Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove smart service


  • This topic is locked This topic is locked
22 replies to this topic

#1 Hernandez_jorge

Hernandez_jorge

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 08 July 2017 - 12:24 PM

I got the smart service Trojan need help removing anything would be helpful thanks.

BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 AM

Posted 08 July 2017 - 07:20 PM

Hi Hernandez_jorge :)
 
My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)
 
Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 AM

Posted 11 July 2017 - 07:35 AM

Hi Hernandez_jorge,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Hernandez_jorge

Hernandez_jorge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 11 July 2017 - 10:45 PM

Yes I'm sorry I read your latest post with some others and I have almost removed my virus can I send you my frst logs for additional help?

#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 AM

Posted 12 July 2017 - 09:10 AM

For now, provide me the mbar-log-TODAY'S-DATE.txt log that should be in the MBAR folder (if you still have it). We'll take a look at the FRST logs at the end.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Hernandez_jorge

Hernandez_jorge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 12 July 2017 - 11:23 AM

here it is

 

Attached Files



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 AM

Posted 12 July 2017 - 11:27 AM

Good :) Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Hernandez_jorge

Hernandez_jorge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 12 July 2017 - 11:41 AM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/12/17
Scan Time: 12:39 PM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.2351
License: Free
 
-System Information-
OS: Windows 10 (Build 14393.1358)
CPU: x64
File System: NTFS
User: DESKTOP-74GNUQV\Jorge
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 488604
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 40 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 AM

Posted 12 July 2017 - 11:43 AM

Good. Now let's do a sweep with AdwCleaner and JRT.

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted JRT log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Hernandez_jorge

Hernandez_jorge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 12 July 2017 - 11:49 AM

hers my adwcleaner log

# AdwCleaner v6.047 - Logfile created 12/07/2017 at 12:45:20
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-11.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Jorge - DESKTOP-74GNUQV
# Running from : C:\Users\Jorge\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_011&type=mce_mceydef_15_18&param1=yhsbeacon&param2=f%3D7%26b%3DChrome%26cc%3DUS%26p%3Dmceyahoo%26cd%3D2XzuyEtN2Y1L1QzuyC0Dzy0AyBzyyCtBtGtDyE0FtAtGyD0EyBtAtG0AyCyEyBtGyBtB0DyC0Fzz0EzztC0F0B0CtN1L1G1B1V1N2Y1L1Qzu2StD0E0ByC0CtAtAtBtG0F0AyCzytGyE0F0B0AtGzytCyBzztGtAtB0A0ByCyE0FtA0C0A0CtC2QtN1Q2Zzu0StCtBtCyCtN1L2XzutAtFyDtFtDtFtByBtN1L1Czu%26cr%3D994707312%26a%3Dmce_mceydef_15_18
[-] [C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_011&type=mce_mceydef_15_18&param1=yhsbeacon&param2=f%3D7%26b%3DChrome%26cc%3DUS%26p%3Dmceyahoo%26cd%3D2XzuyEtN2Y1L1QzuyC0Dzy0AyBzyyCtBtGtDyE0FtAtGyD0EyBtAtG0AyCyEyBtGyBtB0DyC0Fzz0EzztC0F0B0CtN1L1G1B1V1N2Y1L1Qzu2StD0E0ByC0CtAtAtBtG0F0AyCzytGyE0F0B0AtGzytCyBzztGtAtB0A0ByCyE0FtA0C0A0CtC2QtN1Q2Zzu0StCtBtCyCtN1L2XzutAtFyDtFtDtFtByBtN1L1Czu%26cr%3D994707312%26a%3Dmce_mceydef_15_18
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1825 Bytes] - [12/07/2017 12:45:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [1768 Bytes] - [12/07/2017 12:44:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1971 Bytes] ##########

Heres my jrt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Jorge (Administrator) on Wed 07/12/2017 at 12:47:23.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/12/2017 at 12:48:20.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 AM

Posted 12 July 2017 - 01:26 PM

Good :) Now let's run a scan with FRST and see if there are any remnants left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Hernandez_jorge

