Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can access to internet in safe mode only, ESET products cant be installed ,


  • This topic is locked This topic is locked
58 replies to this topic

#1 NoMansSky

NoMansSky

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 24 May 2017 - 12:59 AM

Hi , im here in safe mode right now cuz its the only way i can use internet, programs like steam and battle.net troubleshoot, ESET found 6 viruses but they tricked me so i rebooted the pc before the cleaning , the next i know , its that my pc its in perfect conditions , no malware, no virus , but obviously something its not right , i ve recieved warnings by Panda about Smart ARP Attacks, alot of them , that was before trying to clean with ESET online scanner , now that they both became zombies i just uninstalled them , now every antivirus says that everything is alright.but Rkill cant be activated , and ESET NOD32 says that cant be installed cuz NOD cant resist the attack of the threads in my computer , and thats all.

 

Oh i forgot to mention, i searched for something weird in my firewall , cuz it showed that remote asistance had permission to pass through, that was weird so i kept looking , and 3 programs were duplicated , i mean there was 2 Dota2 apps that had permission to pierce the firewall , and so on, that was very weird so i unchecked all the duplicated programs

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by XTECH (administrator) on XTECH-PC (24-05-2017 01:21:25)
Running from C:\Users\XTECH\Downloads
Loaded Profiles: XTECH (Available Profiles: XTECH)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-19] => http=127.0.0.1:0
ProxyServer: [S-1-5-20] => http=127.0.0.1:0
Tcpip\Parameters: [DhcpNameServer] 200.109.78.12 200.44.32.12
Tcpip\..\Interfaces\{18ACBEEB-9DEF-4549-A5E8-971A965A9D89}: [DhcpNameServer] 200.109.78.12 200.44.32.12
Tcpip\..\Interfaces\{9495AE0A-820D-427A-8527-1A343B416B39}: [NameServer] 200.35.65.3 200.35.65.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000 -> {8851D12B-0268-48BE-9D62-A6F96086ECED} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000 -> {B1B85507-7ACA-4AA1-83DF-3FE64C863FA6} URL = hxxps://ve.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\XTECH\AppData\Roaming\Mozilla\Firefox\Profiles\3961i3t3.default [2017-05-24]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3961i3t3.default -> 
FF NetworkProxy: Mozilla\Firefox\Profiles\3961i3t3.default -> type", 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-23] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-23] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1179365018-2919913279-3888768026-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default [2017-05-23]
CHR Extension: (Google Docs) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-05]
CHR Extension: (Google Drive) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-05]
CHR Extension: (YouTube) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-05]
CHR Extension: (Ebates Cash Back) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-05-10]
CHR Extension: (Panda Safe Web) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2017-05-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-05]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-05]
CHR Extension: (Chrome Media Router) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-10]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [938776 2013-05-27] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-04-26] (EasyAntiCheat Ltd)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
S2 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-09-20] () [File not signed]
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-26] (Huawei Technologies Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-13] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2010-02-01] (ZTE Incorporated)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-23] (Malwarebytes)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider)
S3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-12] (Realtek Semiconductor Corporation                           )
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-06-28] (Anchorfree Inc.)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
U1 aswbdisk; no ImagePath
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
U3 iswSvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-24 01:21 - 2017-05-24 01:22 - 00013874 _____ C:\Users\XTECH\Downloads\FRST.txt
2017-05-24 01:19 - 2017-05-24 01:21 - 00000000 ____D C:\FRST
2017-05-24 01:19 - 2017-05-24 01:19 - 00001398 _____ C:\Users\XTECH\Desktop\FRST64 - Acceso directo.lnk
2017-05-24 01:18 - 2017-05-24 01:18 - 02429952 _____ (Farbar) C:\Users\XTECH\Downloads\FRST64.exe
2017-05-24 00:02 - 2017-05-24 00:18 - 120832640 _____ (ESET) C:\Users\XTECH\Downloads\eis_nt64_esl.exe
2017-05-23 22:53 - 2017-05-23 22:57 - 11646112 _____ (ESET) C:\Users\XTECH\Downloads\avremover_nt64_enu.exe
2017-05-23 21:20 - 2017-05-23 22:37 - 111632512 _____ (ESET) C:\Users\XTECH\Downloads\eav_nt64_esl.exe
2017-05-23 20:50 - 2017-05-23 20:50 - 00065022 _____ C:\Windows\ntbtlog.txt
2017-05-23 19:23 - 2017-05-23 19:24 - 01305367 _____ C:\Users\XTECH\Downloads\Autoruns.zip
2017-05-23 19:16 - 2017-05-24 01:17 - 00000002 _____ C:\Users\XTECH\Desktop\Rkill.txt
2017-05-23 19:15 - 2017-05-23 19:15 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-23 19:15 - 2017-05-23 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-23 19:14 - 2017-05-23 19:15 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\XTECH\Downloads\iExplore.exe
2017-05-23 18:38 - 2017-05-23 20:50 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-23 18:38 - 2017-05-23 18:38 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-23 18:38 - 2017-05-23 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-23 18:38 - 2017-05-23 18:38 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-23 18:38 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-23 18:04 - 2017-05-23 18:09 - 09551280 _____ (Piriform Ltd) C:\Users\XTECH\Downloads\ccsetup530.exe
2017-05-23 18:01 - 2017-05-23 18:08 - 63035592 _____ (Malwarebytes ) C:\Users\XTECH\Downloads\mb3-setup-35891.35891-3.1.2.1733.exe
2017-05-23 17:29 - 2017-05-23 17:29 - 00801087 _____ C:\Users\XTECH\Downloads\GmerARK.zip
2017-05-23 15:50 - 2017-05-23 15:50 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-23 01:58 - 2017-05-23 01:58 - 00004332 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-22 23:57 - 2017-05-22 23:57 - 00003900 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1495511831
2017-05-22 23:57 - 2017-05-22 23:57 - 00001054 _____ C:\Users\Public\Desktop\Avast SafeZone 3 Browser.lnk
2017-05-22 23:57 - 2017-05-22 23:57 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 3 Browser.lnk
2017-05-22 23:55 - 2017-05-22 23:55 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6E62.tmp
2017-05-22 22:16 - 2017-05-22 22:17 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\asw75E9.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6EFF.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\asw73B5.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7414.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw6942.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw67AA.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw6876.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw72F8.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7038.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7357.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw69EE.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7299.tmp
2017-05-22 22:03 - 2017-05-22 23:55 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-22 21:38 - 2017-05-22 21:38 - 06654960 _____ (AVAST Software) C:\Users\XTECH\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-05-22 09:02 - 2017-05-22 09:02 - 00000000 ____D C:\Program Files\ESET
2017-05-14 15:09 - 2017-05-14 15:09 - 00118748 _____ C:\Users\XTECH\Desktop\HORARIO JOSE ANDRES GUEDEZ 1 SEMESTRE.pdf
2017-05-10 00:47 - 2017-05-10 00:47 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2017-05-09 21:30 - 2017-05-09 21:30 - 00000000 ____D C:\ProgramData\CheckPoint
2017-05-09 10:19 - 2017-05-09 10:22 - 00414262 _____ C:\TDSSKiller.3.1.0.12_09.05.2017_10.19.07_log.txt
2017-05-08 08:32 - 2017-05-23 20:29 - 00000000 ____D C:\ProgramData\panda_url_filtering
2017-05-08 08:32 - 2017-05-08 08:32 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2017-05-08 08:31 - 2017-05-23 15:21 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2017-05-08 08:31 - 2017-05-22 21:55 - 00000000 ____D C:\Program Files (x86)\Panda Security
2017-05-08 08:31 - 2017-05-08 08:31 - 00000000 ____D C:\Users\XTECH\AppData\LocalLow\pandasecuritytb
2017-05-08 08:14 - 2017-05-22 21:20 - 00000000 ____D C:\ProgramData\Panda Security
2017-05-07 19:17 - 2017-05-07 19:20 - 00198198 _____ C:\TDSSKiller.3.1.0.12_07.05.2017_19.17.12_log.txt
2017-04-30 16:16 - 2017-04-30 16:20 - 00197456 _____ C:\TDSSKiller.3.1.0.12_30.04.2017_16.16.08_log.txt
2017-04-29 13:30 - 2017-04-29 13:30 - 00000108 _____ C:\Users\XTECH\Desktop\tete.cs
2017-04-29 12:35 - 2017-04-29 13:26 - 00197792 _____ C:\TDSSKiller.3.1.0.12_29.04.2017_12.35.31_log.txt
2017-04-28 08:28 - 2017-04-28 08:56 - 00197310 _____ C:\TDSSKiller.3.1.0.12_28.04.2017_08.28.50_log.txt
2017-04-24 12:38 - 2017-04-24 12:38 - 00000222 _____ C:\Users\XTECH\Desktop\Paladins.url
2017-04-24 04:44 - 2017-04-24 04:44 - 00000222 _____ C:\Users\XTECH\Desktop\Fuse.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-23 23:18 - 2017-02-17 09:16 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-23 20:46 - 2013-07-11 18:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-23 20:46 - 2009-07-13 22:34 - 00000493 _____ C:\Windows\win.ini
2017-05-23 20:14 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-23 19:59 - 2009-07-14 00:45 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-23 19:59 - 2009-07-14 00:45 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-23 19:49 - 2013-12-06 00:09 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-05-23 19:48 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-23 19:48 - 2009-07-14 00:45 - 05060952 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-23 19:15 - 2014-03-11 11:10 - 00000000 ____D C:\Program Files\CCleaner
2017-05-23 18:39 - 2013-12-07 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-05-23 18:39 - 2013-12-07 20:55 - 00000000 ____D C:\Program Files\Autodesk
2017-05-23 18:38 - 2017-02-16 23:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-23 18:38 - 2016-04-09 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic
2017-05-23 18:29 - 2013-05-13 19:24 - 00000000 ____D C:\Program Files\Adobe
2017-05-23 18:29 - 2013-05-13 19:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-23 18:18 - 2013-02-18 11:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-05-23 15:21 - 2017-03-15 15:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-23 15:21 - 2016-07-10 08:11 - 00000000 ____D C:\ProgramData\Skype
2017-05-23 15:21 - 2016-06-05 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-23 15:21 - 2014-09-16 02:45 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-05-23 15:21 - 2014-05-06 00:18 - 00000000 ____D C:\ProgramData\Tablet
2017-05-23 15:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-05-23 02:05 - 2016-06-05 10:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-23 02:05 - 2016-06-05 10:24 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-23 01:58 - 2013-06-09 03:10 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-23 01:58 - 2013-06-09 03:10 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-23 01:58 - 2013-06-09 03:10 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-23 01:58 - 2013-05-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-22 22:17 - 2016-04-08 18:08 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-22 18:43 - 2016-11-25 18:43 - 00000000 ____D C:\Users\XTECH\Desktop\Referencias
2017-05-20 22:17 - 2014-02-17 15:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-20 20:09 - 2017-02-15 05:04 - 00000918 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-05-20 10:55 - 2016-06-07 11:25 - 00000000 ____D C:\ProgramData\Unity
2017-05-11 21:01 - 2016-06-05 10:09 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 21:01 - 2016-06-05 10:09 - 00002192 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-09 23:15 - 2011-04-12 05:10 - 00751372 _____ C:\Windows\system32\perfh00A.dat
2017-05-09 23:15 - 2011-04-12 05:10 - 00160414 _____ C:\Windows\system32\perfc00A.dat
2017-05-09 23:15 - 2009-07-14 01:13 - 01687360 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-09 10:11 - 2009-07-14 01:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-07 19:36 - 2014-02-18 12:57 - 00000000 ____D C:\AdwCleaner
2017-04-26 13:25 - 2017-03-10 06:03 - 00382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-04-25 03:26 - 2014-08-03 02:29 - 00000000 ____D C:\Users\XTECH\Desktop\Modelos
 
