AdwCleaner scan results

Renzore101 · Nov 19, 2016

Hello again CF,

Here we go again, so I figured I would post this thread just to play it safe, I ran the scans today per the sticky, Malwarebytes and JRT found nothing, however AdwCleaner did come back with a file, folder, and registry key. OTL log file is a ton of information and as I look through I get confused. Hopefully nothing malicious.

AdwCleaner log:

# AdwCleaner v6.030 - Logfile created 18/11/2016 at 21:13:00
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-18.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : renzo - DESKTOP-QP5U5KC
# Running from : C:\Users\renzo\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\renzo\ScreenShot

***** [ Files ] *****

[-] File deleted: C:\END

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2003 Bytes] - [11/11/2016 16:19:24]
C:\AdwCleaner\AdwCleaner[C2].txt - [1012 Bytes] - [18/11/2016 21:13:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [2016 Bytes] - [11/11/2016 16:18:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [1368 Bytes] - [18/11/2016 21:10:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1231 Bytes] ##########

Junkware Removal Tool log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x64
Ran by renzo (Administrator) on Sat 11/19/2016 at 1:30:46.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/19/2016 at 1:36:57.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/18/2016
Scan Time: 8:53 PM
Logfile: MBAM Log11-18-16-8-53-PM.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.19.01
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: renzo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298780
Time Elapsed: 3 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

OTL log :

