:54 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign416e9ee4319f429f
2016-12-02 14:30 - 2016-12-02 14:30 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign86f116bd6107cff4
2016-12-02 12:04 - 2016-12-02 12:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2ace09325c114503
2016-12-02 12:04 - 2016-12-02 12:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign20a9e2558c5efb45
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb1634104eabce732
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign87cdf395b9e99bb2
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5de8bdc3fd576b90
2016-12-02 12:03 - 2016-12-02 12:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1ae5dd934df26a18
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigneb6f4281d561f241
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5f38946803be124d
2016-12-02 10:50 - 2016-12-02 10:50 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign076fcfe5d2dca300
C:\WINDOWS\System32\Tasks\GarminUpdaterTask
C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4217be0e706de9d
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna961d9b996b69b6a
2016-12-01 11:57 - 2016-12-01 11:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1fbdbf9ade0c62c0
2016-12-01 11:32 - 2016-12-01 11:32 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign6d5981f57fb8d901
2016-12-01 11:31 - 2016-12-01 11:31 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf98a8353c428fca7
2016-12-01 11:31 - 2016-12-01 11:31 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45d51b50f63c5ee9
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf733f83a8b8abf78
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign829839379033796c
2016-12-01 04:27 - 2016-12-01 04:27 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4eb3dfc44eeaf8bb
2016-12-01 03:57 - 2016-12-01 03:57 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2b7b54a26e1ef520
2016-12-01 03:04 - 2016-12-01 03:04 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc248ede3762bf2ad
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc24887e1e604e95c
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign682256ca7e561c64
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4da3bfde17a0b234
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3ab1887b15cdc5ff
2016-12-01 02:40 - 2016-12-01 02:40 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign379df4a28d7b0a04
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9eed872c99fc8b77
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a211b0077920826
2016-12-01 01:00 - 2016-12-01 01:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1584d9d439aae027
2016-12-01 00:28 - 2016-12-01 00:28 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9529c9df4bbf6a46
2016-12-01 00:28 - 2016-12-01 00:28 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign78c6c1ed6caffe3e
2016-12-01 00:26 - 2016-12-01 00:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign65bc5baca0181620
2016-12-01 00:24 - 2016-12-01 00:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc7cd6e62e15b1529
2016-12-01 00:24 - 2016-12-01 00:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5da3c183c298ade2
2016-12-01 00:12 - 2016-12-01 00:12 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0c0664295fa8a1e4
2016-11-30 13:30 - 2016-11-30 13:30 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign84b5d366502b6cec
2016-11-30 12:35 - 2016-11-30 12:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignbe840b5f627a8589
2016-11-30 12:35 - 2016-11-30 12:35 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2107f73f8e532d86
2016-11-30 10:37 - 2016-11-30 10:37 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd8e40a378942779a
2016-11-30 10:36 - 2016-11-30 10:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a739be8cf76bf28
2016-11-30 10:36 - 2016-11-30 10:36 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign14e14c73aa6fb958
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc59d70c7919ffb7d
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9465d48e85c1dbb5
2016-11-30 10:26 - 2016-11-30 10:26 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0d962e5933c6cf32
2016-11-30 10:24 - 2016-11-30 10:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb18e280626faf76f
2016-11-30 10:24 - 2016-11-30 10:24 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0a5ece4d67ce42fa
2016-11-30 10:23 - 2016-11-30 10:23 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0672381c9e7f3729
2016-11-30 00:01 - 2016-11-30 00:01 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd7901b76d0c6ca59
2016-11-30 00:01 - 2016-11-30 00:01 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1079eea9752a8bea
2016-11-30 00:00 - 2016-11-30 00:00 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigne0fb814359a08ec8
2016-11-29 16:10 - 2016-11-29 16:10 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1d0cf9aa9f0006bd
2016-11-29 16:10 - 2016-11-29 16:10 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1496dc2f1f5dc247
2016-11-29 16:03 - 2016-11-29 16:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf45da2ae1fcaddc0
2016-11-29 16:03 - 2016-11-29 16:03 - 00000000 ____D C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45400c04d65206d8
2016-11-28 02:29 - 2016-11-28 02:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC
2016-11-30 10:29 - 2016-12-02 12:02 - 0000033 _____ () C:\Users\Ivan Reyes Ortega\AppData\Roaming\AdobeWLCMCache.dat
2016-11-28 11:04 - 2016-11-28 11:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-28 11:05 - 2016-11-28 11:05 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
CustomCLSID: HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-BCB9FC4F747E}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {2112063D-C2C4-4ED2-8D91-EA33E01EA3AC} - \{8DD3EE36-D507-432E-A9B1-FA7778A3BE83} -> No File <==== ATTENTION
Task: {94F39B2E-640A-4BC1-8B69-188EE055C68A} - \{7C134AF1-A52C-45FB-A769-590205637799} -> No File <==== ATTENTION
Task: {96BB6801-483A-46F9-B8E5-4BE2680F272B} - \{DB50062B-1108-4516-B07E-CB933EB55684} -> No File <==== ATTENTION
Shortcut: C:\Users\Ivan Reyes Ortega\Desktop\N?xon Launcher.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogle Chr?m?.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?unch Int?rnet Ex?lor?r ?rows?r.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\G?ogle ?hr?m?.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gle Chr?m?.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\??ttle.n?t.lnk -> C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat (No File) <===== Cyrillic
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

