Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help error windows 01:6.17600.16385 rootkit?


  • This topic is locked This topic is locked
4 replies to this topic

#1 pedroa

pedroa

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 16 August 2016 - 10:40 PM

Hello, i was working with malwarebytes , removing malwares,... then a reset my laptop and never boot again only starting a : automatic repair system, and never fix the system. A lot of thanks for help me.

pedro

This is the Frst: 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by SYSTEM on MININT-VV858VF (13-08-2016 14:25:03)
Running from H:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-23] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2011-11-14] (Power Software Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Esko Subscription Notifier] => C:\Program Files (x86)\Common Files\Esko\SubscriptionService\SubscriptionService\EskoSubscriptionNotifier.exe [1172480 2015-03-25] (Esko BVBA)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-21] (Autodesk Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\DefaultAppPool\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\pedro\...\Run: [FMCore.exe] => C:\Program Files (x86)\Extensis\Suitcase Fusion 5\FMCore.exe [10543104 2013-11-09] (Celartem, Inc., doing business as Extensis.)
HKU\pedro\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\pedro\...\Run: [{98C42101-C864-4A73-8973-022E29C89732}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\cBgrrNbRbU').ZFQKUFNA)));
HKU\pedro\...\Run: [Seviler] => C:\Users\pedro\AppData\Roaming\GameLauncher\Seviler\Seviler.exe [604672 2016-08-10] ()
HKU\pedro\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-21] (Autodesk Inc.)
S2 EG Station Information Service; C:\Esko\bg_prog_egsis_v010\bin_ix86\egsissrv.exe [39936 2015-03-20] ()
S2 esko illustrator; C:\FLEXlm\lmgrd.exe [1473840 2015-11-15] (Flexera Software LLC)
S2 Esko Subscription Service; C:\Program Files (x86)\Common Files\Esko/SubscriptionService/SubscriptionService\SubscriptionService.exe [1355776 2015-03-25] (Esko BVBA)
S2 FLEXlm License Manager; C:\FLEXlm\lmgrd.exe [1473840 2015-11-15] (Flexera Software LLC)
S2 HDLicenseServer; C:\Program Files (x86)\Heidelberg\Licensing\License Server\HDLicenseServer.exe [215928 2011-07-15] ()
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 msftesql$ARTIOSCADEXP2005; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [95592 2007-06-22] (Microsoft Corporation)
S2 MSSQL$ARTIOSCADDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$ARTIOSCADDB\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S2 MSSQL$ARTIOSCADEXP2005; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [376832 2013-01-08] (SafeNet, Inc.)
S2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259872 2013-01-09] (SafeNet, Inc)
S2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-08] (SafeNet, Inc.)
S3 SQLAgent$ARTIOSCADDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$ARTIOSCADDB\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S2 VBoxService; C:\Windows\System32\VBoxService.exe [1358640 2011-04-21] (Oracle Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] ()
S0 httntp; C:\Windows\System32\drivers\mxpso.sys [79064 2016-08-12] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-12] (Malwarebytes)
S3 VBoxMouse; C:\Windows\System32\DRIVERS\VBoxMouse.sys [112816 2011-04-21] (Oracle Corporation)
S1 VBoxSF; C:\Windows\System32\drivers\VBoxSF.sys [310640 2011-04-21] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\aksdf.sys BC569A6C209D94F6643EE35710AEC1F6
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\epmntdrv.sys 6106653B08F4F72EEAA7F099E7C408A4
C:\Windows\SysWOW64\epmntdrv.sys 093CEE3B45F0954DCE6CB891F6A920F7
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\EuGdiDrv.sys 991C04A31777ED77CB92A4F96F14C2E2
C:\Windows\SysWOW64\EuGdiDrv.sys F1DE3EEF501DDA7DDF99F2EDF0C5540E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hardlock.sys D8BF3C594BD17A37960362E6C6739B90
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\mxpso.sys 8C17F3795DAE9A0ECDE4B3A3B0740E5F
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys C224331A54571C8C9162F7714400BBBD
C:\Windows\System32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys 3FB253E8059A1AAC3A8B83A31D094CC5
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys 6C9FFFECA9FED31347D211C5D1FFBD2D
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iusb3hcs.sys DC0DBA5164F657DE2AE94B9D1FF75DA4
C:\Windows\System32\DRIVERS\iusb3hub.sys BA4F3A70F03584E5B907DA815677727D
C:\Windows\System32\DRIVERS\iusb3xhc.sys E6130F70D61867C7EFC13A2F808EDC58
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 6B01B7414A105B9E51652089A03027CF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F
C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D
C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys 31609B481CC202BFB441E37FEBCDEA05
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys BC08F7F3C53CBEE68670ED1314E290FD
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 6D76E6433574B058ADCB0C50DF834492
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 9140DB0911DE035FED0A9A77A2D156EA
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys 3AC948640421E3891A49AA83C6B77B7A
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692
C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7
C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys 7E89F65EB250463EE8665CFE19566FC3
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\VBoxMouse.sys 88BDFC9F99FD4D1F142BD89AE40DB252
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 6B22F16BE58AEF1A57970611D7109507
C:\Windows\System32\DRIVERS\VBoxNetFlt.sys 10DD814DA2F2064F53B9694E30FF45A4
C:\Windows\System32\drivers\VBoxSF.sys 5AB171BB3581C8EFBBADC5423FD47709
C:\Windows\System32\Drivers\VBoxUSB.sys E40ED858DB77EC5D92871B4BF26DE3CA
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-13 03:14 - 2016-08-13 14:25 - 00000000 ____D C:\FRST
2016-08-12 06:29 - 2016-08-12 06:29 - 00079064 _____ (Malwarebytes) C:\Windows\System32\Drivers\mxpso.sys
2016-08-12 06:29 - 2016-08-12 06:29 - 00002094 _____ C:\Windows\System32\fhovuq
2016-08-11 05:59 - 2016-08-11 05:59 - 94858446 _____ C:\Users\pedro\Desktop\Sequence 01 para borrar.avi
2016-08-11 05:46 - 2016-08-11 05:46 - 00000000 ____D C:\Users\pedro\AppData\Roaming\PACE Anti-Piracy
2016-08-11 05:46 - 2016-08-11 05:46 - 00000000 ____D C:\Users\pedro\AppData\Local\PACE Anti-Piracy
2016-08-11 05:46 - 2016-08-11 05:46 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2016-08-11 05:45 - 2016-08-11 05:45 - 00000000 ____D C:\Users\pedro\Documents\Adobe
2016-08-11 05:23 - 2016-08-11 05:23 - 00000000 ____D C:\Program Files (x86)\My Company Name
2016-08-11 05:23 - 2011-11-03 00:01 - 00056208 ____N (Rovi Corporation) C:\Windows\System32\Drivers\PxHlpa64.sys
2016-08-11 05:23 - 2011-10-17 00:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys
2016-08-11 05:23 - 2011-10-17 00:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys
2016-08-11 05:21 - 2016-08-11 05:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-08-11 05:21 - 2016-08-11 05:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-08-11 05:20 - 2016-08-11 05:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-08-10 22:50 - 2016-08-10 22:52 - 00000000 ____D C:\Users\pedro\Desktop\Adobe Premiere Pro CS6
2016-08-10 22:22 - 2016-08-10 22:22 - 03994965 _____ C:\Users\pedro\Desktop\3b0ee5374680cf02cee1acc96715e566.pdf
2016-08-10 21:56 - 2016-08-10 22:00 - 00000000 ____D C:\Users\pedro\Downloads\Adobe Premiere Pro CS6 6.0.0 LS7 Multilanguage [ChingLiu]
2016-08-10 21:48 - 2016-08-10 21:48 - 00000000 ____D C:\Users\pedro\AppData\LocalLow\uTorrent
2016-08-10 21:46 - 2016-08-11 05:08 - 00000000 ____D C:\Users\pedro\AppData\Roaming\uTorrent
2016-08-10 21:42 - 2016-08-10 21:42 - 02370560 _____ (BitTorrent Inc.) C:\Program Files (x86)\uTorrent.exe
2016-08-10 21:37 - 2016-08-10 21:37 - 00013252 _____ C:\Users\pedro\Downloads\ADOBE PREMIER PRO CS6 + CRACK.rar
2016-08-10 21:32 - 2016-08-12 06:21 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-08-10 21:31 - 2016-08-10 21:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-10 21:31 - 2016-08-10 21:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-10 21:31 - 2016-03-10 11:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2016-08-10 21:31 - 2016-03-10 11:08 - 00140672 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2016-08-10 21:31 - 2016-03-10 11:08 - 00027008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2016-08-10 21:28 - 2016-08-10 21:30 - 00001684 _____ C:\Users\pedro\Desktop\Rkill.txt
2016-08-10 21:21 - 2016-08-10 21:21 - 00000258 __RSH C:\Users\pedro\ntuser.pol
2016-08-10 21:15 - 2016-08-10 21:15 - 00002966 __RSH C:\ProgramData\ntuser.pol
2016-08-10 21:14 - 2016-08-10 21:14 - 00002077 _____ C:\Users\hdservice\Desktop\Gооglе Сhrоmе.lnk
2016-08-10 21:14 - 2016-08-10 21:14 - 00000000 ____D C:\Users\pedro\AppData\Roaming\GameLauncher
2016-08-10 21:13 - 2016-08-10 21:13 - 00000000 _____ C:\Users\pedro\Downloads\uTorrentPro 3.4.7 Build 42330.zip
2016-08-10 00:30 - 2016-08-10 00:31 - 72872096 _____ (VMware, Inc.) C:\Users\pedro\Downloads\VMware-player-12.0.0-2985596.exe
2016-08-10 00:13 - 2016-08-10 00:13 - 00002986 _____ C:\Windows\System32\Tasks\{B641349A-E31E-4334-A4D8-40E2E93DDF22}
2016-08-10 00:11 - 2016-08-10 00:25 - 00000000 ____D C:\ProgramData\VMware
2016-08-10 00:11 - 2016-03-10 05:03 - 00057536 _____ (VMware, Inc.) C:\Windows\System32\Drivers\hcmon.sys
2016-08-10 00:04 - 2016-08-10 00:59 - 00375495 _____ C:\Users\pedro\Downloads\01 PLACA 52,5 X 45,9.pdf
2016-08-10 00:03 - 2016-08-10 00:04 - 39605312 _____ (VMware, Inc.) C:\Users\pedro\Downloads\VMware-VIX-1.15.3-3770994.exe
2016-08-09 23:40 - 2012-12-19 11:48 - 00237992 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2016-08-09 23:40 - 2012-12-19 11:47 - 00120232 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2016-08-09 23:39 - 2016-08-09 23:39 - 00003176 _____ C:\Windows\System32\Tasks\{BBACDA87-DAB7-4EFA-B502-9E9D87543396}
2016-08-09 22:08 - 2016-08-10 00:31 - 00000000 ____D C:\Users\pedro\VirtualBox VMs
2016-08-09 21:52 - 2016-08-09 21:52 - 00001456 _____ C:\Users\pedro\Desktop\catolica.txt
2016-08-07 19:51 - 2016-08-07 19:51 - 00003887 _____ C:\Users\pedro\Desktop\bidgrafico.tif
2016-08-07 19:45 - 2016-08-07 19:45 - 00088982 _____ C:\Users\pedro\Desktop\problemas bid.pdf
2016-08-04 05:15 - 2016-08-04 05:15 - 00005431 _____ C:\Users\pedro\Desktop\afiches a3.jdf
2016-08-04 05:03 - 2016-08-04 05:03 - 00076232 _____ C:\Windows\System32\Drivers\1a89219574e9f804.sys
2016-08-04 04:54 - 2016-08-04 04:54 - 00005689 _____ C:\Users\pedro\Desktop\volantes tr.jdf
2016-08-04 04:46 - 2016-08-04 04:46 - 01477840 _____ C:\Users\pedro\Desktop\plantilla_Marks.pdf
2016-08-04 04:46 - 2016-08-04 04:46 - 00011505 _____ C:\Users\pedro\Desktop\plantilla.jdf
2016-08-04 04:25 - 2016-08-04 05:15 - 00000000 ____D C:\Users\pedro\Downloads\Finales_Batalla
2016-08-04 04:24 - 2016-08-04 04:24 - 05129285 _____ C:\Users\pedro\Downloads\Finales_Batalla.zip
2016-08-04 04:15 - 2012-07-25 19:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2016-08-04 04:15 - 2012-07-25 19:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2016-08-04 04:15 - 2012-07-25 19:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2016-08-04 04:15 - 2012-07-25 19:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2016-08-04 04:15 - 2012-07-25 19:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2016-08-04 04:15 - 2012-07-25 18:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2016-08-04 04:15 - 2012-07-25 18:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2016-08-04 04:15 - 2012-06-02 06:57 - 00000003 _____ C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2016-08-04 04:14 - 2012-02-29 22:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2016-08-04 04:14 - 2012-02-29 22:38 - 00220672 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2016-08-04 04:14 - 2012-02-29 22:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2016-08-04 04:14 - 2012-02-29 22:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\wmi.dll
2016-08-04 04:14 - 2012-02-29 21:37 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-08-04 04:14 - 2012-02-29 21:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2016-08-04 04:14 - 2012-02-29 21:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2016-08-03 18:38 - 2012-02-16 22:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2016-08-03 18:38 - 2012-02-16 21:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-08-03 18:38 - 2012-02-16 20:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2016-08-03 18:38 - 2012-02-16 20:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2016-08-03 14:13 - 2016-08-03 14:13 - 17309172 _____ C:\Users\pedro\Desktop\okbaner 3santa rosa ok.tif
2016-08-03 13:30 - 2016-08-03 13:30 - 229845148 _____ C:\Users\pedro\Desktop\finalbaner 1santa rosa ok.tif
2016-08-01 22:59 - 2016-08-01 22:59 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-07-31 20:01 - 2016-08-10 00:31 - 00000000 ____D C:\Users\pedro\.VirtualBox
2016-07-31 20:01 - 2016-07-31 20:02 - 00000000 ____D C:\Program Files\Oracle
2016-07-29 22:23 - 2016-07-29 22:23 - 00004552 _____ C:\Users\pedro\Downloads\login.htm
2016-07-29 21:58 - 2016-07-29 21:58 - 00000000 ____D C:\Users\pedro\Documents\xgen
2016-07-29 21:53 - 2016-07-29 21:57 - 00000000 ____D C:\Users\pedro\Documents\maya
2016-07-29 21:51 - 2016-07-29 21:51 - 00000000 ____D C:\Users\pedro\Documents\Direct Connect
2016-07-29 21:39 - 2016-07-29 21:49 - 00000000 ____D C:\Program Files\Autodesk
2016-07-29 21:38 - 2016-07-29 21:58 - 00000000 ____D C:\Users\pedro\AppData\Local\Autodesk
2016-07-29 21:38 - 2016-07-29 21:50 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2016-07-29 21:38 - 2016-07-29 21:38 - 00000000 ____D C:\Users\pedro\Documents\Autodesk Application Manager