OTL logfile created on: 11/19/2016 1:53:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\renzo\Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 13.82 Gb Available Physical Memory | 86.66% Memory free
18.32 Gb Paging File | 15.96 Gb Available in Paging File | 87.10% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215.44 Gb Total Space | 93.37 Gb Free Space | 43.34% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 58.21 Gb Free Space | 24.99% Space Free | Partition Type: NTFS
Drive F: | 419.18 Gb Total Space | 66.84 Gb Free Space | 15.95% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-QP5U5KC | User Name: renzo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\renzo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\bin\rubyw.exe (http://www.ruby-lang.org/)
PRC - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\bin\rubyw.exe (http://www.ruby-lang.org/)
PRC - C:\Users\renzo\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Electronic Arts)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Node.js)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe (The NWJS Community)
PRC - C:\Program Files\pia_manager\pia_manager.exe ()
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe (Check Point Software Technologies Ltd.)
PRC - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\bin\libffi-6.dll ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\src\rgloader\rgloader193.mswin.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\bin\zlib1.dll ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr70CB.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\bin\libffi-6.dll ()
MOD - C:\Users\renzo\AppData\Local\Temp\ocr4872.tmp\src\rgloader\rgloader193.mswin.so ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\NvContainer\poco.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll ()
MOD - \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node ()
MOD - \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node ()
MOD - \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvBackendAPINode.node ()
MOD - \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node ()
MOD - \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameStreamAPINode.node ()
MOD - \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node ()
MOD - \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvUtil.node ()
MOD - \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node ()
MOD - \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node ()
MOD - \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node ()
MOD - C:\Program Files\pia_manager\pia_manager.exe ()
MOD - C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll ()
MOD - C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (NVDisplay.ContainerLocalSystem) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation)
SRV:64bit: - (DbxSvc) -- C:\Windows\SysNative\DbxSvc.exe (Dropbox, Inc.)
SRV:64bit: - (wisvc) -- C:\Windows\SysNative\FlightSettings.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (FrameServer) -- C:\Windows\SysNative\FrameServer.dll (Microsoft Corporation)
SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (NvContainerNetworkService) -- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
SRV:64bit: - (NvContainerLocalSystem) -- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
SRV:64bit: - (NVIDIA Wireless Controller Service) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (NVIDIA Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc) -- C:\Windows\SysNative\cdpusersvc.dll (Microsoft Corporation)
SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (Sense) -- C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
SRV:64bit: - (RmSvc) -- C:\Windows\SysNative\RMapi.dll (Microsoft Corporation)
SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppVClient) -- C:\Windows\SysNative\AppVClient.exe (Microsoft Corporation)
SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Disc Soft Lite Bus Service) -- C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Disc Soft Ltd)
SRV:64bit: - (LogiRegistryService) -- C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Logitech Inc.)
SRV:64bit: - (UevAgentService) -- C:\Windows\SysNative\AgentService.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
SRV:64bit: - (shpamsvc) -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DcpSvc) -- C:\Windows\SysNative\dcpsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
SRV:64bit: - (WpnUserService_5396d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_5396d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_5396d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_5396d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_5396d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_5396d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc_5396d) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
SRV:64bit: - (tiledatamodelsvc) -- C:\Windows\SysNative\tileobjserver.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
SRV:64bit: - (TimeBrokerSvc) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (WpnUserService) -- C:\Windows\SysNative\WpnUserService.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
SRV:64bit: - (HvHost) -- C:\Windows\SysNative\hvhostsvc.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:64bit: - (panda_url_filtering) -- C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe (Visicom Media Inc.)
SRV:64bit: - (ISCTAgent) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (OverwolfUpdater) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf LTD)
SRV - (dbupdatem) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
SRV - (dbupdate) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
SRV - (Origin Web Helper Service) -- C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Electronic Arts)
SRV - (Origin Client Service) -- C:\Program Files (x86)\Origin\OriginClientService.exe (Electronic Arts)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd.)
SRV - (ZoneAlarm ICM Service) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe (Check Point Software Technologies Ltd.)
SRV - (ZAPrivacyService) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (PSUAService) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.)
SRV - (PandaAgent) -- C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.)
SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (nvlddmkm) -- C:\Windows\SysNative\DriverStore\FileRepository\nv_dispi.inf_amd64_410e5247be0e5f00\nvlddmkm.sys (NVIDIA Corporation)
DRV:64bit: - (dtliteusbbus) -- C:\Windows\SysNative\drivers\dtliteusbbus.sys (Disc Soft Ltd)
DRV:64bit: - (dtlitescsibus) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys (Disc Soft Ltd)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (iorate) -- C:\Windows\SysNative\drivers\iorate.sys (Microsoft Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (HWiNFO32) -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS (REALiX(tm))
DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (AppvStrm) -- C:\Windows\SysNative\drivers\AppVStrm.sys (Microsoft Corporation)
DRV:64bit: - (hvservice) -- C:\Windows\SysNative\drivers\hvservice.sys (Microsoft Corporation)
DRV:64bit: - (wcifs) -- C:\Windows\SysNative\drivers\wcifs.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (megasas2i) -- C:\Windows\SysNative\drivers\MegaSas2i.sys (Avago Technologies)
DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (LGJoyXlCore) -- C:\Windows\SysNative\drivers\LGJoyXlCore.sys (Logitech Inc.)
DRV:64bit: - (LGJoyHidFilter) -- C:\Windows\SysNative\drivers\LGJoyHidFilter.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies Ltd.)
DRV:64bit: - (PSKMAD) -- C:\Windows\SysNative\drivers\PSKMAD.sys (Panda Security, S.L.)