==================== Files in the root of some directories =======
 
2013-12-12 22:38 - 2014-01-31 00:09 - 0000000 _____ () C:\Users\XTECH\AppData\Roaming\bitlord_log.txt
2013-06-28 15:11 - 2014-11-08 23:14 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2013-06-28 16:11 - 2017-05-03 12:05 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2014-02-02 12:13 - 2016-04-10 22:09 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato Targa de Adobe CS6
2013-05-09 07:33 - 2013-07-12 08:03 - 0045270 _____ () C:\Users\XTECH\AppData\Roaming\room_v3.dat
2016-11-20 00:50 - 2016-11-20 00:50 - 0000046 _____ () C:\Users\XTECH\AppData\Roaming\WB.CFG
2016-11-24 01:14 - 2016-11-24 01:14 - 308516124 _____ () C:\Users\XTECH\AppData\Local\ACCCx3_9_1_335.zip.aamdownload
2016-11-24 01:14 - 2016-11-24 01:14 - 0003455 _____ () C:\Users\XTECH\AppData\Local\ACCCx3_9_1_335.zip.aamdownload.aamd
2014-12-14 04:16 - 2015-08-08 00:17 - 0001456 _____ () C:\Users\XTECH\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2016-06-29 07:42 - 2016-06-29 07:42 - 0000148 _____ () C:\Users\XTECH\AppData\Local\DisableService.reg
2017-02-07 10:18 - 2017-02-07 10:18 - 0000063 _____ () C:\Users\XTECH\AppData\Local\emaildefaults
2017-02-07 10:28 - 2017-02-07 10:28 - 0000420 _____ () C:\Users\XTECH\AppData\Local\karboncalligraphyrc
2017-02-07 10:17 - 2017-02-07 10:39 - 0015535 _____ () C:\Users\XTECH\AppData\Local\kritarc
2014-01-31 02:36 - 2014-01-31 02:36 - 0000218 _____ () C:\Users\XTECH\AppData\Local\recently-used.xbel
2016-06-29 07:42 - 2016-06-29 07:42 - 0052704 _____ () C:\Users\XTECH\AppData\Local\regall.reg
2016-06-29 07:42 - 2016-06-29 07:42 - 0001012 _____ () C:\Users\XTECH\AppData\Local\service.inf
2016-06-29 07:42 - 2016-06-29 07:42 - 0033019 _____ () C:\Users\XTECH\AppData\Local\slerror.xml
2016-06-29 07:42 - 2016-06-29 07:42 - 2945485 _____ () C:\Users\XTECH\AppData\Local\tokensall.dat
2014-03-07 12:28 - 2014-03-07 12:28 - 0004919 _____ () C:\ProgramData\rznaopga.sea
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-23 00:45
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by XTECH (administrator) on XTECH-PC (24-05-2017 01:21:25)
Running from C:\Users\XTECH\Downloads
Loaded Profiles: XTECH (Available Profiles: XTECH)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-19] => http=127.0.0.1:0
ProxyServer: [S-1-5-20] => http=127.0.0.1:0
Tcpip\Parameters: [DhcpNameServer] 200.109.78.12 200.44.32.12
Tcpip\..\Interfaces\{18ACBEEB-9DEF-4549-A5E8-971A965A9D89}: [DhcpNameServer] 200.109.78.12 200.44.32.12
Tcpip\..\Interfaces\{9495AE0A-820D-427A-8527-1A343B416B39}: [NameServer] 200.35.65.3 200.35.65.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000 -> {8851D12B-0268-48BE-9D62-A6F96086ECED} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000 -> {B1B85507-7ACA-4AA1-83DF-3FE64C863FA6} URL = hxxps://ve.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\XTECH\AppData\Roaming\Mozilla\Firefox\Profiles\3961i3t3.default [2017-05-24]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3961i3t3.default -> 
FF NetworkProxy: Mozilla\Firefox\Profiles\3961i3t3.default -> type", 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-23] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-23] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1179365018-2919913279-3888768026-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default [2017-05-23]
CHR Extension: (Google Docs) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-05]
CHR Extension: (Google Drive) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-05]
CHR Extension: (YouTube) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-05]
CHR Extension: (Ebates Cash Back) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-05-10]
CHR Extension: (Panda Safe Web) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2017-05-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-05]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-05]
CHR Extension: (Chrome Media Router) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-10]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [938776 2013-05-27] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-04-26] (EasyAntiCheat Ltd)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
S2 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-09-20] () [File not signed]
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-26] (Huawei Technologies Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-13] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2010-02-01] (ZTE Incorporated)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-23] (Malwarebytes)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider)
S3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-12] (Realtek Semiconductor Corporation                           )
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-06-28] (Anchorfree Inc.)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
U1 aswbdisk; no ImagePath
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
U3 iswSvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-24 01:21 - 2017-05-24 01:22 - 00013874 _____ C:\Users\XTECH\Downloads\FRST.txt
2017-05-24 01:19 - 2017-05-24 01:21 - 00000000 ____D C:\FRST
2017-05-24 01:19 - 2017-05-24 01:19 - 00001398 _____ C:\Users\XTECH\Desktop\FRST64 - Acceso directo.lnk
2017-05-24 01:18 - 2017-05-24 01:18 - 02429952 _____ (Farbar) C:\Users\XTECH\Downloads\FRST64.exe
2017-05-24 00:02 - 2017-05-24 00:18 - 120832640 _____ (ESET) C:\Users\XTECH\Downloads\eis_nt64_esl.exe
2017-05-23 22:53 - 2017-05-23 22:57 - 11646112 _____ (ESET) C:\Users\XTECH\Downloads\avremover_nt64_enu.exe
2017-05-23 21:20 - 2017-05-23 22:37 - 111632512 _____ (ESET) C:\Users\XTECH\Downloads\eav_nt64_esl.exe
2017-05-23 20:50 - 2017-05-23 20:50 - 00065022 _____ C:\Windows\ntbtlog.txt
2017-05-23 19:23 - 2017-05-23 19:24 - 01305367 _____ C:\Users\XTECH\Downloads\Autoruns.zip
2017-05-23 19:16 - 2017-05-24 01:17 - 00000002 _____ C:\Users\XTECH\Desktop\Rkill.txt
2017-05-23 19:15 - 2017-05-23 19:15 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-23 19:15 - 2017-05-23 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-23 19:14 - 2017-05-23 19:15 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\XTECH\Downloads\iExplore.exe
2017-05-23 18:38 - 2017-05-23 20:50 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-23 18:38 - 2017-05-23 18:38 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-23 18:38 - 2017-05-23 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-23 18:38 - 2017-05-23 18:38 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-23 18:38 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-23 18:04 - 2017-05-23 18:09 - 09551280 _____ (Piriform Ltd) C:\Users\XTECH\Downloads\ccsetup530.exe
2017-05-23 18:01 - 2017-05-23 18:08 - 63035592 _____ (Malwarebytes ) C:\Users\XTECH\Downloads\mb3-setup-35891.35891-3.1.2.1733.exe
2017-05-23 17:29 - 2017-05-23 17:29 - 00801087 _____ C:\Users\XTECH\Downloads\GmerARK.zip
2017-05-23 15:50 - 2017-05-23 15:50 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-23 01:58 - 2017-05-23 01:58 - 00004332 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-22 23:57 - 2017-05-22 23:57 - 00003900 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1495511831
2017-05-22 23:57 - 2017-05-22 23:57 - 00001054 _____ C:\Users\Public\Desktop\Avast SafeZone 3 Browser.lnk
2017-05-22 23:57 - 2017-05-22 23:57 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 3 Browser.lnk
2017-05-22 23:55 - 2017-05-22 23:55 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6E62.tmp
2017-05-22 22:16 - 2017-05-22 22:17 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\asw75E9.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6EFF.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\asw73B5.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7414.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw6942.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw67AA.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw6876.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw72F8.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7038.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7357.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw69EE.tmp
2017-05-22 22:16 - 2017-05-22 22:16 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7299.tmp
2017-05-22 22:03 - 2017-05-22 23:55 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-22 21:38 - 2017-05-22 21:38 - 06654960 _____ (AVAST Software) C:\Users\XTECH\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-05-22 09:02 - 2017-05-22 09:02 - 00000000 ____D C:\Program Files\ESET
2017-05-14 15:09 - 2017-05-14 15:09 - 00118748 _____ C:\Users\XTECH\Desktop\HORARIO JOSE ANDRES GUEDEZ 1 SEMESTRE.pdf
2017-05-10 00:47 - 2017-05-10 00:47 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2017-05-09 21:30 - 2017-05-09 21:30 - 00000000 ____D C:\ProgramData\CheckPoint
2017-05-09 10:19 - 2017-05-09 10:22 - 00414262 _____ C:\TDSSKiller.3.1.0.12_09.05.2017_10.19.07_log.txt
2017-05-08 08:32 - 2017-05-23 20:29 - 00000000 ____D C:\ProgramData\panda_url_filtering
2017-05-08 08:32 - 2017-05-08 08:32 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2017-05-08 08:31 - 2017-05-23 15:21 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2017-05-08 08:31 - 2017-05-22 21:55 - 00000000 ____D C:\Program Files (x86)\Panda Security
2017-05-08 08:31 - 2017-05-08 08:31 - 00000000 ____D C:\Users\XTECH\AppData\LocalLow\pandasecuritytb
2017-05-08 08:14 - 2017-05-22 21:20 - 00000000 ____D C:\ProgramData\Panda Security
2017-05-07 19:17 - 2017-05-07 19:20 - 00198198 _____ C:\TDSSKiller.3.1.0.12_07.05.2017_19.17.12_log.txt
2017-04-30 16:16 - 2017-04-30 16:20 - 00197456 _____ C:\TDSSKiller.3.1.0.12_30.04.2017_16.16.08_log.txt
2017-04-29 13:30 - 2017-04-29 13:30 - 00000108 _____ C:\Users\XTECH\Desktop\tete.cs
2017-04-29 12:35 - 2017-04-29 13:26 - 00197792 _____ C:\TDSSKiller.3.1.0.12_29.04.2017_12.35.31_log.txt
2017-04-28 08:28 - 2017-04-28 08:56 - 00197310 _____ C:\TDSSKiller.3.1.0.12_28.04.2017_08.28.50_log.txt
2017-04-24 12:38 - 2017-04-24 12:38 - 00000222 _____ C:\Users\XTECH\Desktop\Paladins.url
2017-04-24 04:44 - 2017-04-24 04:44 - 00000222 _____ C:\Users\XTECH\Desktop\Fuse.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-23 23:18 - 2017-02-17 09:16 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-23 20:46 - 2013-07-11 18:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-23 20:46 - 2009-07-13 22:34 - 00000493 _____ C:\Windows\win.ini
2017-05-23 20:14 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-23 19:59 - 2009-07-14 00:45 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-23 19:59 - 2009-07-14 00:45 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-23 19:49 - 2013-12-06 00:09 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-05-23 19:48 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-23 19:48 - 2009-07-14 00:45 - 05060952 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-23 19:15 - 2014-03-11 11:10 - 00000000 ____D C:\Program Files\CCleaner
2017-05-23 18:39 - 2013-12-07 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-05-23 18:39 - 2013-12-07 20:55 - 00000000 ____D C:\Program Files\Autodesk
2017-05-23 18:38 - 2017-02-16 23:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-23 18:38 - 2016-04-09 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic
2017-05-23 18:29 - 2013-05-13 19:24 - 00000000 ____D C:\Program Files\Adobe
2017-05-23 18:29 - 2013-05-13 19:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-23 18:18 - 2013-02-18 11:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-05-23 15:21 - 2017-03-15 15:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-23 15:21 - 2016-07-10 08:11 - 00000000 ____D C:\ProgramData\Skype
2017-05-23 15:21 - 2016-06-05 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-23 15:21 - 2014-09-16 02:45 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-05-23 15:21 - 2014-05-06 00:18 - 00000000 ____D C:\ProgramData\Tablet
2017-05-23 15:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-05-23 02:05 - 2016-06-05 10:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-23 02:05 - 2016-06-05 10:24 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-23 01:58 - 2013-06-09 03:10 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-23 01:58 - 2013-06-09 03:10 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-23 01:58 - 2013-06-09 03:10 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-23 01:58 - 2013-05-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-22 22:17 - 2016-04-08 18:08 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-22 18:43 - 2016-11-25 18:43 - 00000000 ____D C:\Users\XTECH\Desktop\Referencias
2017-05-20 22:17 - 2014-02-17 15:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-20 20:09 - 2017-02-15 05:04 - 00000918 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-05-20 10:55 - 2016-06-07 11:25 - 00000000 ____D C:\ProgramData\Unity
2017-05-11 21:01 - 2016-06-05 10:09 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 21:01 - 2016-06-05 10:09 - 00002192 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-09 23:15 - 2011-04-12 05:10 - 00751372 _____ C:\Windows\system32\perfh00A.dat
2017-05-09 23:15 - 2011-04-12 05:10 - 00160414 _____ C:\Windows\system32\perfc00A.dat
2017-05-09 23:15 - 2009-07-14 01:13 - 01687360 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-09 10:11 - 2009-07-14 01:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-07 19:36 - 2014-02-18 12:57 - 00000000 ____D C:\AdwCleaner
2017-04-26 13:25 - 2017-03-10 06:03 - 00382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-04-25 03:26 - 2014-08-03 02:29 - 00000000 ____D C:\Users\XTECH\Desktop\Modelos
 
==================== Files in the root of some directories =======
 
2013-12-12 22:38 - 2014-01-31 00:09 - 0000000 _____ () C:\Users\XTECH\AppData\Roaming\bitlord_log.txt
2013-06-28 15:11 - 2014-11-08 23:14 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2013-06-28 16:11 - 2017-05-03 12:05 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2014-02-02 12:13 - 2016-04-10 22:09 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato Targa de Adobe CS6
2013-05-09 07:33 - 2013-07-12 08:03 - 0045270 _____ () C:\Users\XTECH\AppData\Roaming\room_v3.dat
2016-11-20 00:50 - 2016-11-20 00:50 - 0000046 _____ () C:\Users\XTECH\AppData\Roaming\WB.CFG
2016-11-24 01:14 - 2016-11-24 01:14 - 308516124 _____ () C:\Users\XTECH\AppData\Local\ACCCx3_9_1_335.zip.aamdownload
2016-11-24 01:14 - 2016-11-24 01:14 - 0003455 _____ () C:\Users\XTECH\AppData\Local\ACCCx3_9_1_335.zip.aamdownload.aamd
2014-12-14 04:16 - 2015-08-08 00:17 - 0001456 _____ () C:\Users\XTECH\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2016-06-29 07:42 - 2016-06-29 07:42 - 0000148 _____ () C:\Users\XTECH\AppData\Local\DisableService.reg
2017-02-07 10:18 - 2017-02-07 10:18 - 0000063 _____ () C:\Users\XTECH\AppData\Local\emaildefaults
2017-02-07 10:28 - 2017-02-07 10:28 - 0000420 _____ () C:\Users\XTECH\AppData\Local\karboncalligraphyrc
2017-02-07 10:17 - 2017-02-07 10:39 - 0015535 _____ () C:\Users\XTECH\AppData\Local\kritarc
2014-01-31 02:36 - 2014-01-31 02:36 - 0000218 _____ () C:\Users\XTECH\AppData\Local\recently-used.xbel
2016-06-29 07:42 - 2016-06-29 07:42 - 0052704 _____ () C:\Users\XTECH\AppData\Local\regall.reg
2016-06-29 07:42 - 2016-06-29 07:42 - 0001012 _____ () C:\Users\XTECH\AppData\Local\service.inf
2016-06-29 07:42 - 2016-06-29 07:42 - 0033019 _____ () C:\Users\XTECH\AppData\Local\slerror.xml
2016-06-29 07:42 - 2016-06-29 07:42 - 2945485 _____ () C:\Users\XTECH\AppData\Local\tokensall.dat
2014-03-07 12:28 - 2014-03-07 12:28 - 0004919 _____ () C:\ProgramData\rznaopga.sea
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-23 00:45
 
==================== End of FRST.txt ============================

 

 

 

I'll wait , thank you :)



BC AdBot (Login to Remove)

 


#2 NoMansSky

NoMansSky
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 27 May 2017 - 11:15 PM

excuse me but everything got worst/better , now i can get into the internet , and everything seems to be fine , but i was playing in bluestacks , and my computer made a sound like boop! , and then the desktop turned white and the cursor was moving by itself , in a very weird way , just vertical and returning to its original point , and moving vertical again and returning, but then it started to open files and the white started to flash and the cursor it just do not responsed



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 29 May 2017 - 01:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/647493 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 NoMansSky

NoMansSky
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 30 May 2017 - 01:53 PM