2016-07-29 21:38 - 2010-06-02 01:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-07-29 21:38 - 2010-06-02 01:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2016-07-29 21:38 - 2010-06-02 01:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-07-29 21:38 - 2010-06-02 01:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2016-07-29 21:38 - 2010-06-02 01:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2016-07-29 21:38 - 2010-06-02 01:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-07-29 21:38 - 2010-05-26 08:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2016-07-29 21:38 - 2010-05-26 08:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2016-07-29 21:38 - 2010-05-26 08:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-07-29 21:38 - 2010-05-26 08:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-07-29 21:38 - 2010-05-26 08:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2016-07-29 21:38 - 2010-05-26 08:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-07-29 21:38 - 2010-05-26 08:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2016-07-29 21:38 - 2010-05-26 08:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-07-29 21:38 - 2010-05-26 08:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2016-07-29 21:38 - 2010-05-26 08:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-07-29 21:36 - 2016-07-29 21:57 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Autodesk
2016-07-29 21:36 - 2016-07-29 21:57 - 00000000 ____D C:\ProgramData\Autodesk
2016-07-29 21:30 - 2016-07-29 21:30 - 00000301 _____ C:\Users\pedro\Downloads\industrialprintblog.com_signups.vcf
2016-07-29 18:30 - 2016-07-29 18:30 - 00052867 _____ C:\Users\pedro\Downloads\NUEVO18JULIOnuevo costeo en indigo.xlsx
2016-07-29 17:48 - 2016-07-29 19:33 - 00018181 _____ C:\Users\pedro\Downloads\ARAMBURU.xlsx
2016-07-29 17:48 - 2016-07-29 17:48 - 00000000 ____D C:\Users\pedro\AppData\OICE_15_974FA576_32C1D314_E82
2016-07-26 15:06 - 2016-07-26 15:06 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Illustrator
2016-07-26 13:41 - 2016-07-26 13:41 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2016-07-26 13:26 - 2016-07-26 13:26 - 00000000 ____D C:\Users\pedro\Desktop\Es_ko_Stu_dio_Pa_ck14_11
2016-07-26 12:10 - 2016-07-26 12:10 - 00000000 ____D C:\Users\pedro\AppData\Roaming\EskoStudioVisualizer12
2016-07-26 11:59 - 2016-07-26 11:59 - 00003134 _____ C:\Windows\System32\Tasks\{4AF7E265-2B06-4865-8D01-57EB6A3172B5}
2016-07-26 11:49 - 2016-07-26 11:52 - 166585856 _____ (Esko) C:\Users\pedro\Downloads\Esko_Data_Exchange_16_0_0_66.exe
2016-07-26 11:36 - 2016-08-12 06:14 - 00000000 ____D C:\FLEXlm
2016-07-26 11:09 - 2016-07-26 11:09 - 00002085 _____ C:\Users\Public\Desktop\DataCenter Admin.lnk
2016-07-26 11:09 - 2016-07-26 11:09 - 00000000 ____D C:\Windows\Crystal
2016-07-26 10:21 - 2016-07-26 15:21 - 02146252 _____ C:\Users\pedro\Desktop\MATRICULA NUEVO.pdf
2016-07-26 10:21 - 2016-07-26 10:21 - 05220820 _____ C:\Users\pedro\Downloads\wetransfer-2ccd54.zip
2016-07-26 10:06 - 2016-07-26 10:06 - 00000000 ____D C:\Windows\System32\appmgmt
2016-07-26 09:51 - 2016-07-26 09:51 - 00003518 _____ C:\Windows\System32\Tasks\{034D4F77-0196-4E49-8BB5-0581F19FDEBA}
2016-07-26 09:01 - 2016-07-26 09:01 - 00003550 _____ C:\Windows\System32\Tasks\{CAECF19A-2EF1-4D94-8771-AF70E06EC21C}
2016-07-26 08:53 - 2016-07-26 08:53 - 00003614 _____ C:\Windows\System32\Tasks\{9729CC47-84AC-4927-91FA-09FEA8A0FC26}
2016-07-26 00:48 - 2016-07-26 00:48 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Apple Computer
2016-07-26 00:18 - 2016-07-26 12:11 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Studio Visualizer
2016-07-25 23:46 - 2016-07-26 14:48 - 00000000 ____D C:\Users\pedro\Esko
2016-07-25 23:30 - 2016-07-25 23:30 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-07-25 23:30 - 2016-07-25 23:30 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-07-25 23:30 - 2016-07-25 23:30 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-07-25 23:30 - 2016-07-25 23:30 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-07-25 23:30 - 2016-07-25 23:30 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-07-25 23:30 - 2016-07-25 23:30 - 00000000 ____D C:\users\DefaultAppPool
2016-07-25 23:30 - 2011-04-12 00:28 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-07-25 23:18 - 2016-07-25 23:18 - 00001024 _____ C:\Windows\SysWOW64\ss9tx99.tgz
2016-07-25 23:17 - 2016-07-25 23:17 - 00000000 ____D C:\ProgramData\Macrovision
2016-07-25 23:16 - 2006-12-13 15:14 - 00065024 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\Drivers\aksdf.sys
2016-07-25 23:16 - 2006-12-04 07:44 - 00314368 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\Drivers\hardlock.sys
2016-07-25 23:16 - 2006-10-18 16:12 - 00191488 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll
2016-07-25 23:11 - 2016-07-25 23:11 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-07-25 23:04 - 2016-07-25 23:04 - 00000000 ____D C:\Users\pedro\Documents\Store Visualizer 14
2016-07-25 23:04 - 2016-07-25 23:04 - 00000000 ____D C:\Users\pedro\AppData\Local\VTales graphics
2016-07-25 22:32 - 2016-07-25 22:32 - 00000000 ____D C:\Users\pedro\AppData\LocalLow\Apple Computer
2016-07-25 22:32 - 2016-07-25 22:32 - 00000000 ____D C:\Users\pedro\AppData\Local\Apple
2016-07-25 22:32 - 2016-07-25 22:32 - 00000000 ____D C:\ProgramData\Apple Computer
2016-07-25 22:32 - 2016-07-25 22:32 - 00000000 ____D C:\ProgramData\Apple
2016-07-25 22:32 - 2016-07-25 22:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-07-25 22:32 - 2016-07-25 22:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-07-25 22:28 - 2016-07-25 22:29 - 41896256 _____ (Apple Inc.) C:\Users\pedro\Downloads\QuickTimeInstaller.exe
2016-07-25 22:24 - 2016-07-25 22:41 - 00000000 ____D C:\Users\pedro\AppData\Roaming\EskoStudioVisualizer14
2016-07-25 21:36 - 2016-07-26 00:18 - 00000000 ____D C:\Users\pedro\AppData\Roaming\EskoArtwork
2016-07-25 21:36 - 2016-07-25 21:36 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Esko
2016-07-25 21:34 - 2016-07-25 21:34 - 00000000 ____D C:\ProgramData\FNP
2016-07-25 20:31 - 2016-07-26 11:55 - 00000000 ____D C:\Users\Public\Documents\EskoArtwork
2016-07-25 20:27 - 2016-08-12 06:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-07-25 20:17 - 2016-07-26 13:58 - 00000000 ____D C:\Esko
2016-07-25 20:17 - 2005-10-12 10:01 - 00001784 _____ C:\Windows\eguninstall.bat
2016-07-25 18:55 - 2002-12-17 13:23 - 00033340 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dbmsqlgc.dll
2016-07-25 18:55 - 2002-10-20 11:05 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dbmsgnet.dll
2016-07-25 18:55 - 1998-10-29 12:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2016-07-25 18:49 - 2016-07-25 23:17 - 00000000 ____D C:\Artios
2016-07-25 18:44 - 2016-07-25 18:44 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Corel
2016-07-25 18:44 - 2016-07-25 18:44 - 00000000 ____D C:\ProgramData\Protexis64
2016-07-25 18:42 - 2016-07-25 18:42 - 00000000 ____D C:\Users\Public\Documents\Corel
2016-07-25 18:42 - 2016-07-25 18:42 - 00000000 ____D C:\Program Files\Common Files\Protexis
2016-07-25 18:42 - 2016-07-25 18:42 - 00000000 ____D C:\Program Files\Common Files\Corel
2016-07-25 18:40 - 2016-07-25 18:41 - 00000000 ____D C:\Program Files\Corel
2016-07-25 18:38 - 2016-07-25 18:43 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2016-07-25 14:51 - 2016-07-25 14:51 - 00001044 _____ C:\Users\pedro\Desktop\cc_20160725_175133f.reg
