start::
CreateRestorePoint: 
CloseProcesses: 
HKU\S-1-5-21-3317586467-257189203-2805365568-1001\...\Policies\Explorer: [NoInternetOpenWith] 1 
HKU\S-1-5-21-3317586467-257189203-2805365568-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102018024755694\...\Policies\Explorer: [NoInternetOpenWith] 1 
HKU\S-1-5-21-3317586467-257189203-2805365568-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102018081739905\...\Policies\Explorer: [NoInternetOpenWith] 1 
HKU\S-1-5-21-3317586467-257189203-2805365568-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102018233820473\...\Policies\Explorer: [NoInternetOpenWith] 1 
Startup: C:\Users\Brayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gwagsvbc.lnk [2018-05-07] 
Startup: C:\Users\Brayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ueawruhw.lnk [2018-05-07] 
2018-05-10 23:56 - 2018-05-11 00:13 - 000000000 ____D C:\Program Files\Reimage 
2018-05-10 23:56 - 2018-05-11 00:03 - 000000150 _____ C:\WINDOWS\Reimage.ini 
HKU\S-1-5-21-3317586467-257189203-2805365568-1001\...\StartupApproved\StartupFolder: => "ueawruhw.lnk" 
HKU\S-1-5-21-3317586467-257189203-2805365568-1001\...\StartupApproved\StartupFolder: => "gwagsvbc.lnk" 
EmptyTemp: 
end::