the first that i said , and now i have no needing of be in safe mode everything just fixed very weird , and i downloaded windoes updates, looks like it has been desactivated since a long time , but it was by me i remember that xd
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
Ran by XTECH (administrator) on XTECH-PC (30-05-2017 13:47:47)
Running from C:\Users\XTECH\Downloads
Loaded Profiles: XTECH (Available Profiles: XTECH)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
() C:\Windows\System32\atwtusb.exe
() C:\Windows\System32\atwtusb.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
(Hirez Studios, Inc.) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\Paladins.exe
(Coherent Labs) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\host\CoherentUI_Host.exe
(Coherent Labs) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\host\CoherentUI_Host.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-24] (BlueStack Systems, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-19] => http=127.0.0.1:0
ProxyServer: [S-1-5-20] => http=127.0.0.1:0
Tcpip\Parameters: [DhcpNameServer] 200.109.78.12 200.44.32.12
Tcpip\..\Interfaces\{18ACBEEB-9DEF-4549-A5E8-971A965A9D89}: [DhcpNameServer] 200.109.78.12 200.44.32.12
Tcpip\..\Interfaces\{9495AE0A-820D-427A-8527-1A343B416B39}: [NameServer] 200.35.65.3 200.35.65.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000 -> {8851D12B-0268-48BE-9D62-A6F96086ECED} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000 -> {B1B85507-7ACA-4AA1-83DF-3FE64C863FA6} URL = hxxps://ve.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\XTECH\AppData\Roaming\Mozilla\Firefox\Profiles\3961i3t3.default [2017-05-30]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3961i3t3.default -> 
FF NetworkProxy: Mozilla\Firefox\Profiles\3961i3t3.default -> type", 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-23] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-23] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1179365018-2919913279-3888768026-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default [2017-05-23]
CHR Extension: (Google Docs) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-05]
CHR Extension: (Google Drive) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-05]
CHR Extension: (YouTube) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-05]
CHR Extension: (Ebates Cash Back) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-05-10]
CHR Extension: (Panda Safe Web) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2017-05-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-05]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-05]
CHR Extension: (Chrome Media Router) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-10]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [938776 2013-05-27] (BitRaider, LLC)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-24] (BlueStack Systems, Inc.)
R3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-04-26] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-05-26] (ESET)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
R2 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-09-20] () [File not signed]
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-24] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-22] (Bluestack System Inc. )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132848 2017-05-26] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178056 2017-03-09] (ESET)
R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [77224 2017-03-09] (ESET)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-26] (Huawei Technologies Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-13] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2010-02-01] (ZTE Incorporated)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-30] (Malwarebytes)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-12] (Realtek Semiconductor Corporation                           )
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-06-28] (Anchorfree Inc.)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
U1 aswbdisk; no ImagePath
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
R3 EasyAntiCheatSys; \??\C:\Windows\system32\drivers\EasyAntiCheat.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
U3 iswSvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-30 13:47 - 2017-05-30 13:47 - 00000000 ____D C:\Users\XTECH\Downloads\FRST-OlderVersion
2017-05-27 12:27 - 2017-05-27 14:00 - 325047840 _____ ( ) C:\Users\XTECH\Downloads\koplayer-1.4.1055.exe
2017-05-27 10:56 - 2017-05-27 10:55 - 00001636 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-05-27 10:55 - 2017-05-27 10:55 - 00001636 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-05-27 10:51 - 2017-05-27 10:56 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-05-27 10:51 - 2017-05-24 02:58 - 00000000 ____D C:\ProgramData\BlueStacks
2017-05-27 00:33 - 2017-05-27 01:14 - 339047640 _____ (BlueStack Systems Inc.) C:\Users\XTECH\Downloads\BlueStacks2_native_2474d1f84fbf2fcea1cb12819f7c1d44.exe
2017-05-26 22:21 - 2017-05-26 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-05-26 22:21 - 2017-05-26 22:21 - 00000000 ____D C:\ProgramData\ESET
2017-05-24 15:29 - 2017-05-24 16:34 - 101682212 _____ C:\Users\XTECH\Downloads\Sin confirmar 335213.crdownload
2017-05-24 12:33 - 2017-04-27 21:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-24 12:33 - 2017-04-27 21:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-24 12:33 - 2017-04-27 21:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-24 12:33 - 2017-04-27 21:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-24 12:33 - 2017-04-27 21:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-24 12:33 - 2017-04-27 21:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-24 12:33 - 2017-04-27 20:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-24 12:33 - 2017-04-27 20:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-24 12:33 - 2017-04-27 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-24 12:33 - 2017-04-27 20:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-24 12:33 - 2017-04-27 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-24 12:33 - 2017-04-27 20:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-24 12:33 - 2017-04-27 20:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-24 12:33 - 2017-04-27 20:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-24 12:33 - 2017-04-27 20:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-24 12:33 - 2017-04-27 20:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-24 12:33 - 2017-04-27 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-24 12:33 - 2017-04-27 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-24 12:33 - 2017-04-27 20:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-24 12:33 - 2017-04-27 20:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-24 12:33 - 2017-04-27 20:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-24 12:33 - 2017-04-27 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-24 12:33 - 2017-04-27 20:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-24 12:33 - 2017-04-27 20:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-24 12:33 - 2017-04-27 20:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-24 12:33 - 2017-04-26 10:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-24 12:33 - 2017-04-21 11:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-24 12:33 - 2017-04-21 11:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-24 12:33 - 2017-04-19 20:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-24 12:33 - 2017-04-19 19:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-24 12:33 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-24 12:33 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-24 12:33 - 2017-04-17 11:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-24 12:33 - 2017-04-17 11:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-24 12:33 - 2017-04-17 11:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-24 12:33 - 2017-04-17 11:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-24 12:33 - 2017-04-17 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-24 12:33 - 2017-04-17 11:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-24 12:33 - 2017-04-17 10:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-24 12:33 - 2017-04-16 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-24 12:33 - 2017-04-16 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-24 12:33 - 2017-04-16 04:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-24 12:33 - 2017-04-16 04:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-24 12:33 - 2017-04-16 04:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-24 12:33 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-24 12:33 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-24 12:33 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-24 12:33 - 2017-04-16 04:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-24 12:33 - 2017-04-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-24 12:33 - 2017-04-16 04:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-24 12:33 - 2017-04-16 04:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-24 12:33 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-24 12:33 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-24 12:33 - 2017-04-16 04:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-24 12:33 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-24 12:33 - 2017-04-16 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-24 12:33 - 2017-04-16 04:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-24 12:33 - 2017-04-16 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-24 12:33 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-24 12:33 - 2017-04-16 04:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-24 12:33 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-24 12:33 - 2017-04-16 04:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-24 12:33 - 2017-04-16 04:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-24 12:33 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-24 12:33 - 2017-04-16 04:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-24 12:33 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-24 12:33 - 2017-04-16 04:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-24 12:33 - 2017-04-16 04:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-24 12:33 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-24 12:33 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-24 12:33 - 2017-04-16 03:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-24 12:33 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-24 12:33 - 2017-04-16 03:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-24 12:33 - 2017-04-16 03:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-24 12:33 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-24 12:33 - 2017-04-16 03:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-24 12:33 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-24 12:33 - 2017-04-16 03:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-24 12:33 - 2017-04-16 03:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-24 12:33 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-24 12:33 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-24 12:33 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-24 12:33 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-24 12:33 - 2017-04-16 03:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-24 12:33 - 2017-04-16 03:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-24 12:33 - 2017-04-16 03:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-24 12:33 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-24 12:33 - 2017-04-16 03:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-24 12:33 - 2017-04-16 03:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-24 12:33 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-24 12:33 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-24 12:33 - 2017-04-16 03:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-24 12:33 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-24 12:33 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-24 12:33 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-24 12:33 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-24 12:33 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-24 12:33 - 2017-04-16 03:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-24 12:33 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-24 12:33 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-24 12:33 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-24 12:33 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-24 12:33 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-24 12:33 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-24 12:33 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-24 12:33 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-24 12:33 - 2017-04-12 11:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-24 12:33 - 2017-04-12 11:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-24 12:33 - 2017-04-12 11:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-24 12:33 - 2017-04-12 11:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-24 12:33 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-24 12:33 - 2017-04-12 11:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-24 12:33 - 2017-04-12 11:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-24 12:33 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-24 12:33 - 2017-04-07 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-24 12:33 - 2017-04-07 11:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-24 12:33 - 2017-04-07 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-24 12:33 - 2017-04-07 11:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-24 12:33 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-24 12:33 - 2017-04-05 10:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-24 12:33 - 2017-04-05 10:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-24 12:33 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-24 12:33 - 2017-04-04 11:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-24 12:33 - 2017-04-04 11:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-24 12:33 - 2017-04-04 10:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-24 12:33 - 2017-04-04 10:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-24 12:33 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-05-24 12:33 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-05-24 12:33 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-05-24 12:33 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-05-24 12:33 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-05-24 12:33 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-05-24 12:33 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-05-24 12:33 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-05-24 12:33 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-05-24 12:33 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-05-24 12:33 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-05-24 12:33 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-05-24 12:33 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-05-24 12:33 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-05-24 12:33 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-05-24 12:33 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-05-24 12:33 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-05-24 12:33 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-24 12:33 - 2017-03-10 12:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-24 12:33 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-05-24 12:33 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-05-24 12:33 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-05-24 12:33 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-05-24 12:33 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-05-24 12:33 - 2017-03-10 12:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-24 12:33 - 2017-03-10 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-24 12:33 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-05-24 12:33 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-05-24 12:33 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-05-24 12:33 - 2017-03-10 11:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-24 12:33 - 2017-03-10 11:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-24 12:33 - 2017-03-10 11:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-24 12:33 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-05-24 12:33 - 2017-03-09 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-24 12:33 - 2017-03-09 12:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-24 12:33 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-05-24 12:33 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-05-24 12:33 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-05-24 12:33 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-05-24 12:33 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-05-24 12:33 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-05-24 12:33 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-05-24 12:33 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-05-24 12:33 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-05-24 12:33 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-05-24 12:33 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-05-24 12:33 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-05-24 12:33 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-05-24 12:33 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-05-24 12:33 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-05-24 12:33 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-05-24 12:33 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-05-24 12:33 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-05-24 12:33 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-05-24 12:33 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-05-24 12:33 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-05-24 12:33 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-05-24 12:33 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-05-24 12:33 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-05-24 12:33 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-05-24 12:33 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-24 12:33 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-05-24 12:33 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-24 12:33 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-05-24 12:33 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-05-24 12:33 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-05-24 12:33 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-05-24 12:33 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-05-24 12:33 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-05-24 12:33 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-05-24 12:11 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-05-24 12:11 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-05-24 12:11 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-05-24 12:11 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-05-24 12:11 - 2016-12-31 11:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-05-24 12:11 - 2016-12-31 11:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-05-24 12:11 - 2016-12-31 11:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-05-24 12:11 - 2016-12-31 11:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-05-24 12:11 - 2016-12-31 11:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-05-24 01:34 - 2017-05-24 01:23 - 00047426 _____ C:\Users\XTECH\Desktop\Addition.txt
2017-05-24 01:23 - 2017-05-24 01:23 - 00047426 _____ C:\Users\XTECH\Downloads\Addition.txt
2017-05-24 01:21 - 2017-05-30 13:49 - 00017652 _____ C:\Users\XTECH\Downloads\FRST.txt
2017-05-24 01:19 - 2017-05-30 13:47 - 00000000 ____D C:\FRST
2017-05-24 01:19 - 2017-05-24 01:19 - 00001398 _____ C:\Users\XTECH\Desktop\FRST64 - Acceso directo.lnk
2017-05-24 01:18 - 2017-05-30 13:47 - 02429952 _____ (Farbar) C:\Users\XTECH\Downloads\FRST64.exe
2017-05-24 00:02 - 2017-05-24 00:18 - 120832640 _____ (ESET) C:\Users\XTECH\Downloads\eis_nt64_esl.exe
2017-05-23 22:53 - 2017-05-23 22:57 - 11646112 _____ (ESET) C:\Users\XTECH\Downloads\avremover_nt64_enu.exe
2017-05-23 21:20 - 2017-05-23 22:37 - 111632512 _____ (ESET) C:\Users\XTECH\Downloads\eav_nt64_esl.exe
2017-05-23 20:50 - 2017-05-29 06:17 - 00284222 _____ C:\Windows\ntbtlog.txt
2017-05-23 19:23 - 2017-05-23 19:24 - 01305367 _____ C:\Users\XTECH\Downloads\Autoruns.zip
2017-05-23 19:16 - 2017-05-28 00:06 - 00000002 _____ C:\Users\XTECH\Desktop\Rkill.txt
2017-05-23 19:15 - 2017-05-23 19:15 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-23 19:15 - 2017-05-23 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-23 19:14 - 2017-05-23 19:15 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\XTECH\Downloads\iExplore.exe
2017-05-23 18:38 - 2017-05-30 13:26 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-23 18:38 - 2017-05-23 18:38 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-23 18:38 - 2017-05-23 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-23 18:38 - 2017-05-23 18:38 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-23 18:38 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-23 18:04 - 2017-05-23 18:09 - 09551280 _____ (Piriform Ltd) C:\Users\XTECH\Downloads\ccsetup530.exe
2017-05-23 18:01 - 2017-05-23 18:08 - 63035592 _____ (Malwarebytes ) C:\Users\XTECH\Downloads\mb3-setup-35891.35891-3.1.2.1733.exe
2017-05-23 17:29 - 2017-05-23 17:29 - 00801087 _____ C:\Users\XTECH\Downloads\GmerARK.zip
2017-05-23 15:50 - 2017-05-23 15:50 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-23 01:58 - 2017-05-23 01:58 - 00004332 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-22 23:57 - 2017-05-22 23:57 - 00003900 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1495511831
2017-05-22 23:57 - 2017-05-22 23:57 - 00001054 _____ C:\Users\Public\Desktop\Avast SafeZone 3 Browser.lnk
2017-05-22 23:57 - 2017-05-22 23:57 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 3 Browser.lnk
2017-05-22 21:38 - 2017-05-22 21:38 - 06654960 _____ (AVAST Software) C:\Users\XTECH\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-05-22 09:02 - 2017-05-22 09:02 - 00000000 ____D C:\Program Files\ESET
2017-05-14 15:09 - 2017-05-14 15:09 - 00118748 _____ C:\Users\XTECH\Desktop\HORARIO JOSE ANDRES GUEDEZ 1 SEMESTRE.pdf
2017-05-10 00:47 - 2017-05-10 00:47 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2017-05-09 21:30 - 2017-05-09 21:30 - 00000000 ____D C:\ProgramData\CheckPoint
2017-05-09 10:19 - 2017-05-09 10:22 - 00414262 _____ C:\TDSSKiller.3.1.0.12_09.05.2017_10.19.07_log.txt
2017-05-08 08:32 - 2017-05-29 23:45 - 00000000 ____D C:\ProgramData\panda_url_filtering
2017-05-08 08:32 - 2017-05-08 08:32 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2017-05-08 08:31 - 2017-05-27 10:49 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2017-05-08 08:31 - 2017-05-22 21:55 - 00000000 ____D C:\Program Files (x86)\Panda Security
2017-05-08 08:31 - 2017-05-08 08:31 - 00000000 ____D C:\Users\XTECH\AppData\LocalLow\pandasecuritytb
2017-05-08 08:14 - 2017-05-22 21:20 - 00000000 ____D C:\ProgramData\Panda Security
2017-05-07 19:17 - 2017-05-07 19:20 - 00198198 _____ C:\TDSSKiller.3.1.0.12_07.05.2017_19.17.12_log.txt
2017-04-30 16:16 - 2017-04-30 16:20 - 00197456 _____ C:\TDSSKiller.3.1.0.12_30.04.2017_16.16.08_log.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-30 13:47 - 2013-07-11 18:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-30 13:40 - 2009-07-14 00:45 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-30 13:40 - 2009-07-14 00:45 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-30 13:25 - 2013-12-06 00:09 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-05-30 13:25 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-30 13:25 - 2009-07-13 22:34 - 00000493 _____ C:\Windows\win.ini
2017-05-29 01:21 - 2016-11-25 18:43 - 00000000 ____D C:\Users\XTECH\Desktop\Referencias
2017-05-28 16:14 - 2014-02-17 15:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-28 12:58 - 2016-09-03 00:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-05-28 01:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-28 00:05 - 2013-05-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-27 20:09 - 2017-02-15 05:04 - 00000918 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-05-27 10:56 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-26 23:12 - 2017-03-09 21:55 - 00132848 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2017-05-26 15:08 - 2014-09-16 02:45 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-05-25 17:13 - 2013-05-09 07:00 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2017-05-24 20:44 - 2014-08-03 02:29 - 00000000 ____D C:\Users\XTECH\Desktop\Modelos
2017-05-24 18:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-24 15:04 - 2011-04-12 05:10 - 00751372 _____ C:\Windows\system32\perfh00A.dat
2017-05-24 15:04 - 2011-04-12 05:10 - 00160414 _____ C:\Windows\system32\perfc00A.dat
2017-05-24 15:04 - 2009-07-14 01:13 - 01687360 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-24 14:55 - 2009-07-14 00:45 - 05060952 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-24 14:52 - 2014-12-10 04:50 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-24 14:52 - 2014-05-06 14:45 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-05-24 14:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-24 14:40 - 2013-12-07 22:41 - 01661010 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-24 14:38 - 2013-08-29 22:17 - 00000000 ____D C:\Windows\system32\MRT
2017-05-24 14:37 - 2013-05-27 06:53 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-24 10:45 - 2017-02-17 09:16 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-24 10:45 - 2016-04-08 18:08 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-23 19:15 - 2014-03-11 11:10 - 00000000 ____D C:\Program Files\CCleaner
2017-05-23 18:39 - 2013-12-07 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-05-23 18:39 - 2013-12-07 20:55 - 00000000 ____D C:\Program Files\Autodesk
2017-05-23 18:38 - 2017-02-16 23:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-23 18:38 - 2016-04-09 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic
2017-05-23 18:29 - 2013-05-13 19:24 - 00000000 ____D C:\Program Files\Adobe
2017-05-23 18:29 - 2013-05-13 19:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-23 18:18 - 2013-02-18 11:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-05-23 15:21 - 2017-03-15 15:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-23 15:21 - 2016-07-10 08:11 - 00000000 ____D C:\ProgramData\Skype
2017-05-23 15:21 - 2016-06-05 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-23 15:21 - 2014-05-06 00:18 - 00000000 ____D C:\ProgramData\Tablet
2017-05-23 15:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-05-23 02:05 - 2016-06-05 10:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-23 02:05 - 2016-06-05 10:24 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-23 01:58 - 2013-06-09 03:10 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-23 01:58 - 2013-06-09 03:10 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-23 01:58 - 2013-06-09 03:10 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-20 10:55 - 2016-06-07 11:25 - 00000000 ____D C:\ProgramData\Unity
2017-05-11 21:01 - 2016-06-05 10:09 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 21:01 - 2016-06-05 10:09 - 00002192 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-09 10:11 - 2009-07-14 01:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-07 19:36 - 2014-02-18 12:57 - 00000000 ____D C:\AdwCleaner
 
==================== Files in the root of some directories =======
 
2013-12-12 22:38 - 2014-01-31 00:09 - 0000000 _____ () C:\Users\XTECH\AppData\Roaming\bitlord_log.txt
2013-06-28 15:11 - 2014-11-08 23:14 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2013-06-28 16:11 - 2017-05-29 01:21 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2014-02-02 12:13 - 2016-04-10 22:09 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato Targa de Adobe CS6
2013-05-09 07:33 - 2013-07-12 08:03 - 0045270 _____ () C:\Users\XTECH\AppData\Roaming\room_v3.dat
2016-11-20 00:50 - 2016-11-20 00:50 - 0000046 _____ () C:\Users\XTECH\AppData\Roaming\WB.CFG
2016-11-24 01:14 - 2016-11-24 01:14 - 308516124 _____ () C:\Users\XTECH\AppData\Local\ACCCx3_9_1_335.zip.aamdownload
2016-11-24 01:14 - 2016-11-24 01:14 - 0003455 _____ () C:\Users\XTECH\AppData\Local\ACCCx3_9_1_335.zip.aamdownload.aamd
2014-12-14 04:16 - 2015-08-08 00:17 - 0001456 _____ () C:\Users\XTECH\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2016-06-29 07:42 - 2016-06-29 07:42 - 0000148 _____ () C:\Users\XTECH\AppData\Local\DisableService.reg
2017-02-07 10:18 - 2017-02-07 10:18 - 0000063 _____ () C:\Users\XTECH\AppData\Local\emaildefaults
2017-02-07 10:28 - 2017-02-07 10:28 - 0000420 _____ () C:\Users\XTECH\AppData\Local\karboncalligraphyrc
2017-02-07 10:17 - 2017-02-07 10:39 - 0015535 _____ () C:\Users\XTECH\AppData\Local\kritarc
2014-01-31 02:36 - 2014-01-31 02:36 - 0000218 _____ () C:\Users\XTECH\AppData\Local\recently-used.xbel
2016-06-29 07:42 - 2016-06-29 07:42 - 0052704 _____ () C:\Users\XTECH\AppData\Local\regall.reg
2016-06-29 07:42 - 2016-06-29 07:42 - 0001012 _____ () C:\Users\XTECH\AppData\Local\service.inf
2016-06-29 07:42 - 2016-06-29 07:42 - 0033019 _____ () C:\Users\XTECH\AppData\Local\slerror.xml
2016-06-29 07:42 - 2016-06-29 07:42 - 2945485 _____ () C:\Users\XTECH\AppData\Local\tokensall.dat
2014-03-07 12:28 - 2014-03-07 12:28 - 0004919 _____ () C:\ProgramData\rznaopga.sea
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-23 00:45
 
==================== End of FRST.txt ============================


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,424 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:58 PM

Posted 04 June 2017 - 07:29 AM

Greetings NoMansSky.

Sorry for the delay in getting to your topic. Thank you for letting us know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,424 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:58 PM

Posted 04 June 2017 - 07:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,424 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:58 PM

Posted 08 June 2017 - 01:06 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 NoMansSky

NoMansSky
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 10 June 2017 - 10:13 AM