Hernandez_jorge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 12 July 2017 - 01:43 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2017
Ran by Jorge (administrator) on DESKTOP-74GNUQV (12-07-2017 14:06:51)
Running from C:\Users\Jorge\Desktop
Loaded Profiles: Jorge (Available Profiles: defaultuser0 & Jorge)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microvirt Software Technology Co. Ltd.) D:\Program Files\Microvirt\MEmu\MemuService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\Run: [Discord] => C:\Users\Jorge\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\Run: [uTorrent] => C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\Run: [Spotify Web Helper] => C:\Users\Jorge\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-22] (Spotify Ltd)
HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\Run: [Spotify] => C:\Users\Jorge\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-22] (Spotify Ltd)
HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-02] (BlueStack Systems, Inc.)
HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{19b45a7a-fd33-4a24-8c0a-17c1fb3c7c4a}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{3b49af55-e32f-4852-a3e2-a3bd2a9e4e1b}: [DhcpNameServer] 192.168.1.254
ManualProxies: 
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2446080125-493515187-2031211118-1002 -> DefaultScope {57706277-1E41-4DF3-9BDC-23A168880B26} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-28] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-28] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-27] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-27] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_011&type=mce_mceydef_15_18&param1=yhsbeacon&param2=f%3D7%26b%3DChrome%26cc%3DUS%26p%3Dmceyahoo%26cd%3D2XzuyEtN2Y1L1QzuyC0Dzy0AyBzyyCtBtGtDyE0FtAtGyD0EyBtAtG0AyCyEyBtGyBtB0DyC0Fzz0EzztC0F0B0CtN1L1G1B1V1N2Y1L1Qzu2StD0E0ByC0CtAtAtBtG0F0AyCzytGyE0F0B0AtGzytCyBzztGtAtB0A0ByCyE0FtA0C0A0CtC2QtN1Q2Zzu0StCtBtCyCtN1L2XzutAtFyDtFtDtFtByBtN1L1Czu%26cr%3D994707312%26a%3Dmce_mceydef_15_18
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_011&type=mce_mceydef_15_18&param1=yhsbeacon&param2=f%3D7%26b%3DChrome%26cc%3DUS%26p%3Dmceyahoo%26cd%3D2XzuyEtN2Y1L1QzuyC0Dzy0AyBzyyCtBtGtDyE0FtAtGyD0EyBtAtG0AyCyEyBtGyBtB0DyC0Fzz0EzztC0F0B0CtN1L1G1B1V1N2Y1L1Qzu2StD0E0ByC0CtAtAtBtG0F0AyCzytGyE0F0B0AtGzytCyBzztGtAtB0A0ByCyE0FtA0C0A0CtC2QtN1Q2Zzu0StCtBtCyCtN1L2XzutAtFyDtFtDtFtByBtN1L1Czu%26cr%3D994707312%26a%3Dmce_mceydef_15_18"
CHR NewTab: Default ->  Not-active:"chrome-extension://kglfgongebbmofodepapholflcjcjncf/index.html"
CHR DefaultSearchURL: Default -> hxxp://feed.combo-search.com?st=ds&q={searchTerms}&publisher=combosearch&barcodeid=516940000000000
CHR DefaultSearchKeyword: Default -> Combo Search
CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default [2017-07-12]
CHR Extension: (Google Slides) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-23]
CHR Extension: (Google Docs) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-23]
CHR Extension: (Google Drive) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-23]
CHR Extension: (YouTube) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-23]
CHR Extension: (Adblock Plus) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Tampermonkey) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-06-28]
CHR Extension: (Google Sheets) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-23]
CHR Extension: (Google Docs Offline) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-23]
CHR Extension: (AdBlock) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-27]
CHR Extension: (agar.io server browser) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hongpdkjnjhijmdnogoicadboadgllhi [2017-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-23]
CHR Extension: (Gmail) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-04-24] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-04-17] (Hi-Rez Studios) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MEmusvc; D:\Program Files\Microvirt\MEmu\MemuService.exe [281768 2017-05-15] (Microvirt Software Technology Co. Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-07-12] (Malwarebytes)
R2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2a6e383a1adc0e24\nvlddmkm.sys [14569528 2017-02-24] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [28216 2017-02-23] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-12 14:06 - 2017-07-12 14:07 - 00015185 _____ C:\Users\Jorge\Desktop\FRST.txt
2017-07-12 14:05 - 2017-07-12 14:06 - 00000000 ____D C:\FRST
2017-07-12 14:04 - 2017-07-12 14:04 - 02435584 _____ (Farbar) C:\Users\Jorge\Desktop\FRST64.exe
2017-07-12 12:45 - 2017-07-12 12:45 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\4992182D.sys
2017-07-12 12:43 - 2017-07-12 12:45 - 00000000 ____D C:\AdwCleaner
2017-07-12 12:37 - 2017-07-12 12:45 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 12:36 - 2017-07-12 12:37 - 64025992 _____ (Malwarebytes ) C:\Users\Jorge\Downloads\mb3-setup-1878.1878-3.1.2.1733-10139.exe
2017-07-11 20:43 - 2017-07-11 23:42 - 00000000 ____D C:\Users\Jorge\AppData\Local\MegaDownloader
2017-07-11 11:52 - 2017-07-11 11:52 - 00000222 _____ C:\Users\Jorge\Desktop\DOOM.url
2017-07-10 12:54 - 2017-07-10 12:56 - 08049923 _____ C:\Users\Jorge\Downloads\Octane-Hyper-Beast.zip
2017-07-10 12:54 - 2017-07-10 12:54 - 00065619 _____ C:\Users\Jorge\Downloads\Rainbow-Wheel-2.0-Vortex-Wheel.rar
2017-07-10 12:52 - 2017-07-10 12:53 - 26163074 _____ C:\Users\Jorge\Downloads\glowing-engine-for-almost-rest-of-all-carsmarauderesperroadhogzippy...-and-so-on.rar
2017-07-10 12:41 - 2017-07-10 12:41 - 00000000 ____D C:\Users\Jorge\AppData\Roaming\uMod
2017-07-10 12:39 - 2017-07-10 12:39 - 07723507 _____ C:\Users\Jorge\Downloads\Octane-NEON-mod-glowengine-2.0-var-decal.rar
2017-07-10 12:39 - 2017-07-10 12:39 - 01475785 _____ C:\Users\Jorge\Downloads\uMod_alpha_v2_r49.zip
2017-07-10 01:14 - 2017-07-10 01:14 - 02091598 _____ (AppsForMega.info ) C:\Users\Jorge\Downloads\mega.nz - MegaDownloader.exe
2017-07-10 01:14 - 2017-07-10 01:14 - 00000744 _____ C:\Users\Public\Desktop\MegaDownloader.lnk
2017-07-10 01:14 - 2017-07-10 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader
2017-07-09 21:31 - 2017-07-09 21:31 - 00000222 _____ C:\Users\Jorge\Desktop\Rocket League.url
2017-07-09 14:32 - 2017-07-09 14:32 - 00001417 _____ C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-07-09 14:32 - 2017-07-09 14:32 - 00000000 ____D C:\Users\Jorge\AppData\Local\UNP
2017-07-08 23:23 - 2017-07-12 12:43 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-08 23:23 - 2017-07-12 12:37 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-08 23:23 - 2017-07-12 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-08 23:21 - 2017-07-08 23:21 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jorge\Downloads\rkill.exe
2017-07-08 23:20 - 2017-07-08 23:21 - 00003346 _____ C:\Users\Jorge\Desktop\Rkill.txt
2017-07-08 23:18 - 2017-07-12 12:48 - 00000555 _____ C:\Users\Jorge\Desktop\JRT.txt
2017-07-08 23:17 - 2017-07-08 23:17 - 01663672 _____ (Malwarebytes) C:\Users\Jorge\Downloads\JRT.exe
2017-07-08 23:17 - 2017-07-08 23:17 - 01663672 _____ (Malwarebytes) C:\Users\Jorge\Desktop\JRT.exe
2017-07-08 23:12 - 2017-07-08 23:12 - 04110280 _____ C:\Users\Jorge\Downloads\AdwCleaner.exe
2017-07-08 23:12 - 2017-07-08 23:12 - 04110280 _____ C:\Users\Jorge\Desktop\AdwCleaner.exe
2017-07-08 22:50 - 2017-07-08 22:50 - 22851472 _____ (Malwarebytes ) C:\Users\Jorge\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2017-07-08 22:49 - 2017-07-08 22:50 - 00000000 ____D C:\Program Files\UNP
2017-07-08 22:49 - 2017-07-08 22:49 - 00000000 ____D C:\Windows\system32\UNP