2016-07-25 14:49 - 2016-07-25 14:49 - 00005802 _____ C:\Users\pedro\Desktop\cc_20160724_020428e.reg
2016-07-25 14:26 - 2016-07-25 14:26 - 00000000 ____D C:\Windows\System32\dsc
2016-07-25 14:26 - 2016-07-25 14:26 - 00000000 ____D C:\Windows\System32\Configuration
2016-07-25 14:13 - 2016-07-25 14:13 - 00000000 ____D C:\cbf471def2b75c91fe01eb74
2016-07-25 14:12 - 2016-07-25 14:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2016-07-25 14:12 - 2016-07-25 14:12 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2016-07-25 14:12 - 2016-07-25 14:12 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2016-07-25 14:12 - 2016-07-25 14:12 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2016-07-25 14:12 - 2016-07-25 14:12 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2016-07-25 14:09 - 2013-09-26 19:37 - 00001536 _____ (Microsoft Corporation) C:\Windows\System32\winrsmgr.dll
2016-07-25 14:09 - 2013-09-26 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\WsmRes.dll
2016-07-25 14:09 - 2013-09-26 19:20 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\mimofcodec.dll
2016-07-25 14:09 - 2013-09-26 19:19 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\ncobjapi.dll
2016-07-25 14:09 - 2013-09-26 19:18 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\mi.dll
2016-07-25 14:09 - 2013-09-26 19:18 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll
2016-07-25 14:09 - 2013-09-26 19:17 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\mibincodec.dll
2016-07-25 14:09 - 2013-09-26 19:16 - 00082944 _____ (Microsoft Corporation) C:\Windows\System32\wecapi.dll
2016-07-25 14:09 - 2013-09-26 19:16 - 00014848 _____ (Microsoft Corporation) C:\Windows\System32\wsmplpxy.dll
2016-07-25 14:09 - 2013-09-26 19:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\winrssrv.dll
2016-07-25 14:09 - 2013-09-26 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\wevtfwd.dll
2016-07-25 14:09 - 2013-09-26 19:03 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Register-CimProvider.exe
2016-07-25 14:09 - 2013-09-26 18:59 - 00104960 _____ (Microsoft Corporation) C:\Windows\System32\wecutil.exe
2016-07-25 14:09 - 2013-09-26 18:58 - 00213504 _____ (Microsoft Corporation) C:\Windows\System32\wecsvc.dll
2016-07-25 14:09 - 2013-09-26 18:53 - 00203776 _____ (Microsoft Corporation) C:\Windows\System32\wmitomi.dll
2016-07-25 14:09 - 2013-09-26 18:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\prvdmofcomp.dll
2016-07-25 14:09 - 2013-09-26 18:50 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\wmidcom.dll
2016-07-25 14:09 - 2013-09-26 18:49 - 00476672 _____ (Microsoft Corporation) C:\Windows\System32\wbemcomn2.dll
2016-07-25 14:09 - 2013-09-26 18:48 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\miutils.dll
2016-07-25 14:09 - 2013-09-26 18:46 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\framedynos.dll
2016-07-25 14:09 - 2013-09-26 18:45 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\framedyn.dll
2016-07-25 14:09 - 2013-09-26 18:40 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\WsmAgent.dll
2016-07-25 14:09 - 2013-09-26 18:34 - 00197632 _____ (Microsoft Corporation) C:\Windows\System32\DscCoreConfProv.dll
2016-07-25 14:09 - 2013-09-26 18:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\winrshost.exe
2016-07-25 14:09 - 2013-09-26 18:21 - 00600064 _____ (Microsoft Corporation) C:\Windows\System32\WsmGCDeps.dll
2016-07-25 14:09 - 2013-09-26 18:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\winrs.exe
2016-07-25 14:09 - 2013-09-26 18:19 - 00156672 _____ (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
2016-07-25 14:09 - 2013-09-26 18:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\wsmprovhost.exe
2016-07-25 14:09 - 2013-09-26 18:18 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
2016-07-25 14:09 - 2013-09-26 18:17 - 00274944 _____ (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
2016-07-25 14:09 - 2013-09-26 18:17 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\winrscmd.dll
2016-07-25 14:09 - 2013-09-26 18:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\PSModuleDiscoveryProvider.dll
2016-07-25 14:09 - 2013-09-26 18:06 - 02475008 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2016-07-25 14:09 - 2013-09-26 18:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\pwrshplugin.dll
2016-07-25 14:09 - 2013-09-26 17:53 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll
2016-07-25 14:09 - 2013-09-26 17:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-07-25 14:09 - 2013-09-26 17:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimofcodec.dll
2016-07-25 14:09 - 2013-09-26 17:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2016-07-25 14:09 - 2013-09-26 17:36 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll
2016-07-25 14:09 - 2013-09-26 17:35 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mi.dll
2016-07-25 14:09 - 2013-09-26 17:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mibincodec.dll
2016-07-25 14:09 - 2013-09-26 17:34 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll
2016-07-25 14:09 - 2013-09-26 17:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-07-25 14:09 - 2013-09-26 17:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll
2016-07-25 14:09 - 2013-09-26 17:31 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll
2016-07-25 14:09 - 2013-09-26 17:25 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Register-CimProvider.exe
2016-07-25 14:09 - 2013-09-26 17:21 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe
2016-07-25 14:09 - 2013-09-26 17:15 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prvdmofcomp.dll
2016-07-25 14:09 - 2013-09-26 17:14 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2016-07-25 14:09 - 2013-09-26 17:12 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmidcom.dll
2016-07-25 14:09 - 2013-09-26 17:11 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn2.dll
2016-07-25 14:09 - 2013-09-26 17:11 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll
2016-07-25 14:09 - 2013-09-26 17:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2016-07-25 14:09 - 2013-09-26 17:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2016-07-25 14:09 - 2013-09-26 17:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2016-07-25 14:09 - 2013-09-26 17:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
2016-07-25 14:09 - 2013-09-26 16:54 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe
2016-07-25 14:09 - 2013-09-26 16:50 - 00515584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmGCDeps.dll
2016-07-25 14:09 - 2013-09-26 16:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe
2016-07-25 14:09 - 2013-09-26 16:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-07-25 14:09 - 2013-09-26 16:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-07-25 14:09 - 2013-09-26 16:48 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-07-25 14:09 - 2013-09-26 16:47 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-07-25 14:09 - 2013-09-26 16:47 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll
2016-07-25 14:09 - 2013-09-26 16:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll
2016-07-25 14:09 - 2013-09-26 16:38 - 02026496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-07-25 14:09 - 2013-09-26 16:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll
2016-07-25 14:09 - 2013-09-26 15:52 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-07-25 14:09 - 2013-09-26 14:48 - 00198656 _____ (Microsoft Corporation) C:\Windows\System32\DscCore.dll
2016-07-25 14:09 - 2013-09-15 23:34 - 00204105 _____ C:\Windows\SysWOW64\winrm.vbs
2016-07-25 14:09 - 2013-09-15 23:34 - 00204105 _____ C:\Windows\System32\winrm.vbs
2016-07-25 14:09 - 2013-09-15 23:34 - 00004675 _____ C:\Windows\SysWOW64\wsmanconfig_schema.xml
2016-07-25 14:09 - 2013-09-15 23:34 - 00004675 _____ C:\Windows\System32\wsmanconfig_schema.xml
2016-07-25 14:09 - 2013-09-15 23:33 - 00004148 _____ C:\Windows\System32\psmodulediscoveryprovider.mof
2016-07-25 13:55 - 2016-07-25 13:55 - 00000000 ____D C:\d6bcf597220953380d8128dca1aea4
2016-07-25 10:59 - 2016-07-25 10:59 - 00000041 _____ C:\Windows\woubak-pwrscheme-temp.txt
2016-07-25 10:59 - 2016-07-25 10:59 - 00000041 _____ C:\Windows\woubak-pwrscheme-act.txt
2016-07-25 10:59 - 2016-07-25 10:59 - 00000000 ____D C:\e8fdeb2f03ef13822f
2016-07-25 09:41 - 2016-07-25 10:42 - 00000000 ____D C:\Users\pedro\Downloads\wsusoffline
2016-07-25 09:41 - 2016-07-25 09:41 - 02055150 _____ C:\Users\pedro\Downloads\wsusoffline107.zip
2016-07-25 09:21 - 2016-08-09 23:22 - 00000000 ____D C:\Users\pedro\AppData\Local\ElevatedDiagnostics
2016-07-25 09:19 - 2016-07-25 09:19 - 00313366 _____ C:\Users\pedro\Downloads\WindowsUpdateDiagnostic.diagcab
2016-07-25 09:11 - 2016-07-25 09:11 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2016-07-25 09:11 - 2016-07-25 09:11 - 00000000 ____D C:\Windows\System32\BestPractices
2016-07-25 09:11 - 2016-07-25 09:11 - 00000000 ____D C:\inetpub
2016-07-25 08:32 - 2016-07-25 08:33 - 00002214 _____ C:\Windows\EPMBatch.ept
2016-07-25 07:36 - 2016-07-25 07:36 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-07-25 07:36 - 2013-01-06 11:52 - 02468520 _____ C:\Windows\SysWOW64\BootMan.exe
2016-07-25 07:36 - 2012-12-21 10:54 - 00014920 _____ C:\Windows\SysWOW64\epmntdrv.sys
2016-07-25 07:36 - 2012-12-21 10:53 - 00100936 _____ C:\Windows\System32\setupempdrvx64.exe
2016-07-25 07:36 - 2012-12-21 10:53 - 00087112 _____ C:\Windows\SysWOW64\setupempdrv03.exe
2016-07-25 07:36 - 2012-12-21 10:53 - 00017480 _____ C:\Windows\System32\epmntdrv.sys
2016-07-25 07:36 - 2012-12-21 10:53 - 00009800 _____ C:\Windows\System32\EuGdiDrv.sys
2016-07-25 07:36 - 2012-12-21 10:53 - 00009160 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
2016-07-25 07:36 - 2012-12-20 11:46 - 03376640 _____ C:\Windows\System32\BootMan.exe
2016-07-25 07:36 - 2012-05-15 08:13 - 03316736 _____ C:\Windows\System32\¸´¼þ BootMan.exe
2016-07-25 07:36 - 2011-07-29 10:54 - 00019840 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2016-07-25 07:36 - 2011-07-29 10:54 - 00016256 _____ C:\Windows\System32\EuEpmGdi.dll
2016-07-25 06:14 - 2016-07-25 06:14 - 00000000 ____D C:\Users\pedro\Documents\Plantillas personalizadas de Office
2016-07-24 21:55 - 2016-08-12 06:14 - 00000000 ___RD C:\Users\pedro\Google Drive
2016-07-24 21:55 - 2016-07-24 21:55 - 00001661 _____ C:\Users\pedro\Desktop\Google Drive.lnk
2016-07-24 21:47 - 2016-07-24 21:47 - 00987728 _____ (Google Inc.) C:\Users\pedro\Downloads\googledrivesync.exe
2016-07-24 21:29 - 2016-07-24 21:29 - 00000000 ____D C:\Users\pedro\AppData\Local\WindowsUpdate
2016-07-24 21:22 - 2007-08-09 11:39 - 00494657 _____ () C:\Program Files (x86)\APFill.exe
2016-07-24 21:15 - 2016-07-24 21:45 - 00046635 _____ C:\Users\pedro\Downloads\18JULIOnuevo costeo en indigo.xlsx
2016-07-24 20:53 - 2016-07-24 20:53 - 00002972 _____ C:\Users\pedro\Desktop\cc_20160724_020428d.reg
2016-07-24 20:39 - 2016-07-24 20:39 - 00000004 _____ C:\Users\pedro\AppData\Local\.JixiData.dat
2016-07-24 20:21 - 2016-07-24 20:21 - 00000000 ____D C:\Users\pedro\Downloads\JixiPix Artista Impresso Pro 1.5.5 + Crack (x86x64) - softasm.com
2016-07-24 20:17 - 2016-07-24 20:19 - 94466195 _____ C:\Users\pedro\Downloads\JixiPix Artista Impresso Pro 1.5.5 + Crack (x86x64) - softasm.com.rar
2016-07-24 15:06 - 2016-07-24 20:39 - 00000000 ____D C:\Users\pedro\AppData\Roaming\JixiPixCommon
2016-07-24 15:06 - 2016-07-24 20:39 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Impresso Pro
2016-07-24 13:37 - 2016-07-24 20:28 - 00000000 ____D C:\Program Files\uninst
2016-07-24 13:37 - 2016-07-24 20:28 - 00000000 ____D C:\Program Files\JixiPix Software
2016-07-24 13:37 - 2016-07-24 20:28 - 00000000 ____D C:\Program Files (x86)\JixiPix Software
2016-07-24 13:16 - 2016-07-24 13:21 - 00000000 ____D C:\Users\pedro\Desktop\Ultimate Adobe Photoshop Plug-ins Bundle 2016.03 [SadeemPC]
2016-07-24 00:08 - 2016-07-24 00:08 - 533806361 _____ C:\Users\pedro\Downloads\x64.zip
2016-07-23 23:36 - 2016-08-10 06:05 - 00000010 _____ C:\Users\pedro\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2016-07-23 23:36 - 2016-08-10 06:05 - 00000010 _____ C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36
2016-07-23 23:36 - 2016-07-23 23:36 - 00000043 _____ C:\ProgramData\.ST160
2016-07-23 23:35 - 2016-07-24 13:38 - 00000000 ____D C:\Users\pedro\AppData\Local\Extensis
2016-07-23 23:35 - 2016-07-23 23:35 - 00000000 ____D C:\ProgramData\Extensis
2016-07-23 23:35 - 2016-07-23 23:35 - 00000000 ____D C:\Program Files (x86)\Extensis
2016-07-23 23:35 - 2016-07-23 23:35 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-07-23 23:26 - 2016-07-23 23:27 - 01503484 _____ C:\Users\pedro\Downloads\CAIC141118118664.rar
2016-07-23 23:26 - 2016-07-23 23:26 - 01511164 _____ C:\Users\pedro\Downloads\CAIC2015211921328664.rar
2016-07-23 23:18 - 2016-07-23 23:18 - 00000000 ____D C:\ProgramData\ALM
2016-07-23 23:04 - 2016-07-23 23:04 - 00000544 _____ C:\Users\pedro\Desktop\cc_20160724_020428c.reg
2016-07-23 22:47 - 2016-07-23 22:48 - 50788940 _____ C:\Users\pedro\Downloads\UP15 (1).rar
2016-07-23 22:45 - 2016-07-23 22:46 - 50788940 _____ C:\Users\pedro\Downloads\UP15.rar
2016-07-23 22:38 - 2016-07-23 22:38 - 00019720 _____ C:\Users\pedro\Desktop\cc_20160724_013754B.reg
2016-07-23 21:54 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2016-07-23 21:54 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2016-07-23 21:54 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-07-23 21:54 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2016-07-23 21:54 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2016-07-23 21:54 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2016-07-23 21:54 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-07-23 21:54 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2016-07-23 21:54 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2016-07-23 21:54 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-07-23 21:54 - 2014-05-14 06:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2016-07-23 21:54 - 2014-05-14 06:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-07-23 21:54 - 2014-05-14 06:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2016-07-23 21:54 - 2014-05-14 06:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-07-23 21:27 - 2016-07-23 21:27 - 00000000 ____D C:\Program Files (x86)\gs