DRV:64bit: - (PSINReg) -- C:\Windows\SysNative\drivers\PSINReg.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\drivers\PSINProt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\drivers\PSINProc.sys (Panda Security, S.L.)
DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\drivers\PSINFile.sys (Panda Security, S.L.)
DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (MsSecFlt) -- C:\Windows\SysNative\drivers\mssecflt.sys (Microsoft Corporation)
DRV:64bit: - (UevAgentDriver) -- C:\Windows\SysNative\drivers\UevAgentDriver.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (AppvVemgr) -- C:\Windows\SysNative\drivers\AppvVemgr.sys (Microsoft Corporation)
DRV:64bit: - (AppvVfs) -- C:\Windows\SysNative\drivers\AppvVfs.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (applockerfltr) -- C:\Windows\SysNative\drivers\applockerfltr.sys (Microsoft Corporation)
DRV:64bit: - (ReFSv1) -- C:\WINDOWS\SysNative\drivers\refsv1.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (UcmTcpciCx0101) -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys (Microsoft Corporation)
DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (IndirectKmd) -- C:\Windows\SysNative\drivers\IndirectKmd.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (clreg) -- C:\Windows\SysNative\drivers\registry.sys (Microsoft Corporation)
DRV:64bit: - (wcnfs) -- C:\Windows\SysNative\drivers\wcnfs.sys (Microsoft Corporation)
DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (NetAdapterCx) -- C:\Windows\SysNative\drivers\NetAdapterCx.sys ()
DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbflt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\drivers\e1i63x64.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys (Intel Corporation)
DRV:64bit: - (dc1-controller) -- C:\Windows\SysNative\drivers\dc1-controller.sys (Microsoft Corp.)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iagpio) -- C:\Windows\SysNative\drivers\iagpio.sys (Intel(R) Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (cht4vbd) -- C:\Windows\SysNative\drivers\cht4vx64.sys (Chelsio Communications)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
DRV:64bit: - (cht4iscsi) -- C:\Windows\SysNative\drivers\cht4sx64.sys (Chelsio Communications)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (scmdisk0101) -- C:\Windows\SysNative\drivers\scmdisk0101.sys (Microsoft Corporation)
DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
DRV:64bit: - (scmbus) -- C:\Windows\SysNative\drivers\scmbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (Avago Technologies)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AcpiDev) -- C:\Windows\SysNative\drivers\AcpiDev.sys (Microsoft Corporation)
DRV:64bit: - (volume) -- C:\Windows\SysNative\drivers\volume.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (bcmfn) -- C:\Windows\SysNative\drivers\bcmfn.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (QLogic Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (vmgid) -- C:\Windows\SysNative\drivers\vmgid.sys (Microsoft Corporation)
DRV:64bit: - (NNSPIHSW) -- C:\Windows\SysNative\drivers\nnspihsw.sys (Panda Security, S.L.)
DRV:64bit: - (NNSSTRM) -- C:\Windows\SysNative\drivers\nnsstrm.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPRV) -- C:\Windows\SysNative\drivers\nnsprv.sys (Panda Security, S.L.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys (Intel Corporation)
DRV:64bit: - (NNSTLSC) -- C:\Windows\SysNative\drivers\nnstlsc.sys (Panda Security, S.L.)
DRV:64bit: - (NNSSMTP) -- C:\Windows\SysNative\drivers\nnssmtp.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPROT) -- C:\Windows\SysNative\drivers\nnsprot.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPOP3) -- C:\Windows\SysNative\drivers\nnspop3.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPICC) -- C:\Windows\SysNative\drivers\nnspicc.sys (Panda Security, S.L.)
DRV:64bit: - (NNSIDS) -- C:\Windows\SysNative\drivers\nnsids.sys (Panda Security, S.L.)
DRV:64bit: - (NNSHTTPS) -- C:\Windows\SysNative\drivers\nnshttps.sys (Panda Security, S.L.)
DRV:64bit: - (NNSHTTP) -- C:\Windows\SysNative\drivers\nnshttp.sys (Panda Security, S.L.)
DRV:64bit: - (NNSALPC) -- C:\Windows\SysNative\drivers\nnsalpc.sys (Panda Security, S.L.)
DRV:64bit: - (LGCoreTemp) -- C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys (Logitech)
DRV:64bit: - (NNSNAHSL) -- C:\Windows\SysNative\drivers\NNSNAHSL.sys (Panda Security, S.L.)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (Riverbed Technology, Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys ()
DRV:64bit: - (INETMON) -- C:\Windows\SysNative\drivers\INETMON.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
DRV:64bit: - (panda_url_filteringd) -- C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringd.sys (Visicom Media Inc.)
DRV:64bit: - (e1dexpress) -- C:\Windows\SysNative\drivers\e1d64x64.sys (Intel Corporation)
DRV:64bit: - (asstor64) -- C:\Windows\SysNative\drivers\asstor64.sys (Asmedia Technology)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV - (AsrDrv101) -- C:\Windows\SysWOW64\drivers\AsrDrv101.sys (ASRock Incorporation)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_410e5247be0e5f00\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CompositeBus) -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 83 9A 20 36 54 3C D2 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 48 00 00 00 1C E3 1D 5E 07 11 00 0F 4C C5 28 FA 0E 19 D5 6B C3 CE B9 FF 8C 8E E8 B7 79 5F B8 B4 13 81 D7 34 0A A4 E7 C7 B8 FF 42 F7 90 13 AE 36 F4 9D BC D7 5F C6 4E FF FB 23 F5 8C 67 F9 A2 43 32 28 57 08 91 25 C2 19 8E B8 C9 9F 02 00 00 00 0E 00 00 00 72 68 34 59 42 33 52 67 42 32 41 25 33 64 [Binary data over 200 bytes]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.85.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.5.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\renzo\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2016/10/14 18:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\renzo\AppData\Roaming\mozilla\Extensions
[2016/11/02 18:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\renzo\AppData\Roaming\mozilla\Firefox\Profiles\i8ygbgna.default\extensions
[2016/10/14 18:36:35 | 000,000,000 | ---D | M] (All Aboard) -- C:\Users\renzo\AppData\Roaming\mozilla\Firefox\Profiles\i8ygbgna.default\extensions\@all-aboard-v1-2
[2016/10/29 12:11:50 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\renzo\AppData\Roaming\mozilla\Firefox\Profiles\i8ygbgna.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2016/10/14 18:38:00 | 009,296,122 | ---- | M] () (No name found) -- C:\Users\renzo\AppData\Roaming\mozilla\firefox\profiles\i8ygbgna.default\extensions\[email protected]
[2016/10/22 21:02:00 | 000,890,817 | ---- | M] () (No name found) -- C:\Users\renzo\AppData\Roaming\mozilla\firefox\profiles\i8ygbgna.default\extensions\[email protected]
[2016/10/15 13:15:38 | 000,106,840 | ---- | M] () (No name found) -- C:\Users\renzo\AppData\Roaming\mozilla\firefox\profiles\i8ygbgna.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2016/11/02 18:48:45 | 000,879,779 | ---- | M] () (No name found) -- C:\Users\renzo\AppData\Roaming\mozilla\firefox\profiles\i8ygbgna.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2016/11/02 12:15:45 | 000,005,389 | ---- | M] () (No name found) -- C:\Users\renzo\AppData\Roaming\mozilla\firefox\profiles\i8ygbgna.default\features\{e3a78e82-2afe-4557-a7af-45b7599adf61}\[email protected]
[2016/10/22 12:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2016/10/22 12:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2016/10/22 12:04:40 | 000,000,000 | ---D | M] (All Aboard) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\@all-aboard-v1-2