2017-07-08 22:47 - 2017-07-08 23:23 - 65033984 _____ (Malwarebytes ) C:\Users\Jorge\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (2).exe
2017-07-08 16:50 - 2017-07-08 23:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-08 16:49 - 2017-07-08 22:43 - 00000000 ____D C:\Users\Jorge\Desktop\mbar
2017-07-08 16:47 - 2017-07-08 16:48 - 16564750 _____ (Malwarebytes Corp.) C:\Users\Jorge\Downloads\mbar-1.09.4.1001.exe
2017-07-08 16:28 - 2017-07-12 12:46 - 00000000 ____D C:\Users\Jorge\AppData\LocalLow\uTorrent
2017-07-08 00:38 - 2017-07-08 00:38 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jorge\Downloads\iExplore (1).exe
2017-07-07 14:56 - 2017-07-07 15:08 - 193782555 _____ C:\Users\Jorge\Downloads\Kaspersky Internet Security 2017 Lifetime [New].rar
2017-07-07 14:35 - 2017-07-07 14:36 - 06654960 _____ (AVAST Software) C:\Users\Jorge\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2017-07-07 00:23 - 2017-07-07 00:23 - 00000000 ____D C:\Users\Jorge\Desktop\yeet
2017-07-07 00:17 - 2017-07-07 00:17 - 00042968 _____ C:\Users\Jorge\Downloads\Addition.txt
2017-07-07 00:16 - 2017-07-07 00:17 - 00065196 _____ C:\Users\Jorge\Downloads\FRST.txt
2017-07-07 00:15 - 2017-07-07 00:21 - 02436608 _____ (Farbar) C:\Users\Jorge\Downloads\FRST64 (1).exe
2017-07-05 14:35 - 2017-07-05 14:35 - 00912452 _____ C:\Users\Jorge\Downloads\rkill.zip
2017-07-05 14:34 - 2017-07-05 14:34 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jorge\Downloads\iExplore.exe
2017-07-05 14:33 - 2017-07-05 14:33 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jorge\Desktop\.exe.com
2017-07-04 23:08 - 2017-07-04 23:08 - 00000761 _____ C:\Users\Jorge\Downloads\Documents - Shortcut.lnk
2017-07-04 23:05 - 2017-07-04 23:07 - 65033984 _____ (Malwarebytes ) C:\Users\Jorge\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-07-02 13:25 - 2017-07-02 13:30 - 00000000 ____D C:\Users\Jorge\Desktop\Firered 802
2017-07-02 13:25 - 2017-07-02 13:25 - 26474926 _____ C:\Users\Jorge\Downloads\Versiòn5hasta zygarde formas adicionales (1).rar
2017-07-01 20:38 - 2017-07-01 20:38 - 00047818 _____ C:\Users\Jorge\Downloads\skymod_afterbirth_1.2.zip
2017-07-01 16:01 - 2017-07-01 16:04 - 00000000 ____D C:\Users\Jorge\Desktop\TBOH Afterbirth
2017-07-01 15:58 - 2017-07-01 15:58 - 916172707 _____ C:\Users\Jorge\Downloads\The.Binding.of.Isaac.Afterbirth.Plus.Update.1.rar
2017-07-01 15:45 - 2017-07-01 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Binding of Isaac - Afterbirth Plus
2017-07-01 15:45 - 2017-07-01 15:45 - 00000000 ____D C:\Program Files (x86)\Nicalis Inc
2017-07-01 15:24 - 2017-07-01 15:24 - 905063844 _____ C:\Users\Jorge\Downloads\TheBindinofIsaacAfterbirPlus.rar
2017-07-01 13:18 - 2017-07-01 13:18 - 684656725 _____ C:\Users\Jorge\Downloads\MGA (New) - (v1.2.2).rar
2017-07-01 13:13 - 2017-07-01 13:26 - 531680271 _____ C:\Users\Jorge\Downloads\Pokemon Wack Version HALLOWEEN.rar
2017-07-01 00:45 - 2017-07-01 00:46 - 65033984 _____ (Malwarebytes ) C:\Users\Jorge\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-06-29 19:31 - 2017-06-21 03:07 - 00179320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-06-29 19:31 - 2017-06-21 03:07 - 00146552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-06-28 10:56 - 2017-04-21 17:53 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-06-28 10:56 - 2017-04-21 17:53 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-06-28 10:56 - 2017-04-21 17:50 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-06-28 10:56 - 2017-04-21 17:50 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-06-28 10:56 - 2017-04-11 14:27 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-06-28 10:56 - 2017-04-11 14:27 - 00690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-06-28 10:56 - 2017-03-15 14:15 - 00987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-06-28 10:56 - 2017-03-15 14:15 - 00485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-06-28 00:35 - 2017-06-28 00:35 - 00000644 _____ C:\Users\Jorge\Downloads\Turn_On_Windows_Defender_Antivirus.reg
2017-06-28 00:07 - 2017-06-28 00:26 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-28 00:07 - 2017-06-28 00:07 - 00000000 ____D C:\Windows\pss
2017-06-28 00:00 - 2017-06-28 00:00 - 00002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-06-28 00:00 - 2017-06-28 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-28 00:00 - 2017-06-28 00:00 - 00000000 ____D C:\Program Files\CCleaner
2017-06-27 23:59 - 2017-06-28 00:00 - 09598376 _____ (Piriform Ltd) C:\Users\Jorge\Downloads\ccsetup531 (1).exe
2017-06-27 23:56 - 2017-06-28 00:00 - 01564928 _____ (Piriform Ltd) C:\Users\Jorge\Downloads\Unconfirmed 724044.crdownload
2017-06-27 23:43 - 2017-06-27 23:44 - 64232976 _____ (Malwarebytes ) C:\Users\Jorge\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-27 23:41 - 2017-06-27 23:41 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 23:41 - 2017-06-27 23:41 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-27 23:38 - 2017-06-27 23:38 - 01130328 _____ (Google Inc.) C:\Users\Jorge\Downloads\ChromeSetup.exe
2017-06-27 23:38 - 2017-06-27 23:38 - 00000000 ____D C:\Program Files (x86)\GUM8EA7.tmp
2017-06-27 23:30 - 2017-06-27 23:30 - 00000000 ____D C:\Users\Jorge\AppData\Roaming\Google
2017-06-27 23:11 - 2017-07-08 22:38 - 00000000 ____D C:\Users\Jorge\AppData\Local\ckbbkz
2017-06-27 23:11 - 2017-06-27 23:11 - 00000000 ____D C:\Users\Jorge\AppData\Roaming\c
2017-06-27 23:11 - 2017-06-27 23:11 - 00000000 ____D C:\Users\Jorge\AppData\Local\rjkweiyc
2017-06-27 22:30 - 2017-06-27 22:30 - 00000000 ____D C:\Program Files\Common Files\VST2
2017-06-27 22:29 - 2017-06-27 23:34 - 00000000 ____D C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-06-27 22:29 - 2017-06-27 23:34 - 00000000 ____D C:\Program Files\Image-Line
2017-06-27 22:29 - 2017-06-27 22:29 - 00000000 ____D C:\Users\Jorge\Documents\Image-Line
2017-06-27 22:29 - 2017-06-27 22:29 - 00000000 ____D C:\Users\Jorge\AppData\Roaming\Image-Line
2017-06-27 22:29 - 2017-06-27 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-06-27 22:29 - 2017-06-27 22:29 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2017-06-27 22:27 - 2017-06-27 23:34 - 00000000 ____D C:\Program Files (x86)\Image-Line
2017-06-25 16:21 - 2017-06-25 16:21 - 05628847 _____ C:\Users\Jorge\Downloads\FireSunPKF.zip
2017-06-25 16:19 - 2017-06-25 16:19 - 05355367 _____ C:\Users\Jorge\Downloads\fire-red-mega-edition-v1.01.zip
2017-06-25 16:14 - 2017-06-25 16:14 - 06895167 _____ C:\Users\Jorge\Downloads\firered-800.zip
2017-06-24 13:19 - 2017-06-24 13:19 - 1011899132 _____ C:\Users\Jorge\Downloads\3DS To CIA Converter.rar
2017-06-24 13:13 - 2017-06-24 13:13 - 78015112 _____ C:\Users\Jorge\Downloads\RNDMv1.zip
2017-06-24 07:36 - 2017-06-24 07:36 - 00000000 ____D C:\Python27
2017-06-24 07:36 - 2017-06-24 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2017-06-24 07:35 - 2017-06-24 07:36 - 16247296 _____ C:\Users\Jorge\Downloads\python-2.7.amd64.msi
2017-06-24 07:35 - 2017-06-24 07:35 - 00182495 _____ C:\Users\Jorge\Downloads\msvcr71.zip
2017-06-24 07:29 - 2017-06-24 13:32 - 00000000 ____D C:\Users\Jorge\Desktop\CIA
2017-06-24 07:28 - 2017-06-24 07:28 - 08058640 _____ C:\Users\Jorge\Downloads\3DS To CIA Converter v4.1.rar
2017-06-24 07:27 - 2017-06-24 07:28 - 1890330880 _____ C:\Users\Jorge\Downloads\RANDOM ORAS.cia
2017-06-22 21:30 - 2017-06-22 21:30 - 00024064 _____ C:\Users\Jorge\Desktop\RomFS Builder.exe
2017-06-22 21:06 - 2017-06-24 07:30 - 00000000 ____D C:\Users\Jorge\Desktop\maybe
2017-06-22 20:53 - 2017-06-22 20:54 - 3211362304 _____ C:\Users\Jorge\Desktop\sun randomized
2017-06-22 20:52 - 2017-06-22 20:52 - 00011187 _____ C:\Users\Jorge\Downloads\RomFS.Builder.Final.Release.zip