Thanks , here is the log: 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2017
Ran by XTECH (10-06-2017 11:11:18)
Running from C:\Users\XTECH\Downloads
Windows 7 Home Basic Service Pack 1 (X64) (2013-02-19 02:43:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1179365018-2919913279-3888768026-500 - Administrator - Disabled)
Invitado (S-1-5-21-1179365018-2919913279-3888768026-501 - Limited - Disabled)
XTECH (S-1-5-21-1179365018-2919913279-3888768026-1000 - Administrator - Enabled) => C:\Users\XTECH
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
Alcatel USB Modem (HKLM-x32\...\{E8DCB416-E09E-4CA6-9F67-E1122AB82893}) (Version: 1.001.00025 - Alcatel)
AMD Catalyst Install Manager (HKLM\...\{CCE9E238-0912-1D72-C1AA-0CE3B30EA5E0}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassins Creed IV Black Flag (HKLM-x32\...\{C2523AE6-F335-4D0B-BC15-1C0ACIVBF}) (Version: 1.00.0000 - SuperCesar)
Autodesk 3ds Max 2012 64-bit - English (HKLM\...\Autodesk 3ds Max 2012 64-bit - English) (Version: 14.0 - Autodesk)
Autodesk 3ds Max 2012 64-bit - English (Version: 14.0 - Autodesk) Hidden
Autodesk Backburner 2012.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2012.0.0 - Autodesk, Inc.)
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit (HKLM\...\Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit) (Version:  - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2012 (HKLM-x32\...\{B5751715-EC10-43D9-8C95-62E1368433EF}) (Version: 2.5.0.8 - Autodesk)
AVG 2016 (Version: 16.0.4749 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.1 - BitRaider, LLC)
Blender (HKLM\...\Blender) (Version: 2.67 - Blender Foundation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.320.8504 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
DC Universe Online Live (HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\DG0-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Epic Games Launcher (HKLM-x32\...\{56C7F9B4-77A1-48C3-AE0A-E402992F1F9B}) (Version: 1.1.94.0 - Epic Games, Inc.)
ESET NOD32 Antivirus (HKLM\...\{082B2D27-CEE7-4086-BEA9-24EB18551BA3}) (Version: 10.1.204.1 - ESET, spol. s r.o.)
Faeria (HKLM\...\Steam App 397060) (Version:  - Abrakam SA)
Fuse (HKLM\...\Steam App 257400) (Version:  - Mixamo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.8.3 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HUAWEI DataCard Driver 4.25.13.00 (HKLM-x32\...\HUAWEI DataCard Driver) (Version: 4.25.13.00 - Huawei technologies Co., Ltd.)
HydraVision (x32 Version: 4.2.216.0 - Advanced Micro Devices, Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{DCB03D7C-302D-4B97-B245-8587B6BE21E6}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Makehuman (HKLM-x32\...\Makehuman) (Version:  - )
Malwarebytes versión 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Marvel Heroes 2016 (HKLM\...\Steam App 226320) (Version:  - Gazillion Entertainment)
Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenRL Runtime 1.3.1000.14 x64 (HKLM\...\{250C8D22-1757-11E3-818E-1803734DBB4F}) (Version: 1.3.1000.14 - Caustic Graphics, Inc.)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.20 - Panda Security and Visicom Media Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Rakion Latin (HKLM-x32\...\Rakion Latin_is1) (Version:  - Softnyx Co., Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
SMITE (HKLM\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tableta Wacom (HKLM\...\Wacom Tablet Driver) (Version: 6.3.7-6 - Wacom Technology Corp.)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Trust tablet driver (HKLM\...\RmTablet) (Version: 5.00 - )
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.3.5f1 - Unity Technologies ApS)
Vampire - The Masquerade - Bloodlines (HKLM-x32\...\1207659240_is1) (Version: 2.0.0.7 - GOG.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World Machine 2 Professional Edition (HKLM-x32\...\World Machine2Pro) (Version:  - )
xNormal 3.19.2 (HKLM\...\xNormal 3.19.2) (Version:  - S.Orgaz)
ZoneAlarm Firewall (x32 Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.37_TME - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {006A04DE-FA90-4CE7-AC98-3A33F5FEF4B4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {08C82C50-CCD1-4828-9532-6F153C553A3C} - \SafeZone scheduled Autoupdate 1487339738 -> No File <==== ATTENTION
Task: {2264AEB7-89B9-46E5-BCAF-A263BDFB13E9} - System32\Tasks\SafeZone scheduled Autoupdate 1495511831 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {3C24544B-CFF5-4B8F-95B8-123028C8C29D} - \{477B883D-6B6A-4313-AFF9-0CDDFEA4755D} -> No File <==== ATTENTION
Task: {575B5CEE-802C-428A-B68D-E1C0BD3E33F5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {67607B88-A673-44C8-86F8-09E828BC9B0B} - \SafeZone scheduled Autoupdate 1483851649 -> No File <==== ATTENTION
Task: {69F2C2E3-67E9-4017-80C5-53AF4C57219D} - \{923203DE-C1CB-4A21-8372-3797BF8501D7} -> No File <==== ATTENTION
Task: {74099D49-1665-4BC7-93EC-B08786E2300D} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {8DCA6C17-79AB-4F04-A427-ACF4CFFC3EB9} - \{24EF0A60-8584-4444-88AA-99721E0A20DD} -> No File <==== ATTENTION
Task: {94DA3493-8029-494F-83B3-4370BBF85374} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION
Task: {9BA9B2A1-1C6E-4A65-BC4B-79B07611145C} - \{AA144057-932B-454A-876B-32124E725539} -> No File <==== ATTENTION
Task: {A39CC9B0-2C0F-4529-AC0F-F6A742281E82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-23] (Adobe Systems Incorporated)
Task: {A44BC645-1275-474C-805E-3A2B86E107D0} - \{26020CD9-86B3-486E-AE55-5CC6E832F430} -> No File <==== ATTENTION
Task: {A93424AA-8E20-4791-9F8B-2770DEFAF3B4} - \AVG EUpdate Task -> No File <==== ATTENTION
Task: {AB009214-35CF-4B30-990E-9A024EB41164} - \{0A7CC92E-6616-4E39-9397-7915DB92F997} -> No File <==== ATTENTION
Task: {B4787CA1-8868-42C9-A2F3-E7509060820F} - \{1713EFA4-3D28-4049-89FA-A924470D4A51} -> No File <==== ATTENTION
Task: {BC4AC670-7E4E-4CCA-B449-84BC4FFC40C7} - \{60694184-C1CB-426D-BFAA-F300F21D1483} -> No File <==== ATTENTION
Task: {C5771145-4C68-4DED-85D3-6442C0DB4BAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C86B011A-D6CD-4B90-BD35-1D72DB737963} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {CD91EF15-ADB1-49A8-B44A-09FC4A8019C3} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {DCB615E9-004C-4161-AEC2-7E8AE802E9F0} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {FA6FAEA2-CE54-4DA2-92C8-4402EF16CAAB} - \{04CA712C-9414-4FBD-BCE2-0DD7519B6679} -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\XTECH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\XTECH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-12-04 09:14 - 2013-12-04 09:14 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 09:14 - 2013-12-04 09:14 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 09:14 - 2013-12-04 09:14 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2014-05-06 00:18 - 2012-09-20 18:59 - 00581120 _____ () C:\Windows\system32\atwtusb.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-08-23 15:28 - 2013-12-04 12:35 - 01185048 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-05-11 21:01 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-11 21:01 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-24 17:10 - 2017-05-24 17:10 - 00169984 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e02990982d5c841556f4bc4041a38de0\IsdiInterop.ni.dll
2013-02-18 11:15 - 2010-11-06 00:20 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-02-18 11:16 - 2012-02-07 18:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-01 08:50 - 2017-05-16 21:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-08 07:09 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-08 07:09 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-08 07:09 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-17 03:21 - 2017-06-08 01:42 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-01 01:33 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-01 01:33 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-01 01:33 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-01 01:33 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-01 01:33 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-09 18:26 - 2017-06-08 01:42 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-08 07:09 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-12 19:06 - 2017-05-08 15:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-08 21:36 - 2017-05-16 21:54 - 00678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2013-07-03 15:53 - 2017-06-08 01:42 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-08 07:09 - 2015-09-24 19:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [137]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48651689.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49774825.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48651689.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49774825.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\sony.com -> sony.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2017-02-15 05:39 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\XTECH\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.109.78.12 - 200.44.32.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: mi-raysat_3dsmax2012_64 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ISCTSystray.lnk => C:\Windows\pss\ISCTSystray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^XTECH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^StartUp^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AtwtusbIcon => AtwtusbIcon.exe
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Escritorio Movistar Latam => "C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\EMMSN.exe" -dock
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{951BA2F2-F1C4-4182-AE2B-453322B47F69}C:\program files (x86)\starcraft 2\versions\base15405\sc2.exe] => (Block) C:\program files (x86)\starcraft 2\versions\base15405\sc2.exe
FirewallRules: [UDP Query User{83A0AED5-0F6B-46C6-B842-B703E9B295A8}C:\program files (x86)\starcraft 2\versions\base15405\sc2.exe] => (Block) C:\program files (x86)\starcraft 2\versions\base15405\sc2.exe
FirewallRules: [{9842CFD9-9C1E-4B4C-927E-31B30E37E649}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F203B38F-62F9-40C8-9B8F-43833B2C39C2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08D2E8C1-4133-48EE-BE58-7AC4B59467CC}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{77EDCCF9-DE94-4DF0-9F84-CBE0E6BCFEFF}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{82E3B920-DB24-4C8B-AF29-8D9EBB635167}] => (Allow) C:\Program Files (x86)\InfiniteCrisis\TurbineLauncher.exe
FirewallRules: [{50E581BF-0242-4623-9278-760F4D039D2E}] => (Allow) C:\Program Files (x86)\InfiniteCrisis\TurbineLauncher.exe
FirewallRules: [{366C2635-977E-4939-905B-47DED95197B0}] => (Allow) C:\Program Files (x86)\InfiniteCrisis\TurbineLauncher.exe
FirewallRules: [{6E8F8F7B-6A02-4AE9-8614-2C2E5F79D7E5}] => (Allow) C:\Program Files (x86)\InfiniteCrisis\TurbineLauncher.exe
FirewallRules: [{168D8656-59CF-4517-BB12-30C0978A2D76}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe
FirewallRules: [{BE93CFDE-DD1A-473E-A7C3-3ABB62F63219}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe
FirewallRules: [{5787759F-078D-49BB-B8AF-C88F3EE0FBEF}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe
FirewallRules: [{D7209B2D-5701-4E06-AD61-547CE782281F}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe
FirewallRules: [{4F5A446A-72E9-4489-AA7E-A77CFFAE6964}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{953FE861-4543-4C1B-ABBE-4597ACF4E5DC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F29E3FBD-ED23-4D47-8C07-B2F0903B5ED4}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{EAD0A332-841C-49EC-AD7A-22B5A6B2BFFB}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0E0FA939-AFEB-4801-93C4-F914AE501165}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (VI) The Angel of Darkness\Launcher.exe
FirewallRules: [{7804DC01-EF5C-4127-BF4B-98498B2879E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (VI) The Angel of Darkness\Launcher.exe
FirewallRules: [{4399625C-77DB-4016-8EF1-5A76CCD69D29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F6A4F51D-3B4D-42A0-ABAC-685EC1E619BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{FDF3AD4A-5DC3-46D1-8D10-3C0712353AB9}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{90DF1198-3B72-4C39-873D-E2A9CB20557C}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [{121CE8B8-1BD9-4448-9647-46C6AF788E8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{8434B688-C95A-4B28-B2D7-8C63869510B6}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{E8A261A9-9BCF-4AF6-967B-5DB3981BB16B}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{B53597E3-ABA0-4BD8-AB01-0F1C49FA93FC}C:\program files\3d-coat-v4\3d-coatgl64s.exe] => (Block) C:\program files\3d-coat-v4\3d-coatgl64s.exe
FirewallRules: [UDP Query User{576B7E90-6DED-404C-9361-6CB9EDA728ED}C:\program files\3d-coat-v4\3d-coatgl64s.exe] => (Block) C:\program files\3d-coat-v4\3d-coatgl64s.exe
FirewallRules: [TCP Query User{21936D85-4369-4E63-8F70-4A186089C00A}C:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{C53ED401-4DC2-478E-8365-36AE0F521912}C:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [{14F7E231-20FD-42EA-8575-D85E28296093}] => (Allow) C:\Users\XTECH\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7045FEF7-77A2-4A10-A6E5-8439AB3F5A3C}] => (Allow) C:\Users\XTECH\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F3AC654-AB36-47D7-ADAD-406600C11F83}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{2D0CBA67-3CDE-4DA2-AF14-0E74B270BD5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{CE78BA20-8D5D-40A7-AA68-1A10101DC181}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1AABBFE3-706F-4F8B-9173-E78057D47A0B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{86D56170-6C4B-4B8C-B466-F9DD03FC6F56}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{F225F558-03A3-418E-943C-B6D24A3040CA}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{1CAB033E-CAE2-4CA0-9F47-6E82E45BFAEC}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{54F83681-28CB-4A39-A9EA-96D53335EBD4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{343435F1-FB59-4DA8-828E-A7FA1AF42F7A}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{8C58763B-C7CB-45D6-8041-5BD2A182E9FB}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{5A42126B-FA84-4589-BAF2-C57556634DCF}C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{BFD11CBA-121B-49C6-AD82-577153A9868A}C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{6B606717-AA05-430F-ACBE-C7E1DB169541}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{95AE0BB2-E12D-4019-B350-A671EC74D9B2}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{2437BC5A-40B1-4E47-812B-F3E4402BD044}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{6F3B0684-E3F9-4E6D-87D1-2C52B27DA501}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{CA0DC17D-5B9B-4127-8B2E-EC2A9420B52E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{7F36C63E-B92E-4E41-AE86-02B34AA99995}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{3D7B90D0-4E04-439C-8530-20F0674D579A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{14A64C43-5700-4B2A-909C-A48DEFE27FCD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{7849225C-5EE3-4DC9-A8A5-E0EA44EE3C5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Faeria\Faeria.exe
FirewallRules: [{3EE3B4D5-B7E3-4CCD-8E1E-50141FE51C70}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Faeria\Faeria.exe
FirewallRules: [{80EFCD01-AB26-425B-B863-0EE90C75110E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{968890E0-8627-4944-B28F-FFEFD8811ABB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{C296C0FE-29E3-4097-9865-6AE867BDBC16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{12251A6B-80EE-457C-9078-C17493069712}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{9A6940D9-017C-444C-80E0-69AD8FD6683D}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{704B8C33-5037-44D2-B344-D94701BDE632}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{D62EE8EA-08FC-4A4A-8F55-F71069E3A7E9}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{53CB5AD9-23BF-49AA-A37A-4C637A7C3C69}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{367CB140-83D5-476A-979C-FEFB5CA09038}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FCB60909-0C55-4449-96D8-75E615170B5A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{5DDE800C-D3A4-4079-AA5E-3556F1CC9966}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A1405CE8-4311-46E2-801F-120F5C5F8949}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C208E5F-9F3B-4006-9D22-162D5ED07710}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{E7D97C2F-0CCC-491E-BEC7-2D9EEB57DC7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{6C2ECA15-2963-4CC2-AE32-DFC9CCC896B7}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{08041888-AC38-4A0B-B824-22934FFB5C37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{084BE94E-6AE8-4709-A1CA-5C823C531FDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{9F40F234-696F-473E-B7FC-71DCAA2DBB51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{83D92099-28B2-411C-9A3D-D6DD73F349C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{978AE027-7957-41A0-8891-F3A14E14D855}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{1BD1532C-D460-4ECB-B8E2-73DC6F86910A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9CD00826-8DA7-43AF-BDD7-1947AD4E508D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D58DB74E-5C52-48F8-9596-A25D523B15A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{ED1B0334-7985-4CDD-BFCD-E8256AC997CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{14FC9A2A-90CD-4A84-AA0F-335F022CFE91}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{E903E552-3C6E-42D9-918D-1CFBC0957A12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{06193B79-36BF-4333-BE36-FEF4B1CEB6AA}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base53965\HeroesOfTheStorm_x64.exe
FirewallRules: [{0C77CA0C-8EF1-43B7-AF10-53CAD8AF5E19}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base53965\HeroesOfTheStorm_x64.exe
FirewallRules: [{06D903FD-0A5F-4299-A2D8-299F728BAD12}] => (Allow) C:\Users\XTECH\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DF0CF190-3077-4299-AA08-E0077E28AFBA}] => (Allow) C:\Users\XTECH\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{54D4A453-962E-4257-97D5-325E933FF742}C:\game\softnyxgame\rakionls\full_downloader.exe] => (Allow) C:\game\softnyxgame\rakionls\full_downloader.exe
FirewallRules: [UDP Query User{1075B56F-B3C0-4B5C-A95C-8496BD5FC21C}C:\game\softnyxgame\rakionls\full_downloader.exe] => (Allow) C:\game\softnyxgame\rakionls\full_downloader.exe
FirewallRules: [TCP Query User{1E65BE43-918A-4684-A349-079725EB8DE6}C:\game\softnyxgame\rakionls\bin\rakion.bin] => (Allow) C:\game\softnyxgame\rakionls\bin\rakion.bin
FirewallRules: [UDP Query User{BD85EEDB-EC5B-46B1-ACBD-45D5D6A0F910}C:\game\softnyxgame\rakionls\bin\rakion.bin] => (Allow) C:\game\softnyxgame\rakionls\bin\rakion.bin
 
==================== Restore Points =========================
 
09-06-2017 21:37:46 Punto de control programado
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/09/2017 01:01:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El sistema no puede encontrar el archivo especificado.
 
Error: (06/09/2017 01:01:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El sistema no puede encontrar el archivo especificado.
 
Error: (06/09/2017 01:01:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
 
Error: (06/09/2017 12:59:46 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CAgentState::ResetBIOS   Reset SASD failed, error=0
 
Error: (06/08/2017 09:34:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El sistema no puede encontrar el archivo especificado.
 
Error: (06/08/2017 09:34:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El sistema no puede encontrar el archivo especificado.
 
Error: (06/08/2017 09:28:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
 
Error: (06/08/2017 09:27:24 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CAgentState::ResetBIOS   Reset SASD failed, error=0
 
Error: (06/08/2017 07:19:20 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El sistema no puede encontrar el archivo especificado.
 
Error: (06/08/2017 07:19:20 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El sistema no puede encontrar el archivo especificado.
 
 
System errors:
=============
Error: (06/10/2017 09:19:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/09/2017 06:13:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/09/2017 06:03:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/09/2017 05:53:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/09/2017 01:14:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/09/2017 12:59:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio HWDeviceService64.exe no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.
 
Error: (06/09/2017 12:59:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.
 
Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126
 
Error: (06/09/2017 06:09:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (06/08/2017 09:26:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio HWDeviceService64.exe no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.
 
Error: (06/08/2017 09:26:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.
 
Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126
 
 
CodeIntegrity:
===================================
  Date: 2017-05-23 19:27:21.423
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\mbr.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2017-05-23 19:27:21.347
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\mbr.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 57%
Total physical RAM: 3799.21 MB
Available physical RAM: 1632.21 MB
Total Virtual: 7596.6 MB
Available Virtual: 5045.96 MB
 
==================== Drives ================================
 
Drive c: (Disco local) (Fixed) (Total:465.66 GB) (Free:113 GB) NTFS
Drive d: (Tablet_CD) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS
Drive f: (20100624_122047) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5A91042F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:58 PM

Posted 10 June 2017 - 11:21 AM

NoMansSky:
 
Good afternoon.  Oh My! (Gary) is unable to continue with your topic because of illness.  I will therefore be taking over this topic for him.

My name is Phil.  May I address you by your first name?
 
I would like to start to start fresh with new logs, since there were quite a few days between the "FRST.txt" log run and the "Addition.txt" log run.
 
Please rename your copy of FRST64.exe to FRST64English.exe.  This will produce English logs.  I apologize, but I do not speak Spanish.
 
Please right click FRST64English.exe and select "Run as Administrator."
 
Please copy and paste the contents of both the "FRST.txt" and "Addition.txt" logs into your next reply, or replies.  Sometimes, because of the size, you have to copy and paste one log into one reply, and the other log into another reply.
 
I should be able to analyze your logs tomorrow, if I get them some time today.
 
Thank you for your understanding.  Have a great day.
 
Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 NoMansSky

NoMansSky
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 11 June 2017 - 03:26 AM

FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-06-2017
Ran by XTECH (administrator) on XTECH-PC (11-06-2017 04:14:21)
Running from C:\Users\XTECH\Downloads
Loaded Profiles: XTECH (Available Profiles: XTECH)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
() C:\Windows\System32\atwtusb.exe
() C:\Windows\System32\atwtusb.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Farbar) C:\Users\XTECH\Downloads\FRST64English.exe
(Farbar) C:\Users\XTECH\Downloads\FRST64English.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-24] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [1269848 2017-02-15] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-19] => http=127.0.0.1:0
ProxyServer: [S-1-5-20] => http=127.0.0.1:0
Tcpip\Parameters: [DhcpNameServer] 200.109.78.12 200.44.32.12
Tcpip\..\Interfaces\{18ACBEEB-9DEF-4549-A5E8-971A965A9D89}: [DhcpNameServer] 200.109.78.12 200.44.32.12
Tcpip\..\Interfaces\{9495AE0A-820D-427A-8527-1A343B416B39}: [NameServer] 200.35.65.3 200.35.65.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000 -> {8851D12B-0268-48BE-9D62-A6F96086ECED} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000 -> {B1B85507-7ACA-4AA1-83DF-3FE64C863FA6} URL = hxxps://ve.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-23] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\XTECH\AppData\Roaming\Mozilla\Firefox\Profiles\3961i3t3.default [2017-06-11]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3961i3t3.default -> 
FF NetworkProxy: Mozilla\Firefox\Profiles\3961i3t3.default -> type", 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-23] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-23] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1179365018-2919913279-3888768026-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default [2017-05-23]
CHR Extension: (Google Docs) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-05]
CHR Extension: (Google Drive) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-05]
CHR Extension: (YouTube) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-05]
CHR Extension: (Ebates Cash Back) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-05-10]
CHR Extension: (Panda Safe Web) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2017-05-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-05]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-05]
CHR Extension: (Chrome Media Router) - C:\Users\XTECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-10]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [938776 2013-05-27] (BitRaider, LLC)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStac
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [938776 2013-05-27] (BitRaider, LLC)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-24] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-04-26] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-05-26] (ESET)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc.)
S3 WinDefend
===================== Drivers (Whitelisted) ======================
਍䤨⁦湡攠瑮祲椠⁳湩汣摵摥椠桴⁥楦汸獩ⱴ椠⁴楷汬戠⁥敲潭敶⁤牦浯琠敨爠来獩牴⹹吠敨映汩⁥楷汬渠瑯戠⁥潭敶⁤湵敬獳氠獩整⁤敳慰慲整祬⤮਍਍㍓ㄠ㤳漴捨㭩䌠尺楗摮睯屳祳瑳浥㈳摜楲敶獲ㅜ㤳漴捨⹩祳⁳㉛㤲㠸‸〲〱ㄭⴱ〲⁝䴨捩潲潳瑦䌠牯潰慲楴湯ഩ刊‰䍁䥐※㩃坜湩潤獷卜獹整㍭尲牤癩牥屳䍁䥐献獹嬠㌳㈴㠰㈠㄰ⴰㄱ㈭崰⠠楍牣獯景⁴潃灲牯瑡潩⥮਍㍓䄠灣偩業※㩃坜湩潤獷獜獹整㍭尲牤癩牥屳捡楰浰⹩祳⁳ㅛ㠲〰㈠㄰ⴰㄱ㈭崰⠠楍牣獯景⁴潃灲牯瑡潩⥮਍㍓愠灤㐹硸※㩃坜湩潤獷獜獹整㍭尲牤癩牥屳摡㥰破⹸祳⁳㑛ㄹ㠰‸〲㤰〭ⴷ㌱⁝䄨慤瑰捥‬湉⹣ഩ匊″摡慰捨㭩䌠尺楗摮睯屳祳瑳浥㈳摜楲敶獲慜灤桡楣献獹嬠㌳㔹㘳㈠〰ⴹ㜰ㄭ崳⠠摁灡整Ᵽ䤠据⤮਍㍓愠灤㍵〲※㩃坜湩潤獷獜獹整㍭尲牤癩牥屳摡異㈳⸰祳⁳ㅛ㈸㘸‴〲㤰〭ⴷ㌱⁝䄨慤瑰捥‬湉⹣ഩ刊‱䙁㭄䌠尺楗摮睯屳祳瑳浥㈳摜楲敶獲慜摦献獹嬠㤴ㄶ㠲㈠㄰ⴷ㐰〭崴⠠楍牣獯景⁴潃灲牯瑡潩⥮਍㍓愠灧㐴㬰䌠尺楗摮睯屳祳瑳浥㈳摜楲敶獲慜灧㐴⸰祳⁳㙛〱㠰㈠〰ⴹ㜰ㄭ崳⠠楍牣獯景⁴潃灲牯瑡潩⥮਍㍓愠楬摩㭥䌠尺楗摮睯屳祳瑳浥㈳摜楲敶獲慜楬摩⹥祳⁳ㅛ㐵〴㈠〰ⴹ㜰ㄭ崳⠠捁牥䰠扡牯瑡牯敩⁳湉⹣ഩ匊″浡楤敤※㩃坜湩潤獷獜獹整㍭尲牤癩牥屳浡楤敤献獹嬠㔱㐴‰〲㤰〭ⴷ㌱⁝䴨捩潲潳瑦䌠牯潰慲楴湯ഩ匊″流䭤㬸䌠尺楗摮睯屳祳瑳浥㈳摜楲敶獲慜摭㡫献獹嬠㐶ㄵ′〲㤰〭ⴷ㌱⁝䴨捩潲潳瑦䌠牯潰慲楴湯ഩ匊″浡此摭条※㩃坜湩潤獷卜獹整㍭尲剄噉剅屓瑡歩摭条献獹嬠〱〲㈷㈳㈠㄰ⴱ〱ㄭ崲⠠呁⁉敔档潮潬楧獥䤠据⤮਍㍓愠摭浫慤㭰䌠尺楗摮睯屳祓瑳浥㈳䑜䥒䕖卒慜楴浫慰⹧祳⁳㍛㜱㔹′〲ㄱㄭⴰ㈱⁝䄨癤湡散⁤楍牣敄楶散ⱳ䤠据⤮਍㍓䄠摭偐㭍䌠尺楗摮睯屳祳瑳浥㈳摜楲敶獲慜摭灰⹭祳⁳㙛㤰㠲㈠〰ⴹ㜰ㄭ崳⠠楍牣獯景⁴潃灲牯瑡潩⥮਍㍓愠摭慳慴※㩃坜湩潤獷獜獹整㍭尲牤癩牥屳浡獤瑡⹡祳⁳ㅛ㜰〹‴〲ㄱ〭ⴳㄱ⁝䄨癤湡散⁤楍牣敄楶散⥳਍㍓愠摭扳㭳䌠尺楗摮睯屳祳瑳浥㈳摜楲敶獲慜摭扳⹳祳⁳ㅛ㐹㈱‸〲㤰〭ⴷ㌱⁝䄨䑍吠捥湨汯杯敩⁳湉⹣ഩ刊‰浡硤瑡㭡䌠尺楗摮睯屳祓瑳浥㈳摜楲敶獲慜摭慸慴献獹嬠㜲〰‸〲ㄱ〭ⴳㄱ⁝䄨癤湡散⁤楍牣敄楶散⥳਍㍓䄠灰䑉※㩃坜湩潤獷獜獹整㍭尲牤癩牥屳灡楰⹤祳⁳㙛㐲㐶㈠㄰ⴷ㐰㈭崷⠠楍牣獯景⁴潃灲牯瑡潩⥮਍㍓愠捲※㩃坜湩潤獷獜獹整㍭尲牤癩牥屳牡⹣祳
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-09 05:52 - 2017-06-09 05:52 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Rakion.lnk
2017-06-09 05:52 - 2017-06-09 05:52 - 00002181 _____ C:\Users\XTECH\Desktop\Rakion.lnk
2017-06-09 05:48 - 2017-06-09 05:48 - 00000000 ____D C:\Game
2017-06-08 09:28 - 2017-06-08 22:23 - 00000000 ____D C:\Users\XTECH\AppData\LocalLow\uTorrent
2017-06-08 08:20 - 2017-06-08 08:20 - 00016302 _____ C:\Users\XTECH\Downloads\Rakion_Fullversion_RLS.exe.torrent
2017-06-08 08:17 - 2017-06-08 08:26 - 01584100 _____ (Softnyx Co., Ltd. ) C:\Users\XTECH\Downloads\Sin confirmar 49360.crdownload
2017-05-30 13:47 - 2017-06-10 11:08 - 00000000 ____D C:\Users\XTECH\Downloads\FRST-OlderVersion
2017-05-27 12:27 - 2017-05-27 14:00 - 325047840 _____ ( ) C:\Users\XTECH\Downloads\koplayer-1.4.1055.exe
2017-05-27 10:56 - 2017-05-27 10:55 - 00001636 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-05-27 10:55 - 2017-05-27 10:55 - 00001636 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-05-27 10:51 - 2017-05-27 10:56 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-05-27 10:51 - 2017-05-24 02:58 - 00000000 ____D C:\ProgramData\BlueStacks
2017-05-27 00:33 - 2017-05-27 01:14 - 339047640 _____ (BlueStack Systems Inc.) C:\Users\XTECH\Downloads\BlueStacks2_native_2474d1f84fbf2fcea1cb12819f7c1d44.exe
2017-05-26 22:21 - 2017-05-26 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-05-26 22:21 - 2017-05-26 22:21 - 00000000 ____D C:\ProgramData\ESET
2017-05-24 15:29 - 2017-05-24 16:34 - 101682212 _____ C:\Users\XTECH\Downloads\Sin confirmar 335213.crdownload
2017-05-24 12:33 - 2017-04-27 21:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-24 12:33 - 2017-04-27 21:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-24 12:33 - 2017-04-27 21:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-24 12:33 - 2017-04-27 21:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-24 12:33 - 2017-04-27 21:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-24 12:33 - 2017-04-27 21:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-24 12:33 - 2017-04-27 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-24 12:33 - 2017-04-27 20:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-24 12:33 - 2017-04-27 20:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-24 12:33 - 2017-04-27 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-24 12:33 - 2017-04-27 20:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-24 12:33 - 2017-04-27 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-24 12:33 - 2017-04-27 20:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-24 12:33 - 2017-04-27 20:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-24 12:33 - 2017-04-27 20:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-24 12:33 - 2017-04-27 20:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-24 12:33 - 2017-04-27 20:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-24 12:33 - 2017-04-27 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-24 12:33 - 2017-04-27 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-24 12:33 - 2017-04-27 20:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-24 12:33 - 2017-04-27 20:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-24 12:33 - 2017-04-27 20:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-24 12:33 - 2017-04-27 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-24 12:33 - 2017-04-27 20:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-24 12:33 - 2017-04-27 20:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-24 12:33 - 2017-04-27 20:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-24 12:33 - 2017-04-27 20:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-24 12:33 - 2017-04-26 10:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-24 12:33 - 2017-04-21 11:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-24 12:33 - 2017-04-21 11:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-24 12:33 - 2017-04-19 20:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-24 12:33 - 2017-04-19 19:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-24 12:33 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-24 12:33 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-24 12:33 - 2017-04-17 11:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-24 12:33 - 2017-04-17 11:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-24 12:33 - 2017-04-17 11:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-24 12:33 - 2017-04-17 11:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-24 12:33 - 2017-04-17 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-24 12:33 - 2017-04-17 11:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-24 12:33 - 2017-04-17 10:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-24 12:33 - 2017-04-16 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-24 12:33 - 2017-04-16 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-24 12:33 - 2017-04-16 04:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-24 12:33 - 2017-04-16 04:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-24 12:33 - 2017-04-16 04:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-24 12:33 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-24 12:33 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-24 12:33 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-24 12:33 - 2017-04-16 04:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-24 12:33 - 2017-04-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-24 12:33 - 2017-04-16 04:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-24 12:33 - 2017-04-16 04:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-24 12:33 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-24 12:33 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-24 12:33 - 2017-04-16 04:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-24 12:33 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-24 12:33 - 2017-04-16 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-24 12:33 - 2017-04-16 04:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-24 12:33 - 2017-04-16 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-24 12:33 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-24 12:33 - 2017-04-16 04:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-24 12:33 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-24 12:33 - 2017-04-16 04:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-24 12:33 - 2017-04-16 04:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-24 12:33 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-24 12:33 - 2017-04-16 04:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-24 12:33 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-24 12:33 - 2017-04-16 04:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-24 12:33 - 2017-04-16 04:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-24 12:33 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-24 12:33 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-24 12:33 - 2017-04-16 03:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-24 12:33 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-24 12:33 - 2017-04-16 03:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-24 12:33 - 2017-04-16 03:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-24 12:33 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-24 12:33 - 2017-04-16 03:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-24 12:33 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-24 12:33 - 2017-04-16 03:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-24 12:33 - 2017-04-16 03:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-24 12:33 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-24 12:33 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-24 12:33 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-24 12:33 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-24 12:33 - 2017-04-16 03:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-24 12:33 - 2017-04-16 03:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-24 12:33 - 2017-04-16 03:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-24 12:33 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-24 12:33 - 2017-04-16 03:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-24 12:33 - 2017-04-16 03:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-24 12:33 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-24 12:33 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-24 12:33 - 2017-04-16 03:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-24 12:33 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-24 12:33 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-24 12:33 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-24 12:33 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-24 12:33 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-24 12:33 - 2017-04-16 03:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-24 12:33 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-24 12:33 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-24 12:33 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-24 12:33 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-24 12:33 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-24 12:33 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-24 12:33 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-24 12:33 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-24 12:33 - 2017-04-12 11:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-24 12:33 - 2017-04-12 11:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-24 12:33 - 2017-04-12 11:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-24 12:33 - 2017-04-12 11:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-24 12:33 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-24 12:33 - 2017-04-12 11:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-24 12:33 - 2017-04-12 11:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-24 12:33 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-24 12:33 - 2017-04-07 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-24 12:33 - 2017-04-07 11:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-24 12:33 - 2017-04-07 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-24 12:33 - 2017-04-07 11:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-24 12:33 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-24 12:33 - 2017-04-05 10:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-24 12:33 - 2017-04-05 10:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-24 12:33 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-24 12:33 - 2017-04-04 11:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-24 12:33 - 2017-04-04 11:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-24 12:33 - 2017-04-04 10:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-24 12:33 - 2017-04-04 10:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-24 12:33 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-05-24 12:33 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-05-24 12:33 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-05-24 12:33 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-05-24 12:33 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-05-24 12:33 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-05-24 12:33 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-05-24 12:33 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-05-24 12:33 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-05-24 12:33 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-05-24 12:33 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-05-24 12:33 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-05-24 12:33 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-05-24 12:33 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-05-24 12:33 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-05-24 12:33 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-05-24 12:33 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-05-24 12:33 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-24 12:33 - 2017-03-10 12:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-24 12:33 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-05-24 12:33 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-05-24 12:33 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-05-24 12:33 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-05-24 12:33 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-05-24 12:33 - 2017-03-10 12:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-24 12:33 - 2017-03-10 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-24 12:33 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-05-24 12:33 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-05-24 12:33 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-05-24 12:33 - 2017-03-10 11:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-24 12:33 - 2017-03-10 11:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-24 12:33 - 2017-03-10 11:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-24 12:33 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-05-24 12:33 - 2017-03-09 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-24 12:33 - 2017-03-09 12:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-24 12:33 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-05-24 12:33 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-05-24 12:33 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-05-24 12:33 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-05-24 12:33 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-05-24 12:33 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-05-24 12:33 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-05-24 12:33 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-05-24 12:33 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-05-24 12:33 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-05-24 12:33 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-05-24 12:33 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-05-24 12:33 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-05-24 12:33 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-05-24 12:33 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-05-24 12:33 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-05-24 12:33 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-05-24 12:33 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-05-24 12:33 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-05-24 12:33 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-05-24 12:33 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-05-24 12:33 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-05-24 12:33 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-05-24 12:33 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-05-24 12:33 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-05-24 12:33 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-05-24 12:33 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-24 12:33 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-05-24 12:33 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-24 12:33 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-05-24 12:33 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-05-24 12:33 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-05-24 12:33 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-05-24 12:33 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-05-24 12:33 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-05-24 12:33 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-05-24 12:11 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-05-24 12:11 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-05-24 12:11 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-05-24 12:11 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-05-24 12:11 - 2016-12-31 11:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-05-24 12:11 - 2016-12-31 11:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-05-24 12:11 - 2016-12-31 11:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-05-24 12:11 - 2016-12-31 11:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-05-24 12:11 - 2016-12-31 11:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-05-24 01:34 - 2017-05-24 01:23 - 00047426 _____ C:\Users\XTECH\Desktop\Addition.txt
2017-05-24 01:23 - 2017-06-10 11:11 - 00048669 _____ C:\Users\XTECH\Downloads\Addition.txt
2017-05-24 01:21 - 2017-06-11 04:15 - 00054614 _____ C:\Users\XTECH\Downloads\FRST.txt
2017-05-24 01:19 - 2017-06-11 04:11 - 00000000 ____D C:\FRST
2017-05-24 01:19 - 2017-06-02 00:59 - 00001420 _____ C:\Users\XTECH\Desktop\FRST64English - Acceso directo.lnk
2017-05-24 01:18 - 2017-06-10 11:08 - 02437120 _____ (Farbar) C:\Users\XTECH\Downloads\FRST64English.exe
2017-05-24 00:02 - 2017-05-24 00:18 - 120832640 _____ (ESET) C:\Users\XTECH\Downloads\eis_nt64_esl.exe
2017-05-23 22:53 - 2017-05-23 22:57 - 11646112 _____ (ESET) C:\Users\XTECH\Downloads\avremover_nt64_enu.exe
2017-05-23 21:20 - 2017-05-23 22:37 - 111632512 _____ (ESET) C:\Users\XTECH\Downloads\eav_nt64_esl.exe
2017-05-23 20:50 - 2017-05-29 06:17 - 00284222 _____ C:\Windows\ntbtlog.txt
2017-05-23 19:23 - 2017-05-23 19:24 - 01305367 _____ C:\Users\XTECH\Downloads\Autoruns.zip
2017-05-23 19:16 - 2017-05-28 00:06 - 00000002 _____ C:\Users\XTECH\Desktop\Rkill.txt
2017-05-23 19:15 - 2017-06-02 00:59 - 00000877 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-23 19:15 - 2017-05-23 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-23 19:14 - 2017-05-23 19:15 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\XTECH\Downloads\iExplore.exe
2017-05-23 18:38 - 2017-06-10 14:53 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-23 18:38 - 2017-06-06 21:12 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-23 18:38 - 2017-06-02 00:59 - 00001922 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-23 18:38 - 2017-05-23 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-23 18:38 - 2017-05-23 18:38 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-23 18:04 - 2017-05-23 18:09 - 09551280 _____ (Piriform Ltd) C:\Users\XTECH\Downloads\ccsetup530.exe
2017-05-23 18:01 - 2017-05-23 18:08 - 63035592 _____ (Malwarebytes ) C:\Users\XTECH\Downloads\mb3-setup-35891.35891-3.1.2.1733.exe
2017-05-23 17:29 - 2017-05-23 17:29 - 00801087 _____ C:\Users\XTECH\Downloads\GmerARK.zip
2017-05-23 15:50 - 2017-05-23 15:50 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-23 01:58 - 2017-05-23 01:58 - 00004332 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-22 23:57 - 2017-05-22 23:57 - 00003900 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1495511831
2017-05-22 23:57 - 2017-05-22 23:57 - 00001054 _____ C:\Users\Public\Desktop\Avast SafeZone 3 Browser.lnk
2017-05-22 23:57 - 2017-05-22 23:57 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 3 Browser.lnk
2017-05-22 21:38 - 2017-05-22 21:38 - 06654960 _____ (AVAST Software) C:\Users\XTECH\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-05-22 09:02 - 2017-05-22 09:02 - 00000000 ____D C:\Program Files\ESET
2017-05-14 15:09 - 2017-05-14 15:09 - 00118748 _____ C:\Users\XTECH\Desktop\HORARIO JOSE ANDRES GUEDEZ 1 SEMESTRE.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-11 03:27 - 2016-11-25 18:43 - 00000000 ____D C:\Users\XTECH\Desktop\Referencias
2017-06-11 03:23 - 2013-07-11 18:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-10 20:09 - 2017-02-15 05:04 - 00000918 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-06-10 20:09 - 2013-05-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-10 14:58 - 2009-07-14 00:45 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-10 14:58 - 2009-07-14 00:45 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-10 14:53 - 2017-05-08 08:32 - 00000000 ____D C:\ProgramData\panda_url_filtering
2017-06-10 14:53 - 2013-12-06 00:09 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-06-10 14:52 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-10 14:52 - 2009-07-13 22:34 - 00000493 _____ C:\Windows\win.ini
2017-06-08 08:21 - 2016-11-21 07:50 - 00000000 ____D C:\Users\XTECH\Desktop\Tutotriales
2017-06-06 16:54 - 2014-09-16 02:45 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-06-06 15:45 - 2014-02-17 15:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-06-03 18:42 - 2014-05-06 00:18 - 00000000 ____D C:\ProgramData\Tablet
2017-06-03 18:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-06-03 00:58 - 2016-09-03 00:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-05-31 04:56 - 2014-08-03 02:29 - 00000000 ____D C:\Users\XTECH\Desktop\Modelos
2017-05-28 01:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-27 10:56 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-27 10:49 - 2017-05-08 08:31 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2017-05-26 23:12 - 2017-03-09 21:55 - 00132848 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2017-05-25 17:13 - 2013-05-09 07:00 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2017-05-24 18:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-24 15:04 - 2011-04-12 05:10 - 00751372 _____ C:\Windows\system32\perfh00A.dat
2017-05-24 15:04 - 2011-04-12 05:10 - 00160414 _____ C:\Windows\system32\perfc00A.dat
2017-05-24 15:04 - 2009-07-14 01:13 - 01687360 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-24 14:55 - 2009-07-14 00:45 - 05060952 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-24 14:52 - 2014-12-10 04:50 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-24 14:52 - 2014-05-06 14:45 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-05-24 14:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-24 14:40 - 2013-12-07 22:41 - 01661010 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-24 14:38 - 2013-08-29 22:17 - 00000000 ____D C:\Windows\system32\MRT
2017-05-24 14:37 - 2013-05-27 06:53 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-24 10:45 - 2017-02-17 09:16 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-24 10:45 - 2016-04-08 18:08 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-23 19:15 - 2014-03-11 11:10 - 00000000 ____D C:\Program Files\CCleaner
2017-05-23 18:39 - 2013-12-07 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-05-23 18:39 - 2013-12-07 20:55 - 00000000 ____D C:\Program Files\Autodesk
2017-05-23 18:38 - 2017-02-16 23:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-23 18:38 - 2016-04-09 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic
2017-05-23 18:29 - 2013-05-13 19:24 - 00000000 ____D C:\Program Files\Adobe
2017-05-23 18:29 - 2013-05-13 19:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-23 18:18 - 2013-02-18 11:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-05-23 15:21 - 2017-03-15 15:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-23 15:21 - 2016-07-10 08:11 - 00000000 ____D C:\ProgramData\Skype
2017-05-23 15:21 - 2016-06-05 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-23 02:05 - 2016-06-05 10:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-23 02:05 - 2016-06-05 10:24 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-23 01:58 - 2013-06-09 03:10 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-23 01:58 - 2013-06-09 03:10 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-23 01:58 - 2013-06-09 03:10 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-22 21:55 - 2017-05-08 08:31 - 00000000 ____D C:\Program Files (x86)\Panda Security
2017-05-22 21:20 - 2017-05-08 08:14 - 00000000 ____D C:\ProgramData\Panda Security
2017-05-20 10:55 - 2016-06-07 11:25 - 00000000 ____D C:\ProgramData\Unity
 