========== Chrome ==========

CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\
CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok\2.0.43_0\
CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\
CHR - Extension: No name found = C:\Users\renzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.46_0\

O1 HOSTS File: ([2015/10/30 02:21:30 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Panda Safe Web) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Panda Safe Web) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll File not found
O4:64bit: - HKLM..\Run: [CNAP3 Launcher] C:\Windows\SysNative\spool\drivers\x64\3\CNAP3LAK.EXE (CANON INC.)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISCT Tray] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Dropbox] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite Automount] C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [OneDrive] C:\Users\renzo\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\renzo\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\renzo\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Users\renzo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\RunOnce: [Application Restart #0] C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe (The NWJS Community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.222.18.222 209.222.18.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19b9c11a-230f-45b4-a353-86634631cb2c}: DhcpNameServer = 209.222.18.222 209.222.18.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8aa2a6aa-9313-4571-81ea-ea5bdc057ffa}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\mso-minsb.16 - No CLSID value found
O18:64bit: - Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/11/19 01:20:54 | 000,022,280 | ---- | C] (ASRock Incorporation) -- C:\WINDOWS\SysWow64\drivers\AsrDrv101.sys
[2016/11/19 01:14:01 | 000,042,624 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\SysNative\drivers\PsBoot.sys
[2016/11/18 23:31:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2016/11/18 23:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2016/11/18 23:31:09 | 003,262,184 | ---- | C] (Yamaha Corporation) -- C:\WINDOWS\SysNative\YamahaAE2.dll
[2016/11/18 23:31:09 | 002,162,992 | ---- | C] (Yamaha Corporation) -- C:\WINDOWS\SysNative\YamahaAE.dll
[2016/11/18 23:31:09 | 002,101,848 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\WavesGUILib64.dll
[2016/11/18 23:31:09 | 001,413,776 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRRPTR64.dll
[2016/11/18 23:31:09 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSTSX64.dll
[2016/11/18 23:31:09 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSTSH64.dll
[2016/11/18 23:31:09 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSHP64.dll
[2016/11/18 23:31:09 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSWOW64.dll
[2016/11/18 23:31:08 | 001,104,040 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\slcnt64.dll
[2016/11/18 23:31:08 | 000,943,784 | ---- | C] (DTS, Inc.) -- C:\WINDOWS\SysNative\sl3apo64.dll
[2016/11/18 23:31:08 | 000,858,256 | ---- | C] (Sound Research, Corp.) -- C:\WINDOWS\SysNative\SEHDRA64.dll
[2016/11/18 23:31:08 | 000,734,376 | ---- | C] (DTS, Inc.) -- C:\WINDOWS\SysNative\sltech64.dll
[2016/11/18 23:31:08 | 000,684,176 | ---- | C] (Sound Research, Corp.) -- C:\WINDOWS\SysNative\SECOMN64.dll
[2016/11/18 23:31:08 | 000,555,664 | ---- | C] (Sound Research, Corp.) -- C:\WINDOWS\SysWow64\SECOMN32.DLL
[2016/11/18 23:31:08 | 000,454,288 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRAPO64.dll
[2016/11/18 23:31:08 | 000,435,856 | ---- | C] (Sound Research, Corp.) -- C:\WINDOWS\SysNative\SEAPO64.dll
[2016/11/18 23:31:08 | 000,369,296 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRCOM64.dll
[2016/11/18 23:31:08 | 000,329,360 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysWow64\SRCOM.dll
[2016/11/18 23:31:08 | 000,329,360 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SRCOM.dll
[2016/11/18 23:31:08 | 000,250,536 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\SysNative\slprp64.dll
[2016/11/18 23:31:08 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SFNHK64.dll
[2016/11/18 23:31:08 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SFCOM64.dll
[2016/11/18 23:31:08 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\WINDOWS\SysNative\SFAPO64.dll
[2016/11/18 23:31:08 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\WINDOWS\SysWow64\SFCOM.dll
[2016/11/18 23:31:07 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\R4EEP64A.dll
[2016/11/18 23:31:07 | 005,714,880 | ---- | C] (Nahimic Inc) -- C:\WINDOWS\SysNative\NAHIMICV2apo.dll
[2016/11/18 23:31:07 | 000,995,120 | ---- | C] (Nahimic Inc) -- C:\WINDOWS\SysNative\NahimicAPONSControl.dll
[2016/11/18 23:31:07 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\R4EED64A.dll
[2016/11/18 23:31:07 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEP64A.dll
[2016/11/18 23:31:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DHT64.dll
[2016/11/18 23:31:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DAA64.dll
[2016/11/18 23:31:07 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEED64A.dll
[2016/11/18 23:31:07 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\R4EEL64A.dll
[2016/11/18 23:31:07 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\R4EEA64A.dll
[2016/11/18 23:31:07 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEL64A.dll
[2016/11/18 23:31:07 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEG64A.dll
[2016/11/18 23:31:07 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\R4EEG64A.dll
[2016/11/18 23:31:06 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioRealtek64.dll
[2016/11/18 23:31:06 | 012,996,528 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxVoiceAPO3064.dll
[2016/11/18 23:31:06 | 012,834,736 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxVoiceAPO4064.dll
[2016/11/18 23:31:06 | 005,234,952 | ---- | C] (Nahimic Inc) -- C:\WINDOWS\SysNative\NAHIMICAPOlfx.dll
[2016/11/18 23:31:06 | 002,789,808 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPO7064.dll
[2016/11/18 23:31:06 | 002,041,432 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioEQ64.dll
[2016/11/18 23:31:06 | 001,374,640 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPO6064.dll
[2016/11/18 23:31:06 | 001,313,904 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxSpeechAPO64.dll
[2016/11/18 23:31:06 | 001,192,368 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPO5064.dll
[2016/11/18 23:31:06 | 001,145,264 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPO4064.dll
[2016/11/18 23:31:06 | 000,980,400 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxVoiceAPO2064.dll
[2016/11/18 23:31:06 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPOShell64.dll
[2016/11/18 23:31:06 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPO30.dll
[2016/11/18 23:31:06 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxVolumeSDAPO.dll
[2016/11/18 23:31:06 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\WINDOWS\SysNative\KAAPORT64.dll
[2016/11/18 23:31:06 | 000,349,528 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\HiFiDAX2API.dll
[2016/11/18 23:31:06 | 000,328,816 | ---- | C] (ICEpower a/s) -- C:\WINDOWS\SysNative\ICEsoundAPO64.dll
[2016/11/18 23:31:06 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPO20.dll
[2016/11/18 23:31:04 | 003,195,416 | ---- | C] (Fortemedia Corporation) -- C:\WINDOWS\SysNative\FMAPO64.dll
[2016/11/18 23:31:04 | 001,756,264 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSS2SpeakerDLL64.dll
[2016/11/18 23:31:04 | 001,568,360 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSS2HeadphoneDLL64.dll
[2016/11/18 23:31:04 | 000,712,296 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSSymmetryDLL64.dll
[2016/11/18 23:31:04 | 000,693,352 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSVoiceClarityDLL64.dll