2017-06-22 20:41 - 2016-11-10 15:06 - 3220029440 _____ C:\Users\Jorge\Desktop\suny.3ds
2017-06-22 20:40 - 2017-06-22 20:46 - 00000000 ____D C:\Users\Jorge\Desktop\sunnolines
2017-06-22 20:37 - 2017-06-22 20:37 - 01310330 _____ C:\Users\Jorge\Downloads\PackEnglishV9 (1).rar
2017-06-22 20:33 - 2017-06-22 20:33 - 00690194 _____ C:\Users\Jorge\Desktop\Personal Entries.txt
2017-06-22 20:15 - 2017-06-22 20:15 - 00000000 ____D C:\Users\Jorge\Powersaves3DS
2017-06-22 20:15 - 2017-06-22 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS
2017-06-22 20:15 - 2017-06-22 20:15 - 00000000 ____D C:\Program Files (x86)\Action Replay PowerSaves 3DS
2017-06-22 20:14 - 2017-06-22 20:15 - 03180116 _____ C:\Users\Jorge\Downloads\powersaves3ds-software-151.zip
2017-06-22 14:23 - 2017-06-25 21:47 - 00002300 _____ C:\Users\Jorge\Desktop\Citra Edge.lnk
2017-06-21 17:24 - 2017-06-21 17:24 - 00000222 _____ C:\Users\Jorge\Desktop\Call of Duty Black Ops III.url
2017-06-21 10:45 - 2017-06-21 10:45 - 00000377 _____ C:\Users\Jorge\Downloads\error_1498056320210.txt
2017-06-21 10:44 - 2017-06-21 10:44 - 00578440 _____ C:\Users\Jorge\Downloads\UPRandomizer-163.zip
2017-06-21 10:43 - 2017-06-21 10:43 - 00596401 _____ C:\Users\Jorge\Downloads\UPRandomizer-170a-win.zip
2017-06-21 10:43 - 2017-06-21 10:43 - 00004065 _____ C:\Users\Jorge\Downloads\error_1498056213928.txt
2017-06-21 10:42 - 2017-06-21 10:42 - 00496155 _____ C:\Users\Jorge\Downloads\UPRandomizer-161.zip
2017-06-21 10:31 - 2017-06-21 10:31 - 14778118 _____ C:\Users\Jorge\Downloads\Pokemon_Theta_Emerald_EX_Completed_21-2-2017.zip
2017-06-21 10:29 - 2017-06-21 10:29 - 11806253 _____ C:\Users\Jorge\Downloads\Theta Emerald EX 2-27-2017.rar
2017-06-21 00:36 - 2017-06-21 00:36 - 08243145 _____ C:\Users\Jorge\Downloads\Pokemon-Shiny-Gold-Sigma12.8.zip
2017-06-20 23:39 - 2017-06-20 23:39 - 00638068 _____ C:\Users\Jorge\Downloads\UPRandomizer-172-win.zip
2017-06-20 23:37 - 2017-07-02 13:30 - 00000000 ____D C:\Users\Jorge\Desktop\Pokemon 821
2017-06-20 23:37 - 2017-06-20 23:37 - 01380476 _____ (None) C:\Users\Jorge\Downloads\VisualBoyAdvance-1.8.0-511.exe
2017-06-20 23:36 - 2017-06-20 23:36 - 26474926 _____ C:\Users\Jorge\Downloads\Versiòn5hasta zygarde formas adicionales.rar
2017-06-20 23:24 - 2017-06-20 23:24 - 04949953 _____ C:\Users\Jorge\Downloads\abandoned-ruby-completed.zip
2017-06-20 22:01 - 2017-06-20 22:11 - 554955977 _____ C:\Users\Jorge\Downloads\Pokémon Full Moon Version Ep.8.3.1.rar
2017-06-20 21:58 - 2017-06-20 21:58 - 00000000 ____D C:\Users\Jorge\Desktop\backup
2017-06-20 21:58 - 2017-06-20 21:58 - 00000000 ____D C:\Users\Jorge\Desktop\000400000011c400
2017-06-20 21:33 - 2017-06-20 21:57 - 1236251447 _____ C:\Users\Jorge\Downloads\000400000011c400.rar
2017-06-20 21:13 - 2017-06-20 21:29 - 1930887168 _____ C:\Users\Jorge\Downloads\1324 - Pokemon Alpha Sapphire (Europe) (En,Ja,Fr,De,Es,It,Ko) Decrypted.3ds
2017-06-19 10:16 - 2017-06-19 10:16 - 3220029440 _____ C:\Users\Jorge\Desktop\sun no lines
2017-06-19 10:16 - 2017-06-19 10:16 - 00000000 ____D C:\Users\Jorge\AppData\Roaming\Mael
2017-06-19 10:13 - 2017-06-19 10:13 - 00872029 _____ C:\Users\Jorge\Downloads\HxDSetupEN.zip
2017-06-19 10:12 - 2017-06-19 10:12 - 00000097 _____ C:\Users\Jorge\Downloads\Pokemon Fix.txt
2017-06-18 22:24 - 2017-06-19 10:16 - 00000000 ____D C:\Users\Jorge\Desktop\poke
2017-06-18 22:23 - 2017-06-25 21:47 - 00000000 ____D C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citra Development Team
2017-06-18 22:23 - 2017-06-25 21:47 - 00000000 ____D C:\Users\Jorge\AppData\Local\citra
2017-06-18 22:22 - 2017-06-18 22:23 - 27665920 _____ (Citra Development Team) C:\Users\Jorge\Downloads\CitraSetup.exe
2017-06-18 21:58 - 2017-06-18 21:58 - 11776427 _____ C:\Users\Jorge\Downloads\citra-windows-msvc-20170618-d0888f8.zip
2017-06-17 09:37 - 2017-06-17 09:44 - 665522087 _____ C:\Users\Jorge\Downloads\Qora 125.zip
2017-06-16 18:51 - 2017-06-16 18:51 - 00000000 ____D C:\Users\Jorge\Desktop\Alchemist
2017-06-16 18:44 - 2017-06-16 18:50 - 797192231 _____ C:\Users\Jorge\Downloads\Alchemist.rar
2017-06-16 18:44 - 2017-06-16 18:44 - 542823159 _____ C:\Users\Jorge\Downloads\MGA v1.2.1.rar
2017-06-16 18:44 - 2017-05-03 18:32 - 00000000 ____D C:\Users\Jorge\Desktop\MGA v1.2.1
2017-06-16 17:53 - 2017-06-16 18:01 - 1007078353 _____ C:\Users\Jorge\Downloads\XY Animated Sprite Sharpened 125 175b.rar
2017-06-16 17:53 - 2017-06-16 17:54 - 06531055 _____ C:\Users\Jorge\Downloads\Mellys UI Mega Overhaul Updated V1.1.rar
2017-06-16 17:53 - 2017-06-16 17:53 - 00247786 _____ C:\Users\Jorge\Downloads\BW Menu -WIP-.rar
2017-06-16 17:52 - 2017-06-16 17:53 - 122865652 _____ C:\Users\Jorge\Downloads\Pokemon Omicron 1.5.2 Windows.zip
2017-06-13 21:07 - 2017-06-13 21:07 - 11755504 _____ C:\Users\Jorge\Downloads\Ardos.x2m
2017-06-13 20:45 - 2017-06-13 20:45 - 15487662 _____ C:\Users\Jorge\Downloads\Vegito-Black-Mod-x2m-download (1).x2m
2017-06-13 20:45 - 2017-06-13 20:45 - 07744481 _____ C:\Users\Jorge\Downloads\Goku Black Blue By Gecko03J (1).rar
2017-06-13 20:44 - 2017-06-13 20:44 - 06587137 _____ C:\Users\Jorge\Downloads\Vegito-Absalon-Super-Saiyan-5.x2m
2017-06-13 20:31 - 2017-06-13 20:31 - 21715807 _____ C:\Users\Jorge\Downloads\XV2INS (1).rar
2017-06-13 20:31 - 2017-06-13 20:31 - 00602577 _____ C:\Users\Jorge\Downloads\xv2patcher_1.1 (1).rar
2017-06-13 20:07 - 2017-06-13 20:07 - 00000000 ___SD C:\Windows\UpdateAssistantV2
2017-06-13 18:31 - 2017-06-13 18:32 - 07744481 _____ C:\Users\Jorge\Downloads\Goku Black Blue By Gecko03J.rar
2017-06-13 18:31 - 2017-06-13 18:31 - 05704823 _____ C:\Users\Jorge\Downloads\SSGSS-Vegito-Whis-Symbol-Gi.x2m
2017-06-13 18:27 - 2017-06-13 18:27 - 14516992 _____ C:\Users\Jorge\Downloads\Adult-Goten-GT-BONUS.rar
2017-06-13 18:25 - 2017-06-13 18:25 - 06863618 _____ C:\Users\Jorge\Downloads\Rycele-Timelines-Hybrid.x2m
2017-06-13 18:25 - 2017-06-13 18:25 - 03476548 _____ C:\Users\Jorge\Downloads\Gast.x2m
2017-06-13 18:24 - 2017-06-13 18:24 - 04706556 _____ C:\Users\Jorge\Downloads\God of distruction Sidra.x2m
2017-06-13 18:23 - 2017-06-13 18:23 - 04677911 _____ C:\Users\Jorge\Downloads\SUPER-BABY-JANEMBA.zip
2017-06-13 18:23 - 2017-06-13 18:23 - 00211702 _____ C:\Users\Jorge\Downloads\Female-Super-Saiyan-4-Gogeta-Transformation-1234Fusion.x2m
2017-06-13 18:19 - 2017-06-13 18:19 - 08525653 _____ C:\Users\Jorge\Downloads\Baby-Goku-Black.x2m
2017-06-13 18:15 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-06-13 18:15 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2017-06-13 18:14 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-13 18:14 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-06-13 18:14 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-13 18:14 - 2017-06-03 06:06 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2017-06-13 18:14 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-13 18:14 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-06-13 18:14 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2017-06-13 18:14 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2017-06-13 18:14 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2017-06-13 18:14 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-13 18:14 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-06-13 18:14 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-06-13 18:14 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 18:14 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-06-13 18:14 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-06-13 18:14 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2017-06-13 18:14 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-13 18:14 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-13 18:14 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edputil.dll