2016-07-23 21:25 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-eventing-provider-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2016-07-23 21:25 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
2016-07-23 21:24 - 2016-07-25 18:42 - 00000000 ____D C:\ProgramData\Corel
2016-07-23 21:21 - 2016-08-10 00:25 - 01032240 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-23 20:51 - 2016-07-25 23:13 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-07-23 20:51 - 2016-07-23 20:51 - 00000000 ____D C:\Windows\PCHEALTH
2016-07-23 20:51 - 2016-07-23 20:51 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-23 20:50 - 2016-07-23 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-23 20:50 - 2016-07-23 20:50 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-07-23 20:50 - 2016-07-23 20:50 - 00000000 ____D C:\Users\pedro\AppData\Local\Microsoft Help
2016-07-23 20:50 - 2016-07-23 20:50 - 00000000 ____D C:\Program Files\Microsoft Office
2016-07-23 20:50 - 2016-07-23 20:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-07-23 20:48 - 2016-07-23 20:48 - 00000000 __RHD C:\MSOCache
2016-07-23 20:38 - 2016-08-10 00:44 - 00000034 _____ C:\Users\pedro\AppData\Roaming\AdobeWLCMCache.dat
2016-07-23 20:38 - 2016-07-23 20:38 - 00003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-pedro_laptop-pedro
2016-07-23 20:30 - 2016-08-11 05:26 - 00000000 ____D C:\Program Files\Adobe
2016-07-23 20:30 - 2016-07-29 21:38 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-23 20:29 - 2016-08-11 05:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-07-23 20:28 - 2016-07-23 20:28 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Macromedia
2016-07-23 19:52 - 2016-07-23 19:52 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Enfocus Prefs Folder
2016-07-23 19:46 - 2016-07-29 21:53 - 00000000 ____D C:\ProgramData\FLEXnet
2016-07-23 19:46 - 2016-07-23 19:51 - 00000000 ____D C:\ProgramData\Enfocus
2016-07-23 19:46 - 2016-07-23 19:51 - 00000000 ____D C:\Program Files (x86)\Enfocus
2016-07-23 19:37 - 2016-07-23 19:37 - 00000000 ____D C:\Program Files (x86)\SafeNet Sentinel
2016-07-23 19:31 - 2016-07-23 19:31 - 00000000 ____D C:\ProgramData\Acrobat678_plugins
2016-07-23 18:53 - 2016-07-23 18:53 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-07-23 18:34 - 2016-07-23 18:34 - 00060288 _____ C:\Users\hdservice\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-23 18:34 - 2016-07-23 18:34 - 00000000 ____D C:\Users\hdservice\AppData\Roaming\Intel Corporation
2016-07-23 18:34 - 2016-07-23 18:34 - 00000000 ____D C:\Users\hdservice\AppData\Local\VirtualStore
2016-07-23 18:34 - 2016-07-23 18:34 - 00000000 ____D C:\Users\hdservice\AppData\Local\Google
2016-07-23 18:34 - 2016-07-23 18:34 - 00000000 ____D C:\Users\hdservice\AppData\Local\Adobe
2016-07-23 18:33 - 2016-07-23 18:34 - 00000000 ____D C:\users\hdservice
2016-07-23 18:33 - 2016-07-23 18:33 - 00000020 ___SH C:\Users\hdservice\ntuser.ini
2016-07-23 18:33 - 2016-07-23 18:33 - 00000000 _SHDL C:\Users\hdservice\My Documents
2016-07-23 18:33 - 2016-07-23 18:33 - 00000000 _SHDL C:\Users\hdservice\Documents\My Videos
2016-07-23 18:33 - 2016-07-23 18:33 - 00000000 _SHDL C:\Users\hdservice\Documents\My Pictures
2016-07-23 18:33 - 2016-07-23 18:33 - 00000000 _SHDL C:\Users\hdservice\Documents\My Music
2016-07-23 18:33 - 2011-04-12 00:28 - 00000000 ____D C:\Users\hdservice\AppData\Roaming\Media Center Programs
2016-07-23 18:08 - 2016-07-23 18:08 - 00000000 ____D C:\Common Services
2016-07-23 18:07 - 2016-07-23 18:23 - 00000000 ____D C:\HD_Service
2016-07-23 18:07 - 2016-07-23 18:07 - 00000000 ____D C:\HD_Temp
2016-07-23 18:03 - 2016-07-23 18:03 - 00005564 _____ C:\Users\pedro\Desktop\cc_20160723_210326A.reg
2016-07-23 18:02 - 2016-07-23 18:02 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-07-23 18:01 - 2016-07-23 18:01 - 00000000 ____D C:\Program Files\CCleaner
2016-07-23 17:57 - 2016-07-23 17:57 - 00003276 _____ C:\Windows\System32\Tasks\{26C59589-3798-4FFE-AE0A-F76CA7C9541F}
2016-07-23 17:36 - 2016-07-23 18:08 - 00000000 ____D C:\Program Files (x86)\Heidelberg
2016-07-23 17:35 - 2016-07-23 18:04 - 00000000 ____D C:\Windows\Downloaded Installations
2016-07-23 17:33 - 2016-07-25 23:18 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2016-07-23 17:33 - 2016-07-23 19:39 - 00000000 ____D C:\ProgramData\Heidelberg
2016-07-23 17:32 - 2016-07-23 19:31 - 00000000 ____D C:\Users\Public\Documents\Heidelberg
2016-07-23 17:19 - 2016-07-23 19:54 - 00000000 ____D C:\Users\pedro\AppData\LocalLow\Adobe
2016-07-23 17:14 - 2016-08-11 05:49 - 00000000 ____D C:\Users\pedro\AppData\Local\Adobe
2016-07-23 17:14 - 2016-08-11 05:45 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Adobe
2016-07-23 17:14 - 2016-08-11 05:26 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-07-23 17:13 - 2016-08-11 05:22 - 00000000 ____D C:\ProgramData\Adobe
2016-07-23 17:13 - 2016-08-11 05:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-23 16:41 - 2016-07-23 16:41 - 00000000 ____D C:\Program Files (x86)\PowerISO
2016-07-23 16:41 - 2011-11-14 19:50 - 00125376 _____ (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2016-07-23 16:28 - 2016-08-12 06:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-23 16:28 - 2016-08-11 05:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-23 16:28 - 2016-07-29 17:39 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-23 16:28 - 2016-07-29 17:39 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-23 16:28 - 2016-07-24 21:48 - 00000000 ____D C:\Users\pedro\AppData\Local\Google
2016-07-23 16:28 - 2016-07-24 21:48 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-23 16:28 - 2016-07-23 16:28 - 00000000 ____D C:\Users\pedro\AppData\Local\Deployment
2016-07-23 16:28 - 2016-07-23 16:28 - 00000000 ____D C:\Users\pedro\AppData\Local\Apps\2.0
2016-07-23 16:21 - 2016-07-23 16:21 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Intel Corporation
2016-07-23 16:14 - 2016-07-23 16:14 - 00000000 ____D C:\ProgramData\Intel
2016-07-23 16:14 - 2011-12-16 07:40 - 00015128 _____ C:\Windows\System32\Drivers\IntelMEFWVer.dll
2016-07-23 16:14 - 2011-12-06 12:55 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-07-23 16:13 - 2016-08-10 00:34 - 00000000 ____D C:\Program Files\Intel
2016-07-23 16:13 - 2016-07-23 16:13 - 00000000 ____D C:\SP56158
2016-07-23 16:12 - 2016-07-23 16:12 - 00000000 ____D C:\SP56163
2016-07-23 16:11 - 2016-07-23 16:11 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2016-07-23 16:11 - 2016-07-23 16:11 - 00000000 ____D C:\SP56164
2016-07-23 16:11 - 2011-12-04 23:12 - 00041984 _____ (Intel Corporation) C:\Windows\System32\Drivers\USB3Ver.dll
2016-07-23 16:10 - 2016-07-23 16:10 - 00000000 ____D C:\SP56167
2016-07-23 16:10 - 2016-07-23 16:10 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-07-23 16:10 - 2011-08-23 18:57 - 00565352 _____ (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2016-07-23 16:10 - 2011-08-23 18:57 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2016-07-23 16:10 - 2011-08-23 18:57 - 00074272 _____ C:\Windows\System32\RtNicProp64.dll