[2016/11/18 23:31:04 | 000,501,184 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSU2PLFX64.dll
[2016/11/18 23:31:04 | 000,491,112 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSNeoPCDLL64.dll
[2016/11/18 23:31:04 | 000,487,360 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSU2PGFX64.dll
[2016/11/18 23:31:04 | 000,432,744 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSLimiterDLL64.dll
[2016/11/18 23:31:04 | 000,428,648 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSGainCompensatorDLL64.dll
[2016/11/18 23:31:04 | 000,415,680 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSU2PREC64.dll
[2016/11/18 23:31:04 | 000,242,792 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSLFXAPO64.dll
[2016/11/18 23:31:04 | 000,242,792 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSGFXAPO64.dll
[2016/11/18 23:31:04 | 000,241,768 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSGFXAPONS64.dll
[2016/11/18 23:31:03 | 007,087,448 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPP64A.dll
[2016/11/18 23:31:03 | 006,255,888 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPP64AF3.dll
[2016/11/18 23:31:03 | 002,461,528 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DolbyDAX2APOv211.dll
[2016/11/18 23:31:03 | 002,393,432 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DolbyDAX2APOv201.dll
[2016/11/18 23:31:03 | 001,939,800 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPD64A.dll
[2016/11/18 23:31:03 | 001,933,584 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPD64AF3.dll
[2016/11/18 23:31:03 | 001,486,952 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSBoostDLL64.dll
[2016/11/18 23:31:03 | 000,944,984 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DolbyDAX2APOProp.dll
[2016/11/18 23:31:03 | 000,728,680 | ---- | C] (DTS) -- C:\WINDOWS\SysNative\DTSBassEnhancementDLL64.dll
[2016/11/18 23:31:03 | 000,349,968 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPO64AF3.dll
[2016/11/18 23:31:03 | 000,315,736 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPO64A.dll
[2016/11/18 23:31:03 | 000,298,768 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPA64F3.dll
[2016/11/18 23:31:03 | 000,261,464 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPA64.dll
[2016/11/18 23:31:03 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\WINDOWS\SysNative\CONEQMSAPOGUILibrary.dll
[2016/11/18 23:31:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2016/11/18 22:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\DAX2
[2016/11/18 22:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2016/11/18 21:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2016/11/18 21:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016/11/18 21:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2016/11/18 21:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2016/11/18 21:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2016/11/18 21:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2016/11/18 21:33:20 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Local\Intel_Corporation
[2016/11/18 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VulkanRT
[2016/11/18 04:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2016/11/13 22:54:59 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\.mono
[2016/11/13 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2016/11/13 22:54:55 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Local\Colossal Order
[2016/11/13 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Local\Skyrim Special Edition
[2016/11/13 16:20:31 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2016/11/12 20:59:31 | 000,000,000 | ---D | C] -- C:\Users\renzo\Documents\BeamNG.drive
[2016/11/12 17:51:45 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Local\Disc_Soft_Ltd
[2016/11/12 16:11:00 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\vlc
[2016/11/12 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2016/11/12 16:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2016/11/12 00:08:40 | 000,000,000 | ---D | C] -- C:\Users\renzo\Documents\Diablo II
[2016/11/12 00:08:20 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
[2016/11/12 00:06:36 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2016/11/12 00:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2016/11/12 00:03:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Daemon Tools Images
[2016/11/12 00:03:41 | 000,047,672 | ---- | C] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtliteusbbus.sys
[2016/11/12 00:03:37 | 000,030,264 | ---- | C] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtlitescsibus.sys
[2016/11/12 00:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2016/11/12 00:03:35 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\DAEMON Tools Lite
[2016/11/12 00:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2016/11/12 00:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2016/11/11 21:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Warrior 2 [GOG.com]
[2016/11/11 21:54:09 | 000,000,000 | ---D | C] -- C:\GOG Games
[2016/11/11 21:27:57 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Local\Battle.net
[2016/11/11 21:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2016/11/11 21:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2016/11/11 21:27:05 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\Battle.net
[2016/11/11 17:45:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appmgmt
[2016/11/11 16:18:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/11/11 16:13:34 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2016/11/11 16:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/11/11 16:13:25 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2016/11/11 16:13:25 | 000,065,408 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2016/11/11 16:13:25 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2016/11/11 16:13:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/11/11 16:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/11/11 16:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2016/11/11 15:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2016/11/11 15:53:29 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Local\Citrix
[2016/11/11 15:03:34 | 000,000,000 | --SD | C] -- C:\Users\renzo\Documents\My Shapes
[2016/11/09 14:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
[2016/11/07 17:49:08 | 000,075,888 | ---- | C] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-stable.sys
[2016/11/07 17:49:08 | 000,075,888 | ---- | C] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-dev.sys
[2016/11/07 17:49:08 | 000,075,888 | ---- | C] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-canary.sys
[2016/11/07 17:49:04 | 000,042,096 | ---- | C] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\DbxSvc.exe
[2016/11/06 12:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
[2016/11/05 21:44:00 | 000,000,000 | ---D | C] -- C:\Users\renzo\Documents\Diablo III
[2016/11/05 16:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2016/11/05 16:03:20 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Local\Blizzard Entertainment
[2016/11/05 16:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2016/11/05 16:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2016/11/05 16:00:32 | 003,126,768 | ---- | C] (Blizzard Entertainment) -- C:\Users\renzo\Documents\Battle.net-Setup.exe
[2016/11/01 17:09:53 | 000,000,000 | ---D | C] -- C:\Users\renzo\Documents\Electronic Arts
[2016/10/29 11:59:31 | 000,000,000 | R--D | C] -- C:\Users\renzo\Dropbox
[2016/10/29 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\Dropbox
[2016/10/29 11:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
[2016/10/29 11:52:32 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Local\Dropbox
[2016/10/29 11:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Dropbox