==================== Files in the root of some directories =======
 
2013-12-12 22:38 - 2014-01-31 00:09 - 0000000 _____ () C:\Users\XTECH\AppData\Roaming\bitlord_log.txt
2013-06-28 15:11 - 2014-11-08 23:14 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2013-06-28 16:11 - 2017-06-11 01:30 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2014-02-02 12:13 - 2016-04-10 22:09 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato Targa de Adobe CS6
2013-05-09 07:33 - 2013-07-12 08:03 - 0045270 _____ () C:\Users\XTECH\AppData\Roaming\room_v3.dat
2016-11-20 00:50 - 2016-11-20 00:50 - 0000046 _____ () C:\Users\XTECH\AppData\Roaming\WB.CFG
2016-11-24 01:14 - 2016-11-24 01:14 - 308516124 _____ () C:\Users\XTECH\AppData\Local\ACCCx3_9_1_335.zip.aamdownload
2016-11-24 01:14 - 2016-11-24 01:14 - 0003455 _____ () C:\Users\XTECH\AppData\Local\ACCCx3_9_1_335.zip.aamdownload.aamd
2014-12-14 04:16 - 2015-08-08 00:17 - 0001456 _____ () C:\Users\XTECH\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2016-06-29 07:42 - 2016-06-29 07:42 - 0000148 _____ () C:\Users\XTECH\AppData\Local\DisableService.reg
2017-02-07 10:18 - 2017-02-07 10:18 - 0000063 _____ () C:\Users\XTECH\AppData\Local\emaildefaults
2017-02-07 10:28 - 2017-02-07 10:28 - 0000420 _____ () C:\Users\XTECH\AppData\Local\karboncalligraphyrc
2017-02-07 10:17 - 2017-02-07 10:39 - 0015535 _____ () C:\Users\XTECH\AppData\Local\kritarc
2014-01-31 02:36 - 2014-01-31 02:36 - 0000218 _____ () C:\Users\XTECH\AppData\Local\recently-used.xbel
2016-06-29 07:42 - 2016-06-29 07:42 - 0052704 _____ () C:\Users\XTECH\AppData\Local\regall.reg
2016-06-29 07:42 - 2016-06-29 07:42 - 0001012 _____ () C:\Users\XTECH\AppData\Local\service.inf
2016-06-29 07:42 - 2016-06-29 07:42 - 0033019 _____ () C:\Users\XTECH\AppData\Local\slerror.xml
2016-06-29 07:42 - 2016-06-29 07:42 - 2945485 _____ () C:\Users\XTECH\AppData\Local\tokensall.dat
2014-03-07 12:28 - 2014-03-07 12:28 - 0004919 _____ () C:\ProgramData\rznaopga.sea
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D6669626572732D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032313A3039202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D6572726F7268616E646C696E672D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032313A3039202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D64656C61796C6F61642D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032313A3039202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D64656275672D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032313A3039202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D6461746574696D652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032313A3039202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D636F6E736F6C652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3336202D203034303030343838205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6E746B726E6C70612E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3336202D203033393435313932205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6E746F736B726E6C2E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3334202D203031333134313132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6E74646C6C2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203031313134313132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6B65726E656C33322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030363930363838205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C616474736368656D612E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030363636313132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C7270637274342E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030363434303936205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C61647661706933322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030353533343732205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6B65726265726F732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030333432353238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C63657274636C692E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030323735343536205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C4B65726E656C426173652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030323631313230205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D7376315F302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030323534343634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C736368616E6E656C2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030323233323332205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6E63727970742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030313732303332205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C776469676573742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030313436343332205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D736175646974652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030313431333132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C727063687474702E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303936373638205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C73737069636C692E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303832393434205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6263727970742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303635353336205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C5453706B672E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303630343136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D736F626A732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303530363838205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C61707069646170692E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303433303038205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C7372636C69656E742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303232303136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C736563757233322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303137343038205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C637265647373702E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303036363536205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C617069736574736368656D612E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303035313230205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D66696C652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303035313230205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C776F7733322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303034363038205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D70726F63657373746872656164732D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303034303936205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D737973696E666F2D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303034303936205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D73796E63682D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303034303936205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D6D6973632D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303034303936205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D6C6F63616C72656769737472792D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303034303936205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D6C6F63616C697A6174696F6E2D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033353834205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D70726F63657373656E7669726F6E6D656E742D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033353834205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D6E616D6564706970652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033353834205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D6D656D6F72792D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033353834205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D6C6962726172796C6F616465722D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033353834205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D696E7465726C6F636B65642D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033353834205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D686561702D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D737472696E672D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D72746C737570706F72742D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D70726F66696C652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D696F2D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D68616E646C652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D6669626572732D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D6572726F7268616E646C696E672D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D64656C61796C6F61642D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D64656275672D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D6461746574696D652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3332202D203030303033303732205F5F5F5F4820284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D636F6E736F6C652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3139202D203030313438343830205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170706964706F6C696379636F6E7665727465722E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3139202D203030303632343634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C61707069642E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3139202D203030303137393230205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C61707069646365727473746F7265636865636B2E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3138202D203030303634303030205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6175646974706F6C2E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3135202D203030333338343332205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C636F6E686F73742E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3134202D203030323936393630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C7273747275692E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3132202D203030313539373434205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C6D7278736D622E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3131202D203030323931333238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C6D7278736D6231302E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3131202D203030313239353336205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C6D7278736D6232302E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3131202D203030303530313736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6175646974706F6C2E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3130202D203030313132363430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C736D73732E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3130202D203030303330373230205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6C736173732E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D32372032303A3038202D203030303235363030205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C736574757031362E6578650D0A00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3433202D203030303334333034205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6965726E6F6E63652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3338202D203030363135393336205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C696575692E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3337202D203030313434333834205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6965556E6174742E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3337202D203030313136323234205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6965657477636F6C6C6563746F722E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3336202D203030383137363634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6A7363726970742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3336202D203030383134303830205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6A73637269707439646961672E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3335202D203235373431333132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6D7368746D6C2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3235202D203030393638373034205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C4D735370656C6C436865636B696E67466163696C6974792E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3231202D203030343839393834205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6478746D7366742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3139202D203032373234383634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D7368746D6C2E746C620D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3138202D203035393737363030205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6A736372697074392E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3131202D203030303737383234205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C4A617661536372697074436F6C6C656374696F6E4167656E742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3130202D203030303837353532205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C7464632E6F63780D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3039202D203030313037353230205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C696E73656E672E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3034202D203030313939363830205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6D73726174696E672E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3033202D203030303932313630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6D7368746D6C65642E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3032202D203030303632343634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C696573657475702E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3031202D203030343939323030205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C76627363726970742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3031202D203030333431353034205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C68746D6C2E6965630D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3031202D203030303437363136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C696565747770726F7879737475622E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3030202D203030333135333932205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C64787472616E732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030343A3030202D203030303634303030205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C4D7368746D6C4461632E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3537202D203030313532303634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6F6363616368652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3533202D203032323930313736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C696572747574696C2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3532202D203030303437313034205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6A7370726F78792E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3532202D203030303330373230205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6965726E6F6E63652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3439202D203230323738323732205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D7368746D6C2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3438202D203030343736313630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C696575692E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3437202D203030363633353532205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6A7363726970742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3437202D203030313135373132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6965556E6174742E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3436202D203030363230303332205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6A73637269707439646961672E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3433202D203030323632313434205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C776562636865636B2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3430202D203030383036393132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6D7366656564732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3430202D203030373235353034205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C69653475696E69742E6578650D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3337202D203032313332393932205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C696E657463706C2E63706C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3337202D203031333539333630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6D7368746D6C6D656469612E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3335202D203030343136323536205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6478746D7366742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3330202D203030303630343136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C4A617661536372697074436F6C6C656374696F6E4167656E742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3239202D203030303733323136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C7464632E6F63780D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3238202D203030303931313336205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C696E73656E672E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3235202D203030313638393630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D73726174696E672E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3234202D203030303736323838205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D7368746D6C65642E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3232202D203030323739303430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C64787472616E732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3230202D203030313330303438205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6F6363616368652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3132202D203030323330343030205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C776562636865636B2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3130202D203135323530393434205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C69656672616D652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3130202D203030363933323438205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D7366656564732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3038202D203034353438363038205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6A736372697074392E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3038202D203032303537323136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C696E657463706C2E63706C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3038202D203031313535303732205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D7368746D6C6D656469612E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030333A3034202D203033323431343732205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C77696E696E65742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030323A3533202D203133363631313834205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C69656672616D652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030323A3530202D203031353434373034205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C75726C6D6F6E2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030323A3430202D203030383030373638205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C69656170666C74722E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030323A3337202D203032373637383732205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C77696E696E65742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030323A3334202D203031333134383136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C75726C6D6F6E2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31362030323A3334202D203030373130313434205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C69656170666C74722E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31322031313A3332202D203031343833373736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C637279707433322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31322031313A3332202D203030323239333736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C77696E74727573742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31322031313A3332202D203030313930393736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C63727970747376632E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31322031313A3332202D203030313431383234205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C63727970746E65742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31322031313A3236202D203030313739323030205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C77696E74727573742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31322031313A3235202D203031313736303634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C637279707433322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31322031313A3235202D203030313435393230205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C63727970747376632E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D31322031313A3235202D203030313036343936205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C63727970746E65742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D30372031313A3334202D203030393836383536205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C6478676B726E6C2E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D30372031313A3334202D203030323635343438205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C6478676D6D73312E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D30372031313A3330202D203030343035353034205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C67646933322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D30372031313A3330202D203030313434333834205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6364642E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D30372031313A3232202D203030333132383332205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C67646933322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30342D30352031303A3535202D203030343630383030205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C7372762E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D30352031303A3535202D203030343035353034205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C737276322E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D30352031303A3535202D203030313638393630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C7372766E65742E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D30342031313A3334202D203031383935363536205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C74637069702E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D30342031313A3334202D203030333737353736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C6E6574696F2E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D30342031313A3334202D203030323837393736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C4657504B434C4E542E5359530D0A323031372D30352D32342031323A3333202D20323031372D30342D30342031303A3533202D203030343936313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C6166642E7379730D0A323031372D30352D32342031323A3333202D20323031372D30342D30342031303A3533202D203030313137373630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C7464782E7379730D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3332202D203033313635313834205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C7775636C7475782E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3332202D203030313932353132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C7775776562762E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3332202D203030303938383136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C77756472697665722E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3330202D203030303931313336205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C57696E536574757055492E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3234202D203030313734303830205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C7775776562762E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3137202D203032363531313336205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C77756175656E672E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3135202D203030373039313230205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C77756170692E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3135202D203030313430323838205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C77756175636C742E6578650D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3135202D203030303337383838205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C77757073322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3135202D203030303337383838205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C77756170702E6578650D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3135202D203030303336383634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C777570732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3135202D203030303132323838205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C77752E757067726164652E70732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3035202D203030353733343430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C77756170692E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3035202D203030303933363936205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C77756472697665722E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3035202D203030303335333238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C77756170702E6578650D0A323031372D30352D32342031323A3333202D20323031372D30332D32322031313A3035202D203030303330323038205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C777570732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3335202D203030333832363936205F5F5F5F5F202841646F62652053797374656D7320496E636F72706F72617465642920433A5C57696E646F77735C73797374656D33325C61746D66642E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3332202D203031333839303536205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C706C612E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3332202D203030333030353434205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C7064682E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3331202D203030313030383634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C666F6E747375622E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3331202D203030303436303830205F5F5F5F5F202841646F62652053797374656D732920433A5C57696E646F77735C73797374656D33325C61746D6C69622E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3331202D203030303431343732205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6C706B2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3331202D203030303134333336205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6463696D616E33322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3237202D203030333038343536205F5F5F5F5F202841646F62652053797374656D7320496E636F72706F72617465642920433A5C57696E646F77735C537973574F5736345C61746D66642E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3230202D203031353038333532205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C706C612E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3230202D203030323337303536205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C7064682E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3230202D203030303235363030205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6C706B2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3139202D203030303730363536205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C666F6E747375622E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031323A3139202D203030303130323430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6463696D616E33322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031313A3537202D203030303039323136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