2016-07-23 04:07 - 2016-07-23 04:07 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf
2016-07-23 04:06 - 2016-07-23 04:06 - 00000000 ____D C:\SP56403
2016-07-23 04:06 - 2016-07-23 04:06 - 00000000 ____D C:\Program Files\Validity Sensors
2016-07-23 04:02 - 2016-07-23 04:02 - 00018304 _____ C:\Windows\System32\results.xml
2016-07-23 04:00 - 2016-08-10 00:34 - 00000000 ____D C:\Program Files (x86)\Intel
2016-07-23 04:00 - 2016-07-23 04:00 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-07-23 03:59 - 2016-07-23 03:59 - 00000000 ____D C:\SP56808
2016-07-23 03:59 - 2016-07-23 03:59 - 00000000 ____D C:\Intel
2016-07-23 03:55 - 2016-07-23 03:55 - 00000000 ____D C:\ProgramData\Ralink Driver
2016-07-23 03:55 - 2012-04-12 16:45 - 01860672 _____ (Ralink Technology, Corp.) C:\Windows\System32\Drivers\netr28x.sys
2016-07-23 03:55 - 2012-01-11 06:11 - 00327008 _____ (Ralink Technology, Inc.) C:\Windows\System32\RaCoInstx.dll
2016-07-23 03:55 - 2012-01-11 06:11 - 00014119 _____ C:\Windows\System32\RaCoInst.dat
2016-07-23 03:52 - 2016-07-23 03:52 - 00000000 ____D C:\Windows\System32\SRSLabs
2016-07-23 03:52 - 2012-08-07 01:49 - 00042482 _____ C:\Windows\System32\Balen&Yeats_dv7.xml
2016-07-23 03:52 - 2012-07-23 23:59 - 07986176 _____ (IDT, Inc.) C:\Windows\System32\IDTNGUI.exe
2016-07-23 03:52 - 2012-07-23 23:59 - 07683584 _____ (IDT, Inc.) C:\Windows\System32\IDTNHP.dll
2016-07-23 03:52 - 2012-07-23 23:59 - 06085632 _____ (IDT, Inc.) C:\Windows\System32\stlang64.dll
2016-07-23 03:52 - 2012-07-23 23:59 - 02211840 _____ (IDT, Inc.) C:\Windows\System32\IDTNX.dll
2016-07-23 03:52 - 2012-07-23 23:59 - 01821184 _____ (IDT, Inc.) C:\Windows\System32\IDTNC64.cpl
2016-07-23 03:52 - 2012-07-23 23:59 - 01425408 _____ (IDT, Inc.) C:\Windows\sttray64.exe
2016-07-23 03:52 - 2012-07-23 23:59 - 00252928 _____ (IDT, Inc.) C:\Windows\System32\IDTNJ.exe
2016-07-23 03:52 - 2012-07-23 23:59 - 00224256 _____ (IDT, Inc.) C:\Windows\System32\HPToneCtrls64.dll
2016-07-23 03:52 - 2011-05-17 14:25 - 00464384 _____ (SRS Labs, Inc.) C:\Windows\System32\slapoi64.dll
2016-07-23 03:51 - 2016-07-25 20:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-23 03:51 - 2016-07-23 03:52 - 00000000 ____D C:\Program Files\IDT
2016-07-23 03:51 - 2016-07-23 03:51 - 00000000 ____D C:\SP57966
2016-07-23 03:51 - 2012-07-23 23:59 - 01988096 _____ (IDT, Inc.) C:\Windows\System32\stapo64.dll
2016-07-23 03:51 - 2012-07-23 23:59 - 00656896 ____N (IDT, Inc.) C:\Windows\System32\stapi64.dll
2016-07-23 03:51 - 2012-07-23 23:59 - 00540160 _____ (IDT, Inc.) C:\Windows\System32\Drivers\stwrt64.sys
2016-07-23 03:51 - 2012-07-23 23:59 - 00450048 _____ (IDT, Inc.) C:\Windows\System32\stcplx64.dll
2016-07-23 03:51 - 2012-07-23 23:59 - 00255488 _____ (IDT, Inc.) C:\Windows\System32\staco64.dll
2016-07-23 03:50 - 2016-07-23 16:14 - 00000000 ____D C:\SWSetup
2016-07-23 03:30 - 2016-08-11 05:45 - 00121944 _____ C:\Users\pedro\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-23 02:37 - 2016-08-10 21:21 - 00000000 ____D C:\users\pedro
2016-07-23 02:37 - 2016-07-23 02:37 - 00000020 ___SH C:\Users\pedro\ntuser.ini
2016-07-23 02:37 - 2016-07-23 02:37 - 00000000 _SHDL C:\Users\pedro\My Documents
2016-07-23 02:37 - 2016-07-23 02:37 - 00000000 _SHDL C:\Users\pedro\Documents\My Videos
2016-07-23 02:37 - 2016-07-23 02:37 - 00000000 _SHDL C:\Users\pedro\Documents\My Pictures
2016-07-23 02:37 - 2016-07-23 02:37 - 00000000 _SHDL C:\Users\pedro\Documents\My Music
2016-07-23 02:37 - 2016-07-23 02:37 - 00000000 ____D C:\Users\pedro\AppData\Local\VirtualStore
2016-07-23 02:37 - 2011-04-12 00:28 - 00000000 ____D C:\Users\pedro\AppData\Roaming\Media Center Programs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-12 06:20 - 2009-07-13 20:45 - 00031088 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-12 06:20 - 2009-07-13 20:45 - 00031088 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-12 06:17 - 2009-07-13 21:13 - 01018700 _____ C:\Windows\System32\PerfStringBackup.INI
2016-08-12 06:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-08-12 06:11 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-11 05:59 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-11 05:50 - 2009-07-13 20:45 - 05161640 _____ C:\Windows\System32\FNTCACHE.DAT
2016-08-11 05:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-10 21:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\GroupPolicy
2016-08-10 04:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-08-09 23:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2016-08-03 12:03 - 2016-05-20 10:19 - 00000000 ____D C:\Users\pedro\Desktop\artioscad 3d cajas
2016-07-26 00:33 - 2016-06-03 15:34 - 00007168 _____ C:\Users\pedro\Desktop\TRIANGULO.ARD
2016-07-25 23:18 - 2010-11-20 19:24 - 00001024 _____ C:\Windows\SysWOW64\ss9tx99.dll
2016-07-25 23:18 - 2010-11-20 19:24 - 00001024 _____ C:\Windows\SysWOW64\grcauth2.dll
2016-07-25 23:18 - 2010-11-20 19:24 - 00001024 _____ C:\Windows\SysWOW64\grcauth1.dll
2016-07-25 23:18 - 2010-11-20 19:24 - 00001024 _____ C:\Windows\SysWOW64\clauth2.dll
2016-07-25 23:18 - 2010-11-20 19:24 - 00001024 _____ C:\Windows\SysWOW64\clauth1.dll
2016-07-25 23:18 - 2010-11-20 19:24 - 00000218 _____ C:\Windows\SysWOW64\yn1li0q.tgz
2016-07-25 23:18 - 2010-11-20 19:24 - 00000204 _____ C:\Windows\SysWOW64\yn1li0q.dll
2016-07-25 23:18 - 2010-11-20 19:24 - 00000114 _____ C:\Windows\SysWOW64\prsgrc.tgz
2016-07-25 23:18 - 2010-11-20 19:24 - 00000100 _____ C:\Windows\SysWOW64\prsgrc.dll
2016-07-25 23:18 - 2010-11-20 19:24 - 00000086 _____ C:\Windows\SysWOW64\ssprs.tgz
2016-07-25 23:18 - 2010-11-20 19:24 - 00000072 _____ C:\Windows\SysWOW64\ssprs.dll
2016-07-25 23:18 - 2010-11-20 19:24 - 00000000 _____ C:\Windows\SysWOW64\serauth2.dll
2016-07-25 23:18 - 2010-11-20 19:24 - 00000000 _____ C:\Windows\SysWOW64\serauth1.dll
2016-07-25 23:18 - 2010-11-20 19:24 - 00000000 _____ C:\Windows\SysWOW64\nsprs.tgz
2016-07-25 23:18 - 2010-11-20 19:24 - 00000000 _____ C:\Windows\SysWOW64\nsprs.dll
2016-07-25 23:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2016-07-25 23:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2016-07-25 18:42 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-25 09:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-07-25 09:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\inetsrv
2016-07-24 00:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-07-23 23:08 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-23 21:43 - 2016-06-09 08:07 - 00000000 ____D C:\Users\pedro\Desktop\corel8
2016-07-23 20:50 - 2011-04-12 00:28 - 00000000 ____D C:\Windows\ShellNew
2016-07-23 18:09 - 2015-08-23 21:01 - 00000000 ____D C:\Users\pedro\Documents\Downloaded Installations
2016-07-23 18:02 - 2014-02-22 00:29 - 00000000 ____D C:\Windows\Panther
2016-07-23 04:06 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2016-07-23 03:44 - 2016-04-23 20:53 - 00000738 _____ C:\Users\pedro\Desktop\HTTrack Website Copier.lnk
 