[2016/10/29 11:52:29 | 000,690,072 | ---- | C] (Dropbox, Inc.) -- C:\Users\renzo\Documents\DropboxInstaller.exe
[2016/10/27 19:32:43 | 000,000,000 | ---D | C] -- C:\Users\renzo\Documents\Custom Office Templates
[2016/10/24 19:22:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\directx
[2016/10/24 19:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
[2016/10/24 19:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA
[2016/10/23 09:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2016/10/23 09:20:17 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Local\Logitech
[2016/10/23 09:18:51 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
[2016/10/23 09:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Overwolf
[2016/10/23 09:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Overwolf
[2016/10/23 09:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Overwolf
[2016/10/23 09:18:15 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Local\Overwolf
[2016/10/23 09:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2016/10/23 09:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2016/10/23 09:17:13 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\Logitech
[2016/10/23 09:17:13 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\Logishrd
[2016/10/23 03:48:19 | 000,447,752 | ---- | C] (On2.com) -- C:\WINDOWS\SysWow64\vp6vfw.dll
[2016/10/23 03:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
[2016/10/23 00:31:58 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2016/10/23 00:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
[2016/10/23 00:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2016/10/22 18:03:00 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\uTorrent
[2016/10/22 12:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/10/21 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\renzo\Documents\Battlefield 1
[2016/10/21 20:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2016/10/21 19:06:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2016/10/21 19:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1
[2016/10/21 16:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2016/10/21 16:50:13 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Roaming\Origin
[2016/10/21 16:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2016/10/21 16:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2016/10/21 16:47:59 | 000,000,000 | ---D | C] -- C:\Users\renzo\.QtWebEngineProcess
[2016/10/21 16:47:57 | 000,000,000 | ---D | C] -- C:\Users\renzo\.Origin
[2016/10/21 16:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2016/10/21 16:47:52 | 000,000,000 | ---D | C] -- C:\Users\renzo\AppData\Local\Origin
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/11/19 01:45:23 | 001,432,864 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016/11/19 01:45:23 | 001,156,638 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016/11/19 01:45:23 | 000,269,998 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016/11/19 01:41:22 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/11/19 01:39:39 | 000,022,280 | ---- | M] (ASRock Incorporation) -- C:\WINDOWS\SysWow64\drivers\AsrAutoChkUpdDrv.sys
[2016/11/19 01:39:20 | 2555,351,039 | -HS- | M] () -- C:\hiberfil.sys
[2016/11/19 01:39:20 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2016/11/19 01:20:54 | 000,022,280 | ---- | M] (ASRock Incorporation) -- C:\WINDOWS\SysWow64\drivers\AsrDrv101.sys
[2016/11/19 01:20:51 | 009,772,576 | ---- | M] () -- C:\Users\renzo\Desktop\Z97Ex4250.exe
[2016/11/18 21:46:55 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/11/18 21:46:53 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2016/11/18 21:35:32 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2016/11/18 21:27:54 | 000,006,988 | ---- | M] () -- C:\Users\renzo\Desktop\mobo error at boot.PNG
[2016/11/18 21:05:32 | 000,001,304 | ---- | M] () -- C:\Users\renzo\Desktop\MBAM Log11-18-16-8-53-PM.xml
[2016/11/18 20:53:25 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2016/11/16 21:06:11 | 040,123,840 | ---- | M] () -- C:\WINDOWS\SysNative\nvcompiler.dll
[2016/11/16 21:06:11 | 035,224,632 | ---- | M] () -- C:\WINDOWS\SysWow64\nvcompiler.dll
[2016/11/16 21:06:11 | 000,042,296 | ---- | M] () -- C:\WINDOWS\SysNative\nvinfo.pb
[2016/11/16 19:58:35 | 000,001,951 | ---- | M] () -- C:\WINDOWS\NvContainerRecovery.bat
[2016/11/16 04:52:28 | 007,529,957 | ---- | M] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2016/11/15 17:27:13 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 1.lnk
[2016/11/15 17:18:53 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 4.lnk
[2016/11/14 20:35:14 | 000,002,260 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/11/13 16:20:31 | 000,000,222 | ---- | M] () -- C:\Users\renzo\Desktop\The Elder Scrolls V Skyrim Special Edition.url
[2016/11/13 14:53:21 | 000,001,485 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2016/11/12 17:04:00 | 000,000,650 | ---- | M] () -- C:\Users\renzo\Desktop\Diablo II - Lord of Destruction.lnk
[2016/11/12 00:08:37 | 000,026,221 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2016/11/12 00:06:36 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2016/11/12 00:06:36 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2016/11/12 00:03:41 | 000,047,672 | ---- | M] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtliteusbbus.sys
[2016/11/12 00:03:37 | 000,030,264 | ---- | M] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtlitescsibus.sys
[2016/11/12 00:03:36 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2016/11/11 22:34:11 | 000,021,840 | ---- | M] () -- C:\WINDOWS\SysWow64\SIntfNT.dll
[2016/11/11 22:34:11 | 000,017,212 | ---- | M] () -- C:\WINDOWS\SysWow64\SIntf32.dll
[2016/11/11 22:34:11 | 000,012,067 | ---- | M] () -- C:\WINDOWS\SysWow64\SIntf16.dll
[2016/11/11 21:57:10 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\Shadow Warrior 2.lnk
[2016/11/11 21:27:52 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2016/11/11 16:22:56 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job
[2016/11/11 16:22:56 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job
[2016/11/11 16:19:51 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job
[2016/11/11 16:13:26 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/11/09 22:37:12 | 001,045,923 | ---- | M] () -- C:\Users\renzo\Documents\20161109_223506.jpg
[2016/11/09 17:31:26 | 000,381,680 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016/11/09 17:31:26 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job
[2016/11/09 17:31:26 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/11/07 17:49:08 | 000,075,888 | ---- | M] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-stable.sys
[2016/11/07 17:49:08 | 000,075,888 | ---- | M] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-dev.sys
[2016/11/07 17:49:08 | 000,075,888 | ---- | M] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-canary.sys
[2016/11/07 17:49:04 | 000,042,096 | ---- | M] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\DbxSvc.exe
[2016/11/06 12:49:59 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Public Test.lnk
[2016/11/05 16:24:10 | 000,000,705 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2016/11/05 16:00:38 | 003,126,768 | ---- | M] (Blizzard Entertainment) -- C:\Users\renzo\Documents\Battle.net-Setup.exe
[2016/11/02 10:56:00 | 000,389,408 | RHS- | M] () -- C:\bootmgr
[2016/11/02 03:20:41 | 000,446,896 | ---- | M] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2016/10/29 12:27:00 | 000,029,850 | ---- | M] () -- C:\Users\renzo\Documents\RoutePath Puzzler.pdf
[2016/10/29 11:59:31 | 000,001,299 | ---- | M] () -- C:\Users\renzo\Desktop\Dropbox.lnk
[2016/10/29 11:52:31 | 000,690,072 | ---- | M] (Dropbox, Inc.) -- C:\Users\renzo\Documents\DropboxInstaller.exe
[2016/10/27 21:12:20 | 000,015,425 | ---- | M] () -- C:\WINDOWS\SysNative\OEMDefaultAssociations.xml