2017-06-13 18:14 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-13 18:14 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBrokerUI.dll
2017-06-13 18:14 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2017-06-13 18:14 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2017-06-13 18:14 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-13 18:14 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-06-13 18:14 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-06-13 18:14 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-13 18:14 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-06-13 18:14 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-06-13 18:14 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll
2017-06-13 18:14 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-13 18:14 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-13 18:14 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2017-06-13 18:14 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-13 18:14 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-06-13 18:14 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hnetcfg.dll
2017-06-13 18:14 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-06-13 18:14 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-13 18:14 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-13 18:14 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-13 18:14 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-06-13 18:14 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2017-06-13 18:14 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-06-13 18:14 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-13 18:14 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2017-06-13 18:14 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2017-06-13 18:09 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-13 18:09 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-13 18:09 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-13 18:09 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-13 18:09 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-13 18:08 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-06-13 18:08 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-06-13 18:08 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-13 18:08 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2017-06-13 18:08 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-06-13 18:08 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-06-13 18:08 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-06-13 18:08 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2017-06-13 18:08 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-13 18:08 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-13 18:08 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-13 18:08 - 2017-06-03 06:01 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll
2017-06-13 18:08 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-06-13 18:08 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-13 18:08 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-13 18:08 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-06-13 18:08 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-06-13 18:08 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2017-06-13 18:08 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-06-13 18:08 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-06-13 18:08 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2017-06-13 18:08 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2017-06-13 18:08 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-13 18:08 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-06-13 18:08 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-06-13 18:08 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2017-06-13 18:08 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-06-13 18:08 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-13 18:08 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-06-13 18:08 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-06-13 18:08 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-06-13 18:08 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2017-06-13 18:08 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-06-13 18:08 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-06-13 18:08 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-13 18:08 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-06-13 18:08 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-06-13 18:08 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\edputil.dll
2017-06-13 18:08 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\AuthBrokerUI.dll
2017-06-13 18:08 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2017-06-13 18:08 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2017-06-13 18:08 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll
2017-06-13 18:08 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-06-13 18:08 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2017-06-13 18:08 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-06-13 18:08 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\HNetCfgClient.dll
2017-06-13 18:08 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-13 18:08 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-13 18:08 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2017-06-13 18:08 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-13 18:08 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-13 18:08 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2017-06-13 18:08 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-06-13 18:08 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2017-06-13 18:08 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-13 18:08 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-06-13 18:08 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-06-13 18:08 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2017-06-13 18:08 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-13 18:08 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-06-13 18:08 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-06-13 18:08 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-13 18:08 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-13 18:08 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-13 18:08 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-06-13 18:08 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll
2017-06-13 18:08 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-13 18:08 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-13 18:08 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-13 18:08 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-06-13 18:08 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-06-13 18:08 - 2017-06-03 02:08 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-06-13 18:08 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
2017-06-13 18:08 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2017-06-13 18:07 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2017-06-13 18:07 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-06-13 18:07 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-06-13 18:07 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-06-13 18:07 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-06-13 18:07 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2017-06-13 18:07 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2017-06-13 18:07 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2017-06-13 18:07 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2017-06-13 18:07 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-06-13 18:07 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-06-13 18:07 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-06-13 18:07 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-06-13 18:07 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-13 18:07 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2017-06-13 17:49 - 2017-06-13 17:49 - 06567064 _____ C:\Users\Jorge\Downloads\Syn Shron.x2m