C706C617372762E6578650D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031313A3535202D203030323035333132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C666173746661742E7379730D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031313A3535202D203030313935353834205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C447269766572735C65786661742E7379730D0A323031372D30352D32342031323A3333202D20323031372D30332D31302031313A3533202D203030303334333034205F5F5F5F5F202841646F62652053797374656D732920433A5C57696E646F77735C537973574F5736345C61746D6C69622E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D30392031323A3334202D203030303032303438205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C747A7265732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D30392031323A3139202D203030303032303438205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C747A7265732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D30372031323A3330202D203030303835353034205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6173796366696C742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D30372031323A3137202D203030303637353834205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6173796366696C742E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D30372031303A3035202D203030323433323030205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C7264707564642E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D30332032313A3237202D203031353734393132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C71756172747A2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D30332032313A3237202D203030303933363936205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6D666D6A7065676465632E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D30332032313A3134202D203031333239363634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C71756172747A2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30332D30332032313A3134202D203030303737333132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D666D6A7065676465632E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D31342031323A3333202D203030373537323438205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C77696E333273706C2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D31342031323A3139202D203030343937363634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C77696E333273706C2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D31302031323A3332202D203030383033333238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C75737031302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D31302031323A3137202D203030363238373336205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C75737031302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D31302031303A3333202D203031323531333238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C4457726974652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30392031323A3332202D203030373639353336205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C73616D7372762E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30392031323A3332202D203030313036343936205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C73616D6C69622E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30392031323A3332202D203030303430393630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C576373506C7567496E536572766963652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30392031323A3331202D203030363235363634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6D73636D732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30392031323A3331202D203030323530383830205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C69636D33322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30392031323A3134202D203030343831373932205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D73636D732E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30392031323A3134202D203030323135303430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C69636D33322E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30392031323A3134202D203030303630343136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C73616D6C69622E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30392031313A3531202D203030303332373638205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C576373506C7567496E536572766963652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30392031303A3036202D203031363438313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C4457726974652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30392031303A3036202D203031313830313630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C466E7443616368652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30322D30362031323A3134202D203030373333363936205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C48656C7050616E652E6578650D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030393934373630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C75637274626173652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303633383430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D707269766174652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303230383332205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D6D6174682D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303139383038205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D6D756C7469627974652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303137373630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D737472696E672D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303137373630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D737464696F2D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303136323234205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D72756E74696D652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303135373132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D636F6E766572742D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303134313736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D74696D652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303134313736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D6C6F63616C697A6174696F6E2D6C312D322D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303133363634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D66696C6573797374656D2D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303132363430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D70726F636573732D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303132363430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D686561702D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303132363430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D636F6E696F2D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303132313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D7574696C6974792D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303132313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D6C6F63616C652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303132313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D6372742D656E7669726F6E6D656E742D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303132313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D73796E63682D6C312D322D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303132313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D70726F63657373746872656164732D6C312D312D312E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303131363136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D7873746174652D6C322D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303131363136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D74696D657A6F6E652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303131363136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D66696C652D6C322D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3336202D203030303131363038205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170692D6D732D77696E2D636F72652D66696C652D6C312D322D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030393232343332205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C75637274626173652E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303636343030205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D707269766174652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303232333638205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D6D6174682D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303139383038205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D6D756C7469627974652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303137373630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D737472696E672D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303137373630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D737464696F2D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303136323234205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D72756E74696D652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303135373132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D636F6E766572742D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303134313736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D74696D652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303134313736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D6C6F63616C697A6174696F6E2D6C312D322D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303133363634205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D66696C6573797374656D2D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303132363430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D70726F636573732D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303132363430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D686561702D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303132363430205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D636F6E696F2D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303132313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D7574696C6974792D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303132313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D6C6F63616C652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303132313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D6372742D656E7669726F6E6D656E742D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303132313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D73796E63682D6C312D322D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303132313238205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D70726F63657373746872656164732D6C312D312D312E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303131363136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D7873746174652D6C322D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303131363136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D74696D657A6F6E652D6C312D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303131363136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D66696C652D6C322D312D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31382031313A3335202D203030303131363136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6170692D6D732D77696E2D636F72652D66696C652D6C312D322D302E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31332031343A3030202D203030393736383936205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C696E6574636F6D6D2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31332031343A3030202D203030303834343830205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C494E45545245532E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31332031333A3435202D203030373431383838205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C696E6574636F6D6D2E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31332031333A3435202D203030303834343830205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C494E45545245532E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31312031343A3031202D203031383837373434205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6D73786D6C332E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31312031343A3031202D203030303032303438205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6D73786D6C33722E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31312031333A3433202D203031323431303838205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D73786D6C332E646C6C0D0A323031372D30352D32342031323A3333202D20323031372D30312D31312031333A3433202D203030303032303438205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C537973574F5736345C6D73786D6C33722E646C6C0D0A323031372D30352D32342031323A3333202D20323031362D30332D32332031383A3430202D203033313831353638205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C726470636F726574732E646C6C0D0A323031372D30352D32342031323A3333202D20323031362D30332D32332031383A3430202D203030303136333834205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C52647047726F7570506F6C696379457874656E73696F6E2E646C6C0D0A323031372D30352D32342031323A3131202D20323031372D30322D32322031393A3432202D203030303834373132205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C436F6D70617454656C52756E6E65722E6578650D0A323031372D30352D32342031323A3131202D20323031372D30322D32322031393A3337202D203031323835363332205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6165696E762E646C6C0D0A323031372D30352D32342031323A3131202D20323031372D30322D31382031303A3035202D203031363039323136205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C6170707261697365722E646C6C0D0A323031372D30352D32342031323A3131202D20323031372D30322D31382031303A3035202D203030363436363536205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C67656E6572616C74656C2E646C6C0D0A323031372D30352D32342031323A3131202D20323031362D31322D33312031313A3336202D203030353536353434205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C646576696E762E646C6C0D0A323031372D30352D32342031323A3131202D20323031362D31322D33312031313A3336202D203030333335333630205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C696E766167656E742E646C6C0D0A323031372D30352D32342031323A3131202D20323031362D31322D33312031313A3336202D203030323933333736205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C63656E74656C2E646C6C0D0A323031372D30352D32342031323A3131202D20323031362D31322D33312031313A3336202D203030323333393834205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C61657069632E646C6C0D0A323031372D30352D32342031323A3131202D20323031362D31322D33312031313A3336202D203030313333363332205F5F5F5F5F20284D6963726F736F667420436F72706F726174696F6E2920433A5C57696E646F77735C73797374656D33325C61636D6967726174696F6E2E646C6C0D0A323031372D30352D32342030313A3334202D20323031372D30352D32342030313A3233202D203030303437343236205F5F5F5F5F20433A5C55736572735C58544543485C4465736B746F705C4164646974696F6E2E7478740D0A323031372D30352D32342030313A3233202D20323031372D30362D31302031313A3131202D203030303438363639205F5F5F5F5F20433A5C55736572735C58544543485C446F776E6C6F6164735C4164646974696F6E2E7478740D0A323031372D30352D32342030313A3231202D20323031372D30362D31312030343A3135202D203030303534363134205F5F5F5F5F20433A5C55736572735C58544543485C446F776E6C6F6164735C465253542E7478740D0A323031372D30352D32342030313A3139202D20323031372D30362D31312030343A3131202D203030303030303030205F5F5F5F4420433A5C465253540D0A323031372D30352D32342030313A3139202D20323031372D30362D30322030303A3539202D203030303031343230205F5F5F5F5F20433A5C55736572735C58544543485C4465736B746F705C465253543634456E676C697368202D2041636365736F206469726563746F2E6C6E6B0D0A323031372D30352D32342030313A3138202D20323031372D30362D31302031313A3038202D203032343337313230205F5F5F5F5F20284661726261722920433A5C55736572735C58544543485C446F776E6C6F6164735C465253543634456E676C6973682E6578650D0A323031372D30352D32342030303A3032202D20323031372D30352D32342030303A3138202D20313230383332363430205F5F5F5F5F2028455345542920433A5C55736572735C58544543485C446F776E6C6F6164735C6569735F6E7436345F65736C2E6578650D0A323031372D30352D32332032323A3533202D20323031372D30352D32332032323A3537202D203131363436313132205F5F5F5F5F2028455345542920433A5C55736572735C58544543485C446F776E6C6F6164735C617672656D6F7665725F6E7436345F656E752E6578650D0A323031372D30352D32332032313A3230202D20323031372D30352D32332032323A3337202D20313131363332353132205F5F5F5F5F2028455345542920433A5C55736572735C58544543485C446F776E6C6F6164735C6561765F6E7436345F65736C2E6578650D0A323031372D30352D32332032303A3530202D20323031372D30352D32392030363A3137202D203030323834323232205F5F5F5F5F20433A5C57696E646F77735C6E7462746C6F672E7478740D0A323031372D30352D32332031393A3533202D20323031372D30362D31302031353A3031202D203031303733323032205F5F5F5F5F20433A5C57696E646F77735C57696E646F77735570646174652E6C6F670D0A323031372D30352D32332031393A3438202D20323031372D30362D31302031343A3533202D203030303139323135205F5F5F5F5F20433A5C57696E646F77735C73657475706163742E6C6F670D0A323031372D30352D32332031393A3438202D20323031372D30352D32342031303A3435202D203030353637343334205F5F5F5F5F20433A5C57696E646F77735C5046524F2E6C6F670D0A323031372D30352D32332031393A3438202D20323031372D30352D32332031393A3438202D203030303030303030205F5F5F5F5F20433A5C57696E646F77735C73657475706572722E6C6F670D0A323031372D30352D32332031393A3233202D20323031372D30352D32332031393A3234202D203031333035333637205F5F5F5F5F20433A5C55736572735C58544543485C446F776E6C6F6164735C4175746F72756E732E7A69700D0A323031372D30352D32332031393A3136202D20323031372D30352D32382030303A3036202D203030303030303032205F5F5F5F5F20433A5C55736572735C58544543485C4465736B746F705C526B696C6C2E7478740D0A323031372D30352D32332031393A3135202D20323031372D30362D30322030303A3539202D203030303030383737205F5F5F5F5F20433A5C55736572735C5075626C69635C4465736B746F705C43436C65616E65722E6C6E6B0D0A323031372D30352D32332031393A3135202D20323031372D30352D32332031393A3135202D203030303030303030205F5F5F5F4420433A5C50726F6772616D446174615C4D6963726F736F66745C57696E646F77735C5374617274204D656E755C50726F6772616D735C43436C65616E65720D0A323031372D30352D32332031393A3134202D20323031372D30352D32332031393A3135202D203032303330353336205F5F5F5F5F2028426C656570696E6720436F6D70757465722C204C4C432920433A5C55736572735C58544543485C446F776E6C6F6164735C694578706C6F72652E6578650D0A323031372D30352D32332031383A3338202D20323031372D30362D31302031343A3533202D203030323532383332205F5F5F5F5F20284D616C7761726562797465732920433A5C57696E646F77735C73797374656D33325C447269766572735C4D42414D537769737341726D792E7379730D0A323031372D30352D32332031383A3338202D20323031372D30362D30362032313A3132202D203030303737333736205F5F5F5F5F20433A5C57696E646F77735C73797374656D33325C447269766572735C6D62616536342E7379730D0A323031372D30352D32332031383A3338202D20323031372D30362D30322030303A3539202D203030303031393232205F5F5F5F5F20433A5C55736572735C5075626C69635C4465736B746F705C4D616C7761726562797465732E6C6E6B0D0A323031372D30352D32332031383A3338202D20323031372D30352D32332031383A3338202D203030303030303030205F5F5F5F4420433A5C50726F6772616D446174615C4D6963726F736F66745C57696E646F77735C5374617274204D656E755C50726F6772616D735C4D616C7761726562797465730D0A323031372D30352D32332031383A3338202D20323031372D30352D32332031383A3338202D203030303030303030205F5F5F5F4420433A5C50726F6772616D2046696C65735C4D616C7761726562797465730D0A323031372D30352D32332031383A3034202D20323031372D30352D32332031383A3039202D203039353531323830205F5F5F5F5F202850697269666F726D204C74642920433A5C55736572735C58544543485C446F776E6C6F6164735C636373657475703533302E6578650D0A323031372D30352D32332031383A3031202D20323031372D30352D32332031383A3038202D203633303335353932205F5F5F5F5F20284D616C776172656279746573202920433A5C55736572735C58544543485C446F776E6C6F6164735C6D62332D73657475702D33353839312E33353839312D332E312E322E313733332E6578650D0A323031372D30352D32332031373A3239202D20323031372D30352D32332031373A3239202D203030383031303837205F5F5F5F5F20433A5C55736572735C58544543485C446F776E6C6F6164735C476D657241524B2E7A69700D0A323031372D30352D32332031353A3530202D20323031372D30352D32332031353A3530202D203030303030303030205F5F5F5F4420433A5C50726F6772616D446174615C5357435554656D700D0A323031372D30352D32332031343A3433202D20323031372D30362D31302031353A3131202D203030353234323838205F5F5F534820433A5C57696E646F77735C73797374656D33325C636F6E6669675C636F6D706F6E656E74737B65633338353438322D336665362D313165372D616631622D6263356666343333336633647D2E544D436F6E7461696E657230303030303030303030303030303030303030312E7265677472616E732D6D730D0A323031372D30352D32332031343A3433202D20323031372D30362D31302031353A3131202D203030353234323838205F5F5F534820433A5C57696E646F77735C73797374656D33325C636F6E6669675C636F6D706F6E656E74737B65633338353438322D336665362D313165372D616631622D6263356666343333336633647D2E544D436F6E7461696E657230303030303030303030303030303030303030312E7265677472616E732D6D730D0A323031372D30352D32332031343A3433202D20323031372D30362D31302031353A3131202D203030303635353336205F5F5F534820433A5C57696E646F77735C73797374656D33325C636F6E6669675C636F6D706F6E656E74737B65633338353438322D336665362D313165372D616631622D6263356666343333336633647D2E544D2E626C660D0A323031372D30352D32332031343A3433202D20323031372D30362D31302031353A3131202D203030303635353336205F5F5F534820433A5C57696E646F77735C73797374656D33325C636F6E6669675C636F6D706F6E656E74737B65633338353438322D336665362D313165372D616631622D6263356666343333336633647D2E544D2E626C660D0A323031372D30352D32332031343A3433202D20323031372D30352D32332031343A3534202D203030353234323838205F5F5F534820433A5C57696E646F77735C73797374656D33325C636F6E6669675C636F6D706F6E656E74737B65633338353438322D336665362D313165372D616631622D6263356666343333336633647D2E544D436F6E7461696E657230303030303030303030303030303030303030322E7265677472616E732D6D730D0A323031372D30352D32332031343A3433202D20323031372D30352D32332031343A3534202D203030353234323838205F5F5F534820433A5C57696E646F77735C73797374656D33325C636F6E6669675C636F6D706F6E656E74737B65633338353438322D336665362D313165372D616631622D6263356666343333336633647D2E544D436F6E7461696E657230303030303030303030303030303030303030322E7265677472616E732D6D730D0A323031372D30352D32332030313A3538202D20323031372D30352D32332030313A3538202D203030303034333332205F5F5F5F5F20433A5C57696E646F77735C53797374656D33325C5461736B735C41646F626520466C61736820506C6179657220557064617465720D0A323031372D30352D32322032333A3537202D20323031372D30352D32322032333A3537202D203030303033393030205F5F5F5F5F20433A5C57696E646F77735C53797374656D33325C5461736B735C536166655A6F6E65207363686564756C6564204175746F75706461746520313439353531313833310D0A323031372D30352D32322032333A3537202D20323031372D30352D32322032333A3537202D203030303031303534205F5F5F5F5F20433A5C55736572735C5075626C69635C4465736B746F705C417661737420536166655A6F6E6520332042726F777365722E6C6E6B0D0A323031372D30352D32322032333A3537202D20323031372D30352D32322032333A3537202D203030303031303534205F5F5F5F5F20433A5C50726F6772616D446174615C4D6963726F736F66745C57696E646F77735C5374617274204D656E755C50726F6772616D735C417661737420536166655A6F6E6520332042726F777365722E6C6E6B0D0A323031372D30352D32322032313A3338202D20323031372D30352D32322032313A3338202D203036363534393630205F5F5F5F5F2028415641535420536F6674776172652920433A5C55736572735C58544543485C446F776E6C6F6164735C61766173745F667265655F616E746976697275735F73657475705F6F6E6C696E655F636E6574322E6578650D0A323031372D30352D32322030393A3032202D20323031372D30352D32322030393A3032202D203030303030303030205F5F5F5F4420433A5C50726F6772616D2046696C65735C455345540D0A323031372D30352D31342031353A3039202D20323031372D30352D31342031353A3039202D203030313138373438205F5F5F5F5F20433A5C55736572735C58544543485C4465736B746F705C484F524152494F204A4F534520414E445245532047554544455A20312053454D45535452452E7064660D0A
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-11 03:27 - 2016-11-25 18:43 - 00000000 ____D C:\Users\XTECH\Desktop\Referencias
2017-06-11 03:23 - 2013-07-11 18:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-10 20:09 - 2017-02-15 05:04 - 00000918 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-06-10 20:09 - 2013-05-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-10 14:58 - 2009-07-14 00:45 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-10 14:58 - 2009-07-14 00:45 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-10 14:53 - 2017-05-08 08:32 - 00000000 ____D C:\ProgramData\panda_url_filtering
2017-06-10 14:53 - 2013-12-06 00:09 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-06-10 14:52 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-10 14:52 - 2009-07-13 22:34 - 00000493 _____ C:\Windows\win.ini
2017-06-08 08:21 - 2016-11-21 07:50 - 00000000 ____D C:\Users\XTECH\Desktop\Tutotriales
2017-06-06 16:54 - 2014-09-16 02:45 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-06-06 15:45 - 2014-02-17 15:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-06-03 18:42 - 2014-05-06 00:18 - 00000000 ____D C:\ProgramData\Tablet
2017-06-03 18:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-06-03 00:58 - 2016-09-03 00:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-05-31 04:56 - 2014-08-03 02:29 - 00000000 ____D C:\Users\XTECH\Desktop\Modelos
2017-05-28 01:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-27 10:56 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-27 10:49 - 2017-05-08 08:31 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2017-05-26 23:12 - 2017-03-09 21:55 - 00132848 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2017-05-25 17:13 - 2013-05-09 07:00 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2017-05-24 18:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-24 15:04 - 2011-04-12 05:10 - 00751372 _____ C:\Windows\system32\perfh00A.dat
2017-05-24 15:04 - 2011-04-12 05:10 - 00160414 _____ C:\Windows\system32\perfc00A.dat
2017-05-24 15:04 - 2009-07-14 01:13 - 01687360 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-24 14:55 - 2009-07-14 00:45 - 05060952 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-24 14:52 - 2014-12-10 04:50 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-24 14:52 - 2014-05-06 14:45 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-05-24 14:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-24 14:40 - 2013-12-07 22:41 - 01661010 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-24 14:38 - 2013-08-29 22:17 - 00000000 ____D C:\Windows\system32\MRT
2017-05-24 14:37 - 2013-05-27 06:53 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-24 10:45 - 2017-02-17 09:16 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-24 10:45 - 2016-04-08 18:08 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-23 19:15 - 2014-03-11 11:10 - 00000000 ____D C:\Program Files\CCleaner
2017-05-23 18:39 - 2013-12-07 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-05-23 18:39 - 2013-12-07 20:55 - 00000000 ____D C:\Program Files\Autodesk
2017-05-23 18:38 - 2017-02-16 23:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-23 18:38 - 2016-04-09 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic
2017-05-23 18:29 - 2013-05-13 19:24 - 00000000 ____D C:\Program Files\Adobe
2017-05-23 18:29 - 2013-05-13 19:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-23 18:18 - 2013-02-18 11:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-05-23 15:21 - 2017-03-15 15:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-23 15:21 - 2016-07-10 08:11 - 00000000 ____D C:\ProgramData\Skype
2017-05-23 15:21 - 2016-06-05 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-23 02:05 - 2016-06-05 10:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-23 02:05 - 2016-06-05 10:24 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-23 01:58 - 2013-06-09 03:10 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-23 01:58 - 2013-06-09 03:10 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-23 01:58 - 2013-06-09 03:10 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-22 21:55 - 2017-05-08 08:31 - 00000000 ____D C:\Program Files (x86)\Panda Security
2017-05-22 21:20 - 2017-05-08 08:14 - 00000000 ____D C:\ProgramData\Panda Security
2017-05-20 10:55 - 2016-06-07 11:25 - 00000000 ____D C:\ProgramData\Unity
 