[2016/10/25 18:40:39 | 000,002,356 | ---- | M] () -- C:\Users\renzo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/10/25 15:18:30 | 000,121,912 | ---- | M] () -- C:\WINDOWS\SysNative\NvRtmpStreamer64.dll
[2016/10/24 19:22:52 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\EVGA Precision XOC.lnk
[2016/10/24 19:22:51 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Skin Tool.lnk
[2016/10/23 09:18:52 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Overwolf.lnk
[2016/10/23 00:31:58 | 000,000,755 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2016/10/23 00:31:43 | 000,281,872 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2016/10/23 00:31:36 | 000,281,872 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2016/10/23 00:31:36 | 000,076,888 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2016/10/22 18:03:19 | 000,002,684 | ---- | M] () -- C:\Users\renzo\Desktop\µTorrent.lnk
[2016/10/22 18:03:19 | 000,002,684 | ---- | M] () -- C:\Users\renzo\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2016/10/21 21:29:45 | 000,000,600 | ---- | M] () -- C:\Users\renzo\AppData\Local\PUTTY.RND
[2016/10/21 16:49:53 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/11/18 23:31:08 | 005,804,772 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\rtvienna.dat
[2016/11/18 23:31:08 | 003,091,915 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\rtkSSTsetting.dat
[2016/11/18 23:31:07 | 038,974,301 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\RTAIODAT.DAT
[2016/11/18 23:31:03 | 000,109,848 | ---- | C] () -- C:\WINDOWS\SysNative\AcpiServiceVnA64.dll
[2016/11/18 23:31:03 | 000,096,568 | ---- | C] () -- C:\WINDOWS\SysNative\audioLibVc.dll
[2016/11/18 21:46:55 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/11/18 21:46:53 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2016/11/18 21:35:32 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2016/11/18 21:27:54 | 000,006,988 | ---- | C] () -- C:\Users\renzo\Desktop\mobo error at boot.PNG
[2016/11/18 21:05:32 | 000,001,304 | ---- | C] () -- C:\Users\renzo\Desktop\MBAM Log11-18-16-8-53-PM.xml
[2016/11/18 17:41:32 | 000,269,600 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkan-1.dll
[2016/11/18 17:41:32 | 000,261,920 | ---- | C] () -- C:\WINDOWS\SysNative\vulkan-1.dll
[2016/11/18 17:41:32 | 000,125,216 | ---- | C] () -- C:\WINDOWS\SysNative\vulkaninfo.exe
[2016/11/18 17:41:32 | 000,110,880 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkaninfo.exe
[2016/11/18 17:39:16 | 040,123,840 | ---- | C] () -- C:\WINDOWS\SysNative\nvcompiler.dll
[2016/11/18 17:39:16 | 035,224,632 | ---- | C] () -- C:\WINDOWS\SysWow64\nvcompiler.dll
[2016/11/13 16:20:31 | 000,000,222 | ---- | C] () -- C:\Users\renzo\Desktop\The Elder Scrolls V Skyrim Special Edition.url
[2016/11/13 14:53:21 | 000,001,485 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2016/11/13 14:53:19 | 000,121,912 | ---- | C] () -- C:\WINDOWS\SysNative\NvRtmpStreamer64.dll
[2016/11/13 14:53:09 | 000,001,951 | ---- | C] () -- C:\WINDOWS\NvContainerRecovery.bat
[2016/11/12 00:08:20 | 000,000,650 | ---- | C] () -- C:\Users\renzo\Desktop\Diablo II - Lord of Destruction.lnk
[2016/11/12 00:06:37 | 000,026,221 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2016/11/12 00:06:36 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2016/11/12 00:03:36 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2016/11/11 22:31:21 | 000,021,840 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntfNT.dll
[2016/11/11 22:31:21 | 000,017,212 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf32.dll
[2016/11/11 22:31:21 | 000,012,067 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf16.dll
[2016/11/11 21:57:10 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\Shadow Warrior 2.lnk
[2016/11/11 21:27:52 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2016/11/11 16:13:26 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/11/11 16:10:20 | 000,000,214 | ---- | C] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job
[2016/11/11 15:01:23 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
[2016/11/09 22:37:11 | 001,045,923 | ---- | C] () -- C:\Users\renzo\Documents\20161109_223506.jpg
[2016/11/08 20:04:57 | 000,446,896 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2016/11/06 12:49:59 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Public Test.lnk
[2016/11/05 16:24:10 | 000,000,705 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2016/11/05 11:37:03 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job
[2016/11/05 11:37:03 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/10/29 12:27:00 | 000,029,850 | ---- | C] () -- C:\Users\renzo\Documents\RoutePath Puzzler.pdf
[2016/10/29 11:59:31 | 000,001,299 | ---- | C] () -- C:\Users\renzo\Desktop\Dropbox.lnk
[2016/10/29 11:52:33 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job
[2016/10/29 11:52:33 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job
[2016/10/24 19:22:56 | 000,156,160 | ---- | C] () -- C:\WINDOWS\SysNative\FW1FontWrapper_x64.dll
[2016/10/24 19:22:51 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Skin Tool.lnk
[2016/10/24 19:22:51 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\EVGA Precision XOC.lnk
[2016/10/23 09:18:52 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Overwolf.lnk
[2016/10/23 03:48:19 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 4.lnk
[2016/10/23 00:31:58 | 000,000,755 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2016/10/23 00:31:13 | 000,281,872 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2016/10/23 00:31:13 | 000,281,872 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2016/10/23 00:31:12 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2016/10/22 18:03:19 | 000,002,684 | ---- | C] () -- C:\Users\renzo\Desktop\µTorrent.lnk
[2016/10/22 18:03:19 | 000,002,684 | ---- | C] () -- C:\Users\renzo\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2016/10/21 20:57:34 | 000,000,669 | ---- | C] () -- C:\WINDOWS\SysNative\nv-vk64.json
[2016/10/21 20:57:34 | 000,000,669 | ---- | C] () -- C:\WINDOWS\SysWow64\nv-vk32.json
[2016/10/21 19:06:57 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1.lnk
[2016/10/21 16:49:53 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2016/10/17 10:50:00 | 000,000,600 | ---- | C] () -- C:\Users\renzo\AppData\Local\PUTTY.RND
[2016/10/15 13:16:21 | 000,000,400 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2016/10/13 18:52:20 | 000,855,714 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2016/10/13 18:49:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2016/10/12 22:35:57 | 002,048,496 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016/10/12 22:35:57 | 000,265,728 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2016/10/12 21:39:05 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2016/10/12 20:59:47 | 000,000,036 | ---- | C] () -- C:\WINDOWS\progress.ini
[2016/09/09 13:25:58 | 000,269,600 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkan-1-1-0-26-0.dll
[2016/09/09 13:25:28 | 000,110,880 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkaninfo-1-1-0-26-0.exe
[2016/07/16 06:47:57 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2016/07/16 06:47:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2016/07/16 06:43:04 | 000,055,296 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2016/07/16 06:43:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2016/07/16 06:42:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2016/07/16 06:42:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2016/07/16 06:42:49 | 000,304,640 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2016/07/16 06:42:48 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2016/07/16 06:42:43 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2016/07/16 06:42:12 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/05/27 13:51:32 | 000,129,536 | ---- | C] () -- C:\WINDOWS\SysWow64\FW1FontWrapper.dll