2017-06-13 17:42 - 2017-06-13 17:42 - 09403317 _____ C:\Users\Jorge\Downloads\Bass.rar
2017-06-12 14:38 - 2017-06-12 14:38 - 00000000 ____D C:\Users\Jorge\AppData\Roaming\XV2INS
2017-06-12 14:32 - 2017-06-12 14:32 - 06018604 _____ C:\Users\Jorge\Downloads\Black-Goku-Villainous-and-ssw-mod.rar
2017-06-12 14:08 - 2017-06-12 14:09 - 08519094 _____ C:\Users\Jorge\Downloads\God-of-Destruction-Goku-Black-SSJ5-Look.zip
2017-06-12 14:07 - 2017-06-12 14:07 - 06721072 _____ C:\Users\Jorge\Downloads\Gogetto-Super-Saiyan-Blue-with-added-skills.x2m
2017-06-12 14:07 - 2017-06-12 14:07 - 04121301 _____ C:\Users\Jorge\Downloads\Fusion-of-the-Body-Snatchers-Baby-Vegetto-Black.x2m
2017-06-12 14:06 - 2017-06-12 14:07 - 15487662 _____ C:\Users\Jorge\Downloads\Vegito-Black-Mod-x2m-download.x2m
2017-06-12 14:05 - 2017-06-12 14:05 - 11815288 _____ C:\Users\Jorge\Downloads\Goku (SSJ1 - 2 - 3 - 4 - SSG - SSB - SSBK - SSBK x10).x2m
2017-06-12 14:04 - 2017-06-12 14:04 - 21385203 _____ C:\Users\Jorge\Downloads\Super-Saiyan-Green-Fusions-Pack.rar
2017-06-12 12:30 - 2017-06-12 12:30 - 03149824 _____ () C:\Users\Jorge\Desktop\pk3DS.exe
2017-06-12 11:44 - 2017-06-12 11:46 - 01310429 _____ C:\Users\Jorge\Downloads\PackEnglishV9.rar
2017-06-12 11:22 - 2017-06-20 21:58 - 00000000 ____D C:\Users\Jorge\AppData\Local\pk3DS
2017-06-12 11:21 - 2017-06-24 13:33 - 00000000 ____D C:\Users\Jorge\Desktop\Sun
2017-06-12 11:20 - 2017-06-12 11:20 - 01404238 _____ C:\Users\Jorge\Downloads\PK3DS.rar
2017-06-12 11:20 - 2017-06-12 11:20 - 01404238 _____ C:\Users\Jorge\Downloads\PK3DS (1).rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-12 13:58 - 2016-12-09 19:10 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-07-12 13:12 - 2016-07-16 07:36 - 00000000 ____D C:\Windows\CbsTemp
2017-07-12 13:09 - 2017-04-23 22:10 - 00000000 ____D C:\Windows\system32\MRT
2017-07-12 13:08 - 2017-04-23 22:10 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 12:52 - 2016-12-09 19:19 - 02559212 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-12 12:48 - 2017-03-28 11:08 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-12 12:46 - 2017-05-02 15:39 - 00000000 ____D C:\Users\Jorge\AppData\Local\Spotify
2017-07-12 12:46 - 2017-05-02 15:31 - 00000000 ____D C:\Users\Jorge\AppData\Roaming\Spotify
2017-07-12 12:46 - 2017-04-23 21:08 - 00000000 ____D C:\Users\Jorge\AppData\Roaming\uTorrent
2017-07-12 12:46 - 2017-04-23 20:28 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-12 12:45 - 2017-04-25 19:28 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-07-12 12:45 - 2016-12-09 19:10 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-12 12:45 - 2016-07-16 02:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-07-12 12:15 - 2017-04-23 19:44 - 00000000 ____D C:\Users\Jorge
2017-07-11 23:34 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-11 23:34 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\AppReadiness
2017-07-11 20:46 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF
2017-07-10 12:57 - 2017-04-23 19:48 - 00000000 ____D C:\Users\Jorge\AppData\Local\CrashDumps
2017-07-09 22:13 - 2017-04-25 19:29 - 00000000 ____D C:\Users\Jorge\Documents\My Games
2017-07-09 22:07 - 2017-04-23 21:00 - 00000000 ____D C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-09 12:58 - 2017-04-23 19:44 - 00000000 ____D C:\Users\Jorge\AppData\Local\Packages
2017-07-08 23:23 - 2017-05-10 15:23 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-08 23:23 - 2017-05-10 15:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-08 23:08 - 2016-07-16 07:47 - 00000000 __RSD C:\Windows\Media
2017-07-08 22:49 - 2017-04-30 11:18 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-07-01 13:04 - 2017-05-21 14:36 - 00000000 ____D C:\Users\Jorge\.MemuHyperv
2017-07-01 01:09 - 2017-05-31 21:23 - 00000000 ____D C:\Users\Jorge\Downloads\MEmu Download
2017-06-30 10:46 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-30 10:46 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-29 19:55 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\rescache
2017-06-29 19:31 - 2017-06-01 12:24 - 00004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 19:31 - 2017-03-28 11:13 - 00001492 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-06-29 19:31 - 2017-03-28 11:09 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 19:31 - 2017-03-28 11:09 - 00003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 19:31 - 2017-03-28 11:09 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 19:31 - 2017-03-28 11:09 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 19:31 - 2017-03-28 11:09 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 19:31 - 2017-03-28 11:09 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 19:31 - 2017-03-28 11:09 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 19:31 - 2017-03-28 11:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-29 19:31 - 2017-03-28 11:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-29 19:31 - 2017-03-28 11:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-28 00:00 - 2016-12-02 19:25 - 00000000 ____D C:\Windows\Panther
2017-06-27 23:48 - 2017-04-23 20:20 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-27 23:41 - 2017-04-23 20:20 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-27 23:41 - 2017-04-23 20:20 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-25 21:47 - 2017-04-23 20:22 - 00000000 ____D C:\Users\Jorge\AppData\Local\SquirrelTemp
2017-06-25 16:23 - 2017-06-10 10:35 - 00000000 ____D C:\Users\Jorge\Desktop\Citra
2017-06-22 21:11 - 2017-05-31 23:14 - 00000000 ____D C:\Windows\Minidump
2017-06-21 12:55 - 2017-04-23 19:44 - 00000000 ____D C:\Users\Jorge\AppData\Local\VirtualStore
2017-06-21 03:07 - 2017-03-28 11:09 - 01903224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-06-21 03:07 - 2017-03-28 11:09 - 01755256 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-06-21 03:07 - 2017-03-28 11:09 - 01489528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-06-21 03:07 - 2017-03-28 11:09 - 01317496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-06-21 03:07 - 2017-03-28 11:09 - 00121464 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-06-21 03:07 - 2017-03-28 11:07 - 00057976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-06-21 03:07 - 2017-03-28 11:07 - 00048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-06-20 16:58 - 2017-03-28 11:08 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-06-19 18:20 - 2017-04-23 19:47 - 00003290 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-19 18:20 - 2017-04-23 19:46 - 00002370 _____ C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-19 18:20 - 2017-04-23 19:46 - 00000000 ___RD C:\Users\Jorge\OneDrive
2017-06-13 21:40 - 2017-05-30 23:18 - 00000000 ____D C:\Users\Jorge\Desktop\Saves
2017-06-13 20:26 - 2016-12-09 19:13 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-13 20:08 - 2016-12-09 19:10 - 00194192 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-13 20:07 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-06-13 20:07 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-13 20:07 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\ShellExperiences
 