*****************
Restore point was successfully created.
HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value not found.
C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0d7355bc-6532-4c94-b735-8764407bd143}\\DhcpNameServer => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}" => key removed successfully
HKCR\Wow6432Node\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095} => key not found.
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign24a766ecde44338e => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf09fbed49c3953e4 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1f33b77bdb865bb0 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna2fdc6ed1fe23680 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4e306507b2235406 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign25b2817565b6a165 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4113661bfbf9ec4 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1da0b20d8b0c50da => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign416e9ee4319f429f => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign86f116bd6107cff4 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2ace09325c114503 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign20a9e2558c5efb45 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb1634104eabce732 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign87cdf395b9e99bb2 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5de8bdc3fd576b90 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1ae5dd934df26a18 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigneb6f4281d561f241 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5f38946803be124d => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign076fcfe5d2dca300 => moved successfully
C:\WINDOWS\System32\Tasks\GarminUpdaterTask => moved successfully
C:\WINDOWS\System32\Tasks\Apple Diagnostics => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf4217be0e706de9d => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigna961d9b996b69b6a => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1fbdbf9ade0c62c0 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign6d5981f57fb8d901 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf98a8353c428fca7 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45d51b50f63c5ee9 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf733f83a8b8abf78 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign829839379033796c => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4eb3dfc44eeaf8bb => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2b7b54a26e1ef520 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc248ede3762bf2ad => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc24887e1e604e95c => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign682256ca7e561c64 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4da3bfde17a0b234 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3ab1887b15cdc5ff => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign379df4a28d7b0a04 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9eed872c99fc8b77 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a211b0077920826 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1584d9d439aae027 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9529c9df4bbf6a46 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign78c6c1ed6caffe3e => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign65bc5baca0181620 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc7cd6e62e15b1529 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign5da3c183c298ade2 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0c0664295fa8a1e4 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign84b5d366502b6cec => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignbe840b5f627a8589 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign2107f73f8e532d86 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd8e40a378942779a => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign4a739be8cf76bf28 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign14e14c73aa6fb958 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc59d70c7919ffb7d => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9465d48e85c1dbb5 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0d962e5933c6cf32 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignb18e280626faf76f => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0a5ece4d67ce42fa => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign0672381c9e7f3729 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignd7901b76d0c6ca59 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1079eea9752a8bea => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigne0fb814359a08ec8 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1d0cf9aa9f0006bd => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign1496dc2f1f5dc247 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignf45da2ae1fcaddc0 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign45400c04d65206d8 => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC" => not found.
C:\Users\Ivan Reyes Ortega\AppData\Roaming\AdobeWLCMCache.dat => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc => moved successfully
"HKU\S-1-5-21-2198469641-46685643-2895634536-1004_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-BCB9FC4F747E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2112063D-C2C4-4ED2-8D91-EA33E01EA3AC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2112063D-C2C4-4ED2-8D91-EA33E01EA3AC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8DD3EE36-D507-432E-A9B1-FA7778A3BE83}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94F39B2E-640A-4BC1-8B69-188EE055C68A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94F39B2E-640A-4BC1-8B69-188EE055C68A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C134AF1-A52C-45FB-A769-590205637799}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96BB6801-483A-46F9-B8E5-4BE2680F272B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96BB6801-483A-46F9-B8E5-4BE2680F272B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DB50062B-1108-4516-B07E-CB933EB55684}" => key removed successfully
"C:\Users\Ivan Reyes Ortega\Desktop\N?xon Launcher.lnk" => Could not move.
"C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogle Chr?m?.lnk" => Could not move.
"C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?unch Int?rnet Ex?lor?r ?rows?r.lnk" => Could not move.
"C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\G?ogle ?hr?m?.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gle Chr?m?.lnk" => Could not move.
"C:\Users\Public\Desktop\??ttle.n?t.lnk" => Could not move.
========= ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 177882780 B
Java, Flash, Steam htmlcache => 226889461 B
Windows/system/drivers => 51861934 B
Edge => 228104068 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Joanne => 18384334 B
Ivan Reyes Ortega => 134076673 B
Guest => 0 B
RecycleBin => 3178018440 B
EmptyTemp: => 3.7 GB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 20:09:44 ====

Iaro96

Iaro96

Iaro96

jmarket

PCHF's Almighty Ruler

Iaro96

Iaro96

Iaro96

Iaro96

Malnutrition

Malnurished Mod

Iaro96

Malnutrition

Malnurished Mod

Iaro96

Attachments

Iaro96

Attachments

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Attachments

Iaro96

Iaro96

Iaro96

Attachments

Malnutrition

Malnurished Mod

Iaro96

Search

Search

Solved UC Chinese Virus