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016/10/12 22:35:57 | 007,219,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/10/12 22:35:57 | 005,722,320 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016/07/16 06:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016/07/16 06:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016/07/16 06:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2016/11/13 22:54:59 | 000,000,000 | ---D | M] -- C:\Users\renzo\AppData\Roaming\.mono
[2016/11/11 21:28:17 | 000,000,000 | ---D | M] -- C:\Users\renzo\AppData\Roaming\Battle.net
[2016/11/12 00:04:23 | 000,000,000 | ---D | M] -- C:\Users\renzo\AppData\Roaming\DAEMON Tools Lite
[2016/10/29 11:52:58 | 000,000,000 | ---D | M] -- C:\Users\renzo\AppData\Roaming\Dropbox
[2016/11/19 01:50:30 | 000,000,000 | ---D | M] -- C:\Users\renzo\AppData\Roaming\Origin
[2016/10/11 21:36:06 | 000,000,000 | ---D | M] -- C:\Users\renzo\AppData\Roaming\Panda Security
[2016/11/19 01:44:56 | 000,000,000 | ---D | M] -- C:\Users\renzo\AppData\Roaming\Spotify
[2016/11/11 22:29:27 | 000,000,000 | ---D | M] -- C:\Users\renzo\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 484 bytes -> C:\ProgramData\TEMP:9A870F8B

< End of report >

Patiently awaiting zero day malware infection.

Sincerely,

renzore101

Agent Smith · Nov 19, 2016

Run Herdprotect portable and be done with it. It uses 68 anti-virus engines.

AdwCleaner scan results

Renzore101

Member

Agent Smith

Well-Known Member