==================== Files in the root of some directories =======
 
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\Jorge\AppData\Local\report
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\1F070CDE.sys
C:\Windows\System32\Drivers\20E924DE.sys
C:\Windows\System32\Drivers\2B480CA3.sys
C:\Windows\System32\Drivers\339C06E2.sys
C:\Windows\System32\Drivers\49030CE1.sys
C:\Windows\System32\Drivers\4D82073F.sys
C:\Windows\System32\Drivers\55440CA7.sys
C:\Windows\System32\Drivers\5D9906E6.sys
C:\Windows\System32\Drivers\600C6D50.sys
C:\Windows\System32\Drivers\76ED24DA.sys
C:\Windows\System32\Drivers\777E0742.sys
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-11 21:25
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by Jorge (12-07-2017 14:07:23)
Running from C:\Users\Jorge\Desktop
Windows 10 Home Version 1607 (X64) (2017-04-23 23:42:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2446080125-493515187-2031211118-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2446080125-493515187-2031211118-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2446080125-493515187-2031211118-1001 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2446080125-493515187-2031211118-501 - Limited - Disabled)
Jorge (S-1-5-21-2446080125-493515187-2031211118-1002 - Administrator - Enabled) => C:\Users\Jorge
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Action Replay PowerSaves 3DS version 1.51 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.51 - Datel Design & Development)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.78 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.315.8233 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands The Pre-Sequel (HKLM-x32\...\Borderlands The Pre-Sequel_is1) (Version:  - )
Call of Duty: Black Ops III (HKLM\...\Steam App 311210) (Version:  - Treyarch)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Citra Edge (HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\citra) (Version: 0.1.394 - Citra Development Team)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DC Universe Online Live (HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\DG0-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Discord (HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
DRAGON BALL XENOVERSE 2 (HKLM-x32\...\DRAGON BALL XENOVERSE 2_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hex Workshop v6.8 (HKLM\...\{A36AC685-4435-4C16-861F-221231DE165D}) (Version: 6.8.0.5419 - BreakPoint Software)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{7B11A2EA-168E-442A-809E-5F8908A7504F}) (Version: 19.50.1 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Keysticks (HKLM-x32\...\{0CA309CD-E575-4066-9DB5-EDCB331F32EF}) (Version: 1.9 - Keysticks.net)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Marvel Heroes Game (HKLM-x32\...\{f8f040bd-5ced-4167-a116-592fce1698f4}_is1) (Version: 1.0 - Gazillion Entertainment)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
MEmu (HKLM-x32\...\MEmu) (Version: 3.0.7.0 - Microvirt Software Technology Co. Ltd.)
Microsoft OneDrive (HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Python 2.7 (64-bit) (HKLM\...\{20c31435-2a0a-4580-be8b-ac06fc243ca5}) (Version: 2.7.150 - Python Software Foundation)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
SPORE™ Collection (HKLM-x32\...\1948823323_is1) (Version: 2.0.0.5 - GOG.com)
Spotify (HKU\S-1-5-21-2446080125-493515187-2031211118-1002\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Binding of Isaac - Afterbirth Plus version 1.0 (HKLM-x32\...\The Binding of Isaac - Afterbirth Plus_is1) (Version: 1.0 - Nicalis Inc)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers01: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => C:\Program Files\BreakPoint Software\Hex Workshop v6.8\HWExt64.dll [2014-09-01] (BreakPoint Software, Inc.)
ContextMenuHandlers01: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => C:\Program Files\BreakPoint Software\Hex Workshop v6.8\HWExt64.dll [2014-09-01] (BreakPoint Software, Inc.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers03: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers04: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-02-23] (NVIDIA Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13DF51A1-39CD-4443-8A3F-C7C650EFB424} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2B33F03D-0B57-4E9C-BC84-919473FC4A82} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {3C77CDD2-40C0-40C8-8296-8363FFF67687} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {52BA152D-3A3C-4829-A342-4E196955E2B5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {59628744-B7E9-4BDD-B46A-AEDFD25BB730} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {59FF40A1-C10D-44E9-A450-1EDEA22D1024} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {68D3E247-DAC9-4CD9-8608-47F5D4560AF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {6A37EBE6-C7A5-4914-A034-170C8AB656BF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {8390A5EE-8C1E-4AD9-9FF5-31BAB7EE3AF2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {938D0523-21FA-454C-B4A3-C8562E2B0175} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {9B4E7C3F-6914-4C48-BCA8-B26788126443} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {9DEFF0C3-BE96-4650-862F-03BD7C2FD82C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {D5655995-470B-4EA5-9537-C529E99C9215} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {DD6ECFC6-425C-4555-8402-1437445399F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {EF16751F-673C-4B19-A488-E22C18395EC9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {F41AAA43-B408-4B83-9D01-6FACB87A330D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-06-13 18:08 - 2017-06-03 06:01 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-04-23 22:08 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-04-23 22:08 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-23 22:08 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-13 18:07 - 2017-06-03 04:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-13 18:07 - 2017-06-03 04:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-13 18:07 - 2017-06-03 04:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-21 10:21 - 2017-06-21 10:21 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 10:21 - 2017-06-21 10:21 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 10:21 - 2017-06-21 10:21 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 10:21 - 2017-06-21 10:21 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-12-09 19:19 - 2016-09-07 00:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-04-23 22:08 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-28 11:09 - 2017-06-21 03:07 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-06-27 23:41 - 2017-06-22 23:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 23:41 - 2017-06-22 23:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-03-28 11:09 - 2017-06-21 03:07 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2446080125-493515187-2031211118-1002\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 07:47 - 2017-05-13 12:17 - 00000828 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2446080125-493515187-2031211118-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1812DF71-55D0-4C23-8A0C-E87E0AEBDF9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{34DEFCC4-5916-4904-9245-3DA8DC037EA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{20397575-AD9B-4252-8E87-49D09BF83B4B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{283CF850-D95A-4F24-A530-37C53D6049AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B036AED9-E964-4F8D-8E7D-AFC75D01CB68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BCD72F3C-A980-492A-B4A5-8F9663AE4E94}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EFFCBBE1-152E-42E2-81DC-4F9D7F4B8780}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{493E76E7-BCE2-4646-8A59-62ACFE9105E8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A1105B1C-46DA-44BB-803C-06D2579A863B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B799D0AA-A0D7-4009-8B99-FC9BE2A9E99F}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0BAF4F38-FCC1-4E30-8E46-EE0A42CEC111}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6AE02861-2A43-44F0-AD49-EDACCC13B8FC}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E5A281D0-D41A-4AA6-963C-3601CD7E02D7}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{290E9EC0-4FF4-4EDD-BBF9-E237DB33891A}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{86984F5A-8FAA-4457-9A76-F5490FC85E1C}] => (Allow) C:\Users\Jorge\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0348FA95-58FD-438A-A5A5-8FCDE94CE1D4}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BD04AEC4-59FD-4CF1-879A-CEA367D349DD}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{8F95932B-4ABE-4DA9-8F56-0AE5DFA38ABC}D:\borderlands\bolanborderlan22d2gotyv1.8.4inclualldlc\igg-borderland2gotyv1.8.4inclualldlc\binaries\win32\borderlands2.exe] => (Allow) D:\borderlands\bolanborderlan22d2gotyv1.8.4inclualldlc\igg-borderland2gotyv1.8.4inclualldlc\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{A3F9A43E-4C6A-4C96-A266-A14B0D295815}D:\borderlands\bolanborderlan22d2gotyv1.8.4inclualldlc\igg-borderland2gotyv1.8.4inclualldlc\binaries\win32\borderlands2.exe] => (Allow) D:\borderlands\bolanborderlan22d2gotyv1.8.4inclualldlc\igg-borderland2gotyv1.8.4inclualldlc\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{991DA33A-8DB6-40EA-889D-39C6D1111677}C:\users\jorge\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jorge\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{41547B4B-F4EA-467D-82A7-FEF82BA1C433}C:\users\jorge\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jorge\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8BF54230-1C94-4427-B79B-67F99BE904A9}D:\games\call of duty world at war\codwawmp.exe] => (Allow) D:\games\call of duty world at war\codwawmp.exe
FirewallRules: [UDP Query User{BCF417F1-F85E-4C37-994D-40027D5FEB78}D:\games\call of duty world at war\codwawmp.exe] => (Allow) D:\games\call of duty world at war\codwawmp.exe
FirewallRules: [TCP Query User{E59FA80F-7DA9-491D-8775-D12C7FBF5210}D:\games\call of duty world at war\codwaw lanfixed.exe] => (Allow) D:\games\call of duty world at war\codwaw lanfixed.exe
FirewallRules: [UDP Query User{71CB6807-981E-4D3B-9C28-93A33B0C9FC7}D:\games\call of duty world at war\codwaw lanfixed.exe] => (Allow) D:\games\call of duty world at war\codwaw lanfixed.exe
FirewallRules: [{2100CF6C-9192-47FD-88E7-3FD8207361DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{028302ED-3AE0-4E2E-945F-7AE5DD656D92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D041C1B3-271C-40EC-9D84-C4DC15A4DCEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{50134CE0-7C68-44BF-88C2-0DE3F590A5EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CC62E3B2-689B-4F13-BB49-72848B1BD672}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{DC56A23F-E019-4382-B74D-4A955E6B583F}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{F05D8181-4AA1-4F6B-92E9-12CC3E992A61}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{41811205-129A-4EA9-967D-A3C3070CF415}C:\users\jorge\appdata\local\temp\rar$exa0.463\superhot.vr.v1.0.1\superhotvr.exe] => (Allow) C:\users\jorge\appdata\local\temp\rar$exa0.463\superhot.vr.v1.0.1\superhotvr.exe
FirewallRules: [UDP Query User{444E889D-391A-4832-9C87-1469E3B55E60}C:\users\jorge\appdata\local\temp\rar$exa0.463\superhot.vr.v1.0.1\superhotvr.exe] => (Allow) C:\users\jorge\appdata\local\temp\rar$exa0.463\superhot.vr.v1.0.1\superhotvr.exe
FirewallRules: [TCP Query User{F0154B36-BCCC-48E7-8414-03E8C5D68F68}D:\games\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe] => (Allow) D:\games\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe
FirewallRules: [UDP Query User{D6EBD57C-EBC9-4B76-97FF-AA818FC79661}D:\games\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe] => (Allow) D:\games\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe
FirewallRules: [TCP Query User{DFBF60F6-8C5A-4A21-A9F0-593B0D7FF65F}D:\games\borderlands pre\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\games\borderlands pre\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{182A00E7-BAA9-4CE5-A574-ADDAFA02ED90}D:\games\borderlands pre\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\games\borderlands pre\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{8ADCE37E-2E4A-40AE-8C69-056585173637}] => (Allow) D:\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{4D7B2834-0FB0-4111-A723-9DFB6AA26F47}] => (Allow) D:\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{FE5092D2-405C-4575-AD19-AE42C46A1DE2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{75636058-82C1-43F8-8DA6-4E92F4B9FC49}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{218B4906-AB36-4D8A-992A-431B253ED429}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{7CE914B5-15C5-4369-8BA1-545E349308DB}] => (Allow) D:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{B2ACAEA2-738C-4CFA-ABF5-10F34808F471}] => (Allow) D:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [TCP Query User{BF5EBCE9-5CFA-49AB-8ACB-668E2BE24970}C:\users\jorge\appdata\local\temp\rar$exa0.042\broforce.update.07.06.2017\broforce_beta.exe] => (Allow) C:\users\jorge\appdata\local\temp\rar$exa0.042\broforce.update.07.06.2017\broforce_beta.exe
FirewallRules: [UDP Query User{3D6F6E58-2D6C-4619-BAA9-AF4CD69F1C23}C:\users\jorge\appdata\local\temp\rar$exa0.042\broforce.update.07.06.2017\broforce_beta.exe] => (Allow) C:\users\jorge\appdata\local\temp\rar$exa0.042\broforce.update.07.06.2017\broforce_beta.exe
FirewallRules: [TCP Query User{05012118-2CE8-4A66-86AC-59FAF2D5EE79}C:\users\jorge\appdata\local\temp\rar$exa0.094\broforce.update.07.06.2017\broforce_beta.exe] => (Allow) C:\users\jorge\appdata\local\temp\rar$exa0.094\broforce.update.07.06.2017\broforce_beta.exe
FirewallRules: [UDP Query User{9C375FAE-7CA4-458C-9BEA-61F3C100A7ED}C:\users\jorge\appdata\local\temp\rar$exa0.094\broforce.update.07.06.2017\broforce_beta.exe] => (Allow) C:\users\jorge\appdata\local\temp\rar$exa0.094\broforce.update.07.06.2017\broforce_beta.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/12/2017 12:46:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/12/2017 12:46:32 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (07/12/2017 12:46:32 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (07/12/2017 12:46:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/12/2017 12:46:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/12/2017 12:46:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\Windows\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/12/2017 12:46:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/12/2017 12:16:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/12/2017 12:16:03 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (07/12/2017 12:16:03 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
 