Files to move or delete:
====================
C:\ProgramData\mslpmad.exe
 
 
Some files in TEMP:
====================
C:\Users\pedro\AppData\Local\Temp\cdo2110928264.dll
C:\Users\pedro\AppData\Local\Temp\cdo2700755925.dll
C:\Users\pedro\AppData\Local\Temp\cdo4233143404.dll
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 16261.19 MB
Available physical RAM: 15099.04 MB
Total Virtual: 16259.39 MB
Available Virtual: 15105.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:244.14 GB) (Free:136.1 GB) NTFS
Drive d: () (Fixed) (Total:372.76 GB) (Free:136.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (datos) (Fixed) (Total:119.11 GB) (Free:119.01 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:195.31 GB) (Free:158.15 GB) NTFS
Drive h: () (Removable) (Total:3.72 GB) (Free:0.56 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1E75F28A)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=736 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
 
LastRegBack: 2016-08-10 04:24
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Response Team
  • 2,411 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:17 AM

Posted 21 August 2016 - 12:17 AM

Hello Pedroa,

My name is Ray and I'll be assisting you with your issue. Please give me a day or two to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 RayS

RayS

  • Malware Response Team
  • 2,411 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:17 AM

Posted 21 August 2016 - 05:55 PM

Hello again pedroa,

While I analyze your very long FRST log, please answer these preliminary questions.

Please explain what you mean when you say, "...then a reset my laptop..." What did you do to "reset" your laptop? Give me a complete description of the steps you took.

I assume you are using a different computer for communication. Is that right? If you are using a second computer, please use the following instructions to immunize your USB thumb drives to avoid contaminating your clean computer with malware from your sick laptop.

Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean working computer.
Note: The download mirror is called MajorGeeks and the download should start automatically. Please do not click any advertisements.
 

  • Insert your USB flash drive into your clean working computer.
  • Double-click USBVaccineSetup.exe to install the program.
  • Select your language. Read and accept the agreement to continue.
  • Choose whether to run the vaccinator at all times and/or for all newly inserted USB drives.
  • Click Next then Finish to complete the installation. The Panda Research USB Vaccine window will open.
  • Select your USB drive from the list. If it is not already vaccinated, click Vaccinate USB.
  • Note: Optionally you can click Vaccinate computer as well. That disables executable items from running automatically on your PC.
  • A message should appear that your USB drive was vaccinated. If not, please describe the error symptoms including verbatim copies of error messages and stop here.
  • Repeat these steps for all USB flash drives that will be used on the sick laptop.
  • Your USB flash drives must be immunized before we connect them to your infected computer.

 

 

 

Why do you think your laptop is infected with "01:6.17600.16385 rootkit"? Please provide a reference. Was this rootkit revealed in a Malwarebytes Anti-Malware (MBAM) scan? Please copy and paste the MBAM log into your reply.


In your next reply...
 

  • Describe what you did to "reset" your laptop.
  • On what date did you "reset" your computer?
  • On what date did you first suspect your computer was infected?
  • Confirm that you have immunized all your USB flash drives that will be used on the sick laptop.
  • Tell me why you suspect a rootkit.
  • Copy and paste the entire contents of the MBAM log into the body of your message.

Is your laptop still unbootable? Have you tried booting into Safe Mode?

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#4 RayS

RayS

  • Malware Response Team
  • 2,411 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:17 AM

Posted 25 August 2016 - 08:49 PM

Hi pedroa

 

3 Day Bump

It has been 3 days since my last post.

  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 AM

Posted 28 August 2016 - 08:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users