System errors:
=============
Error: (07/12/2017 12:47:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/12/2017 12:47:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/12/2017 12:47:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (07/12/2017 12:46:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/12/2017 12:46:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/12/2017 12:45:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/12/2017 12:45:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/12/2017 12:45:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/12/2017 12:45:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/12/2017 12:45:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-12 14:07:17.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-12 14:07:17.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-12 14:05:08.610
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-12 14:05:08.610
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-12 14:04:29.124
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-12 14:04:29.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-10 12:40:01.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-10 12:40:01.579
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-08 23:17:32.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-08 23:17:32.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 20%
Total physical RAM: 16316.02 MB
Available physical RAM: 12942.35 MB
Total Virtual: 18748.02 MB
Available Virtual: 15364.39 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:118.92 GB) (Free:3.44 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:372.86 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 20D53566)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 AM

Posted 12 July 2017 - 01:53 PM

Almost done :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
How's your system behaving now? Are there any other issues to address?

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Hernandez_jorge

Hernandez_jorge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 12 July 2017 - 09:15 PM

sorry i was at work

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by Jorge (12-07-2017 15:02:33) Run:1
Running from C:\Users\Jorge\Desktop
Loaded Profiles: Jorge (Available Profiles: defaultuser0 & Jorge)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
 
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_011&type=mce_mceydef_15_18&param1=yhsbeacon&param2=f%3D7%26b%3DChrome%26cc%3DUS%26p%3Dmceyahoo%26cd%3D2XzuyEtN2Y1L1QzuyC0Dzy0AyBzyyCtBtGtDyE0FtAtGyD0EyBtAtG0AyCyEyBtGyBtB0DyC0Fzz0EzztC0F0B0CtN1L1G1B1V1N2Y1L1Qzu2StD0E0ByC0CtAtAtBtG0F0AyCzytGyE0F0B0AtGzytCyBzztGtAtB0A0ByCyE0FtA0C0A0CtC2QtN1Q2Zzu0StCtBtCyCtN1L2XzutAtFyDtFtDtFtByBtN1L1Czu%26cr%3D994707312%26a%3Dmce_mceydef_15_18
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_011&type=mce_mceydef_15_18&param1=yhsbeacon&param2=f%3D7%26b%3DChrome%26cc%3DUS%26p%3Dmceyahoo%26cd%3D2XzuyEtN2Y1L1QzuyC0Dzy0AyBzyyCtBtGtDyE0FtAtGyD0EyBtAtG0AyCyEyBtGyBtB0DyC0Fzz0EzztC0F0B0CtN1L1G1B1V1N2Y1L1Qzu2StD0E0ByC0CtAtAtBtG0F0AyCzytGyE0F0B0AtGzytCyBzztGtAtB0A0ByCyE0FtA0C0A0CtC2QtN1Q2Zzu0StCtBtCyCtN1L2XzutAtFyDtFtDtFtByBtN1L1Czu%26cr%3D994707312%26a%3Dmce_mceydef_15_18"
CHR NewTab: Default ->  Not-active:"chrome-extension://kglfgongebbmofodepapholflcjcjncf/index.html"
CHR DefaultSearchURL: Default -> hxxp://feed.combo-search.com?st=ds&q={searchTerms}&publisher=combosearch&barcodeid=516940000000000
CHR DefaultSearchKeyword: Default -> Combo Search
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers01: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers03: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers04: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Jorge\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
 
HKU\S-1-5-21-2446080125-493515187-2031211118-1002\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
 
C:\Program Files (x86)\GUM8EA7.tmp
C:\Users\Jorge\AppData\Local\rjkweiyc
C:\Users\Jorge\AppData\Local\ckbbkz
C:\Users\Jorge\AppData\Local\report
C:\Users\Jorge\AppData\Roaming\c
C:\Windows\System32\Drivers\1F070CDE.sys
C:\Windows\System32\Drivers\20E924DE.sys
C:\Windows\System32\Drivers\2B480CA3.sys
C:\Windows\System32\Drivers\339C06E2.sys
C:\Windows\System32\Drivers\49030CE1.sys
C:\Windows\System32\Drivers\4D82073F.sys
C:\Windows\System32\Drivers\55440CA7.sys
C:\Windows\System32\Drivers\5D9906E6.sys
C:\Windows\System32\Drivers\600C6D50.sys
C:\Windows\System32\Drivers\76ED24DA.sys
C:\Windows\System32\Drivers\777E0742.sys
 
EmptyTemp:


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 AM

Posted 13 July 2017 - 07:26 AM

Is that the whole fixlog.txt? This log contains only half of the information it should have. Can you attach it here?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users