==================== Files in the root of some directories =======
 
2013-12-12 22:38 - 2014-01-31 00:09 - 0000000 _____ () C:\Users\XTECH\AppData\Roaming\bitlord_log.txt
2013-06-28 15:11 - 2014-11-08 23:14 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2013-06-28 16:11 - 2017-06-11 01:30 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2014-02-02 12:13 - 2016-04-10 22:09 - 0000132 _____ () C:\Users\XTECH\AppData\Roaming\Prefs. de formato Targa de Adobe CS6
2013-05-09 07:33 - 2013-07-12 08:03 - 0045270 _____ () C:\Users\XTECH\AppData\Roaming\room_v3.dat
2016-11-20 00:50 - 2016-11-20 00:50 - 0000046 _____ () C:\Users\XTECH\AppData\Roaming\WB.CFG
2016-11-24 01:14 - 2016-11-24 01:14 - 308516124 _____ () C:\Users\XTECH\AppData\Local\ACCCx3_9_1_335.zip.aamdownload
2016-11-24 01:14 - 2016-11-24 01:14 - 0003455 _____ () C:\Users\XTECH\AppData\Local\ACCCx3_9_1_335.zip.aamdownload.aamd
2014-12-14 04:16 - 2015-08-08 00:17 - 0001456 _____ () C:\Users\XTECH\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2016-06-29 07:42 - 2016-06-29 07:42 - 0000148 _____ () C:\Users\XTECH\AppData\Local\DisableService.reg
2017-02-07 10:18 - 2017-02-07 10:18 - 0000063 _____ () C:\Users\XTECH\AppData\Local\emaildefaults
2017-02-07 10:28 - 2017-02-07 10:28 - 0000420 _____ () C:\Users\XTECH\AppData\Local\karboncalligraphyrc
2017-02-07 10:17 - 2017-02-07 10:39 - 0015535 _____ () C:\Users\XTECH\AppData\Local\kritarc
2014-01-31 02:36 - 2014-01-31 02:36 - 0000218 _____ () C:\Users\XTECH\AppData\Local\recently-used.xbel
2016-06-29 07:42 - 2016-06-29 07:42 - 0052704 _____ () C:\Users\XTECH\AppData\Local\regall.reg
2016-06-29 07:42 - 2016-06-29 07:42 - 0001012 _____ () C:\Users\XTECH\AppData\Local\service.inf
2016-06-29 07:42 - 2016-06-29 07:42 - 0033019 _____ () C:\Users\XTECH\AppData\Local\slerror.xml
2016-06-29 07:42 - 2016-06-29 07:42 - 2945485 _____ () C:\Users\XTECH\AppData\Local\tokensall.dat
2014-03-07 12:28 - 2014-03-07 12:28 - 0004919 _____ () C:\ProgramData\rznaopga.sea
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
LastRegBack: 2017-06-02 11:26
 
==================== End of FRST.txt ============================
LastRegBack: 2017-06-02 11:26
 
==================== End of FRST.txt ============================


#11 NoMansSky

NoMansSky
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 11 June 2017 - 03:30 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2017
Ran by XTECH (11-06-2017 04:15:46)
Running from C:\Users\XTECH\Downloads
Windows 7 Home Basic Service Pack 1 (X64) (2013-02-19 02:43:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1179365018-2919913279-3888768026-500 - Administrator - Disabled)
Invitado (S-1-5-21-1179365018-2919913279-3888768026-501 - Limited - Disabled)
XTECH (S-1-5-21-1179365018-2919913279-3888768026-1000 - Administrator - Enabled) => C:\Users\XTECH
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {006A04DE-FA90-4CE7-AC98-3A33F5FEF4B4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {08C82C50-CCD1-4828-9532-6F153C553A3C} - \SafeZone scheduled Autoupdate 1487339738 -> No File <==== ATTENTION
Task: {2264AEB7-89B9-46E5-BCAF-A263BDFB13E9} - System32\Tasks\SafeZone scheduled Autoupdate 1495511831 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {3C24544B-CFF5-4B8F-95B8-123028C8C29D} - \{477B883D-6B6A-4313-AFF9-0CDDFEA4755D} -> No File <==== ATTENTION
Task: {575B5CEE-802C-428A-B68D-E1C0BD3E33F5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {67607B88-A673-44C8-86F8-09E828BC9B0B} - \SafeZone scheduled Autoupdate 1483851649 -> No File <==== ATTENTION
Task: {69F2C2E3-67E9-4017-80C5-53AF4C57219D} - \{923203DE-C1CB-4A21-8372-3797BF8501D7} -> No File <==== ATTENTION
Task: {74099D49-1665-4BC7-93EC-B08786E2300D} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {8DCA6C17-79AB-4F04-A427-ACF4CFFC3EB9} - \{24EF0A60-8584-4444-88AA-99721E0A20DD} -> No File <==== ATTENTION
Task: {94DA3493-8029-494F-83B3-4370BBF85374} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION
Task: {9BA9B2A1-1C6E-4A65-BC4B-79B07611145C} - \{AA144057-932B-454A-876B-32124E725539} -> No File <==== ATTENTION
Task: {A39CC9B0-2C0F-4529-AC0F-F6A742281E82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-23] (Adobe Systems Incorporated)
Task: {A44BC645-1275-474C-805E-3A2B86E107D0} - \{26020CD9-86B3-486E-AE55-5CC6E832F430} -> No File <==== ATTENTION
Task: {A93424AA-8E20-4791-9F8B-2770DEFAF3B4} - \AVG EUpdate Task -> No File <==== ATTENTION
Task: {AB009214-35CF-4B30-990E-9A024EB41164} - \{0A7CC92E-6616-4E39-9397-7915DB92F997} -> No File <==== ATTENTION
Task: {B4787CA1-8868-42C9-A2F3-E7509060820F} - \{1713EFA4-3D28-4049-89FA-A924470D4A51} -> No File <==== ATTENTION
Task: {BC4AC670-7E4E-4CCA-B449-84BC4FFC40C7} - \{60694184-C1CB-426D-BFAA-F300F21D1483} -> No File <==== ATTENTION
Task: {C5771145-4C68-4DED-85D3-6442C0DB4BAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C86B011A-D6CD-4B90-BD35-1D72DB737963} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {CD91EF15-ADB1-49A8-B44A-09FC4A8019C3} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {DCB615E9-004C-4161-AEC2-7E8AE802E9F0} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {FA6FAEA2-CE54-4DA2-92C8-4402EF16CAAB} - \{04CA712C-9414-4FBD-BCE2-0DD7519B6679} -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\XTECH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\XTECH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-12-04 09:14 - 2013-12-04 09:14 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 09:14 - 2013-12-04 09:14 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 09:14 - 2013-12-04 09:14 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2014-05-06 00:18 - 2012-09-20 18:59 - 00581120 _____ () C:\Windows\system32\atwtusb.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-11-27 13:55 - 2016-11-27 13:55 - 00230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2016-08-23 15:28 - 2013-12-04 12:35 - 01185048 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-05-11 21:01 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-11 21:01 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-24 17:10 - 2017-05-24 17:10 - 00169984 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e02990982d5c841556f4bc4041a38de0\IsdiInterop.ni.dll
2013-02-18 11:15 - 2010-11-06 00:20 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-02-18 11:16 - 2012-02-07 18:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-01 08:50 - 2017-05-16 21:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-08 07:09 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-08 07:09 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-08 07:09 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-17 03:21 - 2017-06-08 01:42 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-01 01:33 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-01 01:33 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-01 01:33 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-01 01:33 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-01 01:33 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-09 18:26 - 2017-06-08 01:42 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-08 07:09 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-12 19:06 - 2017-05-08 15:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-08 21:36 - 2017-05-16 21:54 - 00678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2013-07-03 15:53 - 2017-06-08 01:42 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-08 07:09 - 2015-09-24 19:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [137]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48651689.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49774825.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48651689.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49774825.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\...\sony.com -> sony.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2017-02-15 05:39 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\XTECH\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.109.78.12 - 200.44.32.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: mi-raysat_3dsmax2012_64 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ISCTSystray.lnk => C:\Windows\pss\ISCTSystray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^XTECH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^StartUp^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AtwtusbIcon => AtwtusbIcon.exe
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Escritorio Movistar Latam => "C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\EMMSN.exe" -dock
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{951BA2F2-F1C4-4182-AE2B-453322B47F69}C:\program files (x86)\starcraft 2\versions\base15405\sc2.exe] => (Block) C:\program files (x86)\starcraft 2\versions\base15405\sc2.exe
FirewallRules: [UDP Query User{83A0AED5-0F6B-46C6-B842-B703E9B295A8}C:\program files (x86)\starcraft 2\versions\base15405\sc2.exe] => (Block) C:\program files (x86)\starcraft 2\versions\base15405\sc2.exe
FirewallRules: [{9842CFD9-9C1E-4B4C-927E-31B30E37E649}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F203B38F-62F9-40C8-9B8F-43833B2C39C2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08D2E8C1-4133-48EE-BE58-7AC4B59467CC}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{77EDCCF9-DE94-4DF0-9F84-CBE0E6BCFEFF}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{82E3B920-DB24-4C8B-AF29-8D9EBB635167}] => (Allow) C:\Program Files (x86)\InfiniteCrisis\TurbineLauncher.exe
FirewallRules: [{50E581BF-0242-4623-9278-760F4D039D2E}] => (Allow) C:\Program Files (x86)\InfiniteCrisis\TurbineLauncher.exe
FirewallRules: [{366C2635-977E-4939-905B-47DED95197B0}] => (Allow) C:\Program Files (x86)\InfiniteCrisis\TurbineLauncher.exe
FirewallRules: [{6E8F8F7B-6A02-4AE9-8614-2C2E5F79D7E5}] => (Allow) C:\Program Files (x86)\InfiniteCrisis\TurbineLauncher.exe
FirewallRules: [{168D8656-59CF-4517-BB12-30C0978A2D76}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe
FirewallRules: [{BE93CFDE-DD1A-473E-A7C3-3ABB62F63219}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe
FirewallRules: [{5787759F-078D-49BB-B8AF-C88F3EE0FBEF}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe
FirewallRules: [{D7209B2D-5701-4E06-AD61-547CE782281F}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe
FirewallRules: [{4F5A446A-72E9-4489-AA7E-A77CFFAE6964}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{953FE861-4543-4C1B-ABBE-4597ACF4E5DC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F29E3FBD-ED23-4D47-8C07-B2F0903B5ED4}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{EAD0A332-841C-49EC-AD7A-22B5A6B2BFFB}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0E0FA939-AFEB-4801-93C4-F914AE501165}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (VI) The Angel of Darkness\Launcher.exe
FirewallRules: [{7804DC01-EF5C-4127-BF4B-98498B2879E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider (VI) The Angel of Darkness\Launcher.exe
FirewallRules: [{4399625C-77DB-4016-8EF1-5A76CCD69D29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F6A4F51D-3B4D-42A0-ABAC-685EC1E619BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{FDF3AD4A-5DC3-46D1-8D10-3C0712353AB9}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{90DF1198-3B72-4C39-873D-E2A9CB20557C}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [{121CE8B8-1BD9-4448-9647-46C6AF788E8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{8434B688-C95A-4B28-B2D7-8C63869510B6}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{E8A261A9-9BCF-4AF6-967B-5DB3981BB16B}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{B53597E3-ABA0-4BD8-AB01-0F1C49FA93FC}C:\program files\3d-coat-v4\3d-coatgl64s.exe] => (Block) C:\program files\3d-coat-v4\3d-coatgl64s.exe
FirewallRules: [UDP Query User{576B7E90-6DED-404C-9361-6CB9EDA728ED}C:\program files\3d-coat-v4\3d-coatgl64s.exe] => (Block) C:\program files\3d-coat-v4\3d-coatgl64s.exe
FirewallRules: [TCP Query User{21936D85-4369-4E63-8F70-4A186089C00A}C:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{C53ED401-4DC2-478E-8365-36AE0F521912}C:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [{14F7E231-20FD-42EA-8575-D85E28296093}] => (Allow) C:\Users\XTECH\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7045FEF7-77A2-4A10-A6E5-8439AB3F5A3C}] => (Allow) C:\Users\XTECH\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F3AC654-AB36-47D7-ADAD-406600C11F83}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{2D0CBA67-3CDE-4DA2-AF14-0E74B270BD5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{CE78BA20-8D5D-40A7-AA68-1A10101DC181}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1AABBFE3-706F-4F8B-9173-E78057D47A0B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{86D56170-6C4B-4B8C-B466-F9DD03FC6F56}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{F225F558-03A3-418E-943C-B6D24A3040CA}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{1CAB033E-CAE2-4CA0-9F47-6E82E45BFAEC}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{54F83681-28CB-4A39-A9EA-96D53335EBD4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{343435F1-FB59-4DA8-828E-A7FA1AF42F7A}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{8C58763B-C7CB-45D6-8041-5BD2A182E9FB}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{5A42126B-FA84-4589-BAF2-C57556634DCF}C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{BFD11CBA-121B-49C6-AD82-577153A9868A}C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{6B606717-AA05-430F-ACBE-C7E1DB169541}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{95AE0BB2-E12D-4019-B350-A671EC74D9B2}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{2437BC5A-40B1-4E47-812B-F3E4402BD044}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{6F3B0684-E3F9-4E6D-87D1-2C52B27DA501}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{CA0DC17D-5B9B-4127-8B2E-EC2A9420B52E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{7F36C63E-B92E-4E41-AE86-02B34AA99995}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{3D7B90D0-4E04-439C-8530-20F0674D579A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{14A64C43-5700-4B2A-909C-A48DEFE27FCD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{7849225C-5EE3-4DC9-A8A5-E0EA44EE3C5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Faeria\Faeria.exe
FirewallRules: [{3EE3B4D5-B7E3-4CCD-8E1E-50141FE51C70}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Faeria\Faeria.exe
FirewallRules: [{80EFCD01-AB26-425B-B863-0EE90C75110E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{968890E0-8627-4944-B28F-FFEFD8811ABB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{C296C0FE-29E3-4097-9865-6AE867BDBC16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{12251A6B-80EE-457C-9078-C17493069712}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{9A6940D9-017C-444C-80E0-69AD8FD6683D}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{704B8C33-5037-44D2-B344-D94701BDE632}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{D62EE8EA-08FC-4A4A-8F55-F71069E3A7E9}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{53CB5AD9-23BF-49AA-A37A-4C637A7C3C69}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{367CB140-83D5-476A-979C-FEFB5CA09038}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FCB60909-0C55-4449-96D8-75E615170B5A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{5DDE800C-D3A4-4079-AA5E-3556F1CC9966}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A1405CE8-4311-46E2-801F-120F5C5F8949}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C208E5F-9F3B-4006-9D22-162D5ED07710}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{E7D97C2F-0CCC-491E-BEC7-2D9EEB57DC7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{6C2ECA15-2963-4CC2-AE32-DFC9CCC896B7}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{08041888-AC38-4A0B-B824-22934FFB5C37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{084BE94E-6AE8-4709-A1CA-5C823C531FDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{9F40F234-696F-473E-B7FC-71DCAA2DBB51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{83D92099-28B2-411C-9A3D-D6DD73F349C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{978AE027-7957-41A0-8891-F3A14E14D855}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{1BD1532C-D460-4ECB-B8E2-73DC6F86910A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9CD00826-8DA7-43AF-BDD7-1947AD4E508D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D58DB74E-5C52-48F8-9596-A25D523B15A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules:
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/11/2017 01:09:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Photoshop.exe, versión: 13.0.0.0, marca de tiempo: 0x4f61beba
Nombre del módulo con errores: WinTab32.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x529f56ff
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x7254bf50
Id. del proceso con errores: 0x1ad0
Hora de inicio de la aplicación con errores: 0x01d2e270b5550890
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe
Ruta de acceso del módulo con errores: WinTab32.dll
Id. del informe: 13f04b8b-4e64-11e7-851b-bc5ff4333f3d
 
Error: (06/10/2017 02:54:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
 
Error: (06/10/2017 02:52:56 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CAgentState::ResetBIOS   Reset SASD failed, error=0
 
Error: (06/10/2017 02:52:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El sistema no puede encontrar el archivo especificado.
 
Error: (06/10/2017 02:52:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El sistema no puede encontrar el archivo especificado.
 
Error: (06/09/2017 01:01:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El sistema no puede encontrar el archivo especificado.
 
Error: (06/09/2017 01:01:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El sistema no puede encontrar el archivo especificado.
 
Error: (06/09/2017 01:01:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
 
Error: (06/09/2017 12:59:46 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CAgentState::ResetBIOS   Reset SASD failed, error=0
 
Error: (06/08/2017 09:34:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows no puede cargar el archivo de Registro de clases.
 DETALLE: El sistema no puede encontrar el archivo especificado.
 
 
System errors:
=============
Error: (06/11/2017 01:10:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/10/2017 09:09:22 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.
 
Error: (06/10/2017 05:32:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/10/2017 03:35:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/10/2017 02:52:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio HWDeviceService64.exe no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.
 
Error: (06/10/2017 02:52:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.
 
Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126
 
Error: (06/10/2017 09:19:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/09/2017 06:13:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/09/2017 06:03:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/09/2017 05:53:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-23 19:27:21.423
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\mbr.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2017-05-23 19:27:21.347
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\mbr.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
o al siguiente error: 
El sistema no puede encontrar el archivo especificado.
 
Error: (06/10/2017 02:52:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.
 
Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126
 
Error: (06/10/2017 09:19:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/09/2017 06:13:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/09/2017 06:03:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
Error: (06/09/2017 05:53:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio xspirit no pudo iniciarse debido al siguiente error: 
No se encontró el proceso especificado.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 40%
Total physical RAM: 3799.21 MB
Available physical RAM: 2241.86 MB
Total Virtual: 7596.6 MB
Available Virtual: 5305.71 MB
 
==================== Drives ================================
 
Drive c: (Disco local) (Fixed) (Total:465.66 GB) (Free:130.43 GB) NTFS
Drive d: (Tablet_CD) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS
Drive f: (20100624_122047) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5A91042F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 40%
Total physical RAM: 3799.21 MB
Available physical RAM: 2246.2 MB
Total Virtual: 7596.6 MB
Available Virtual: 5313.54 MB
 
==================== Drives ================================
 
Drive c: (Disco local) (Fixed) (Total:465.66 GB) (Free:130.43 GB) NTFS
Drive d: (Tablet_CD) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS
Drive f: (20100624_122047) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5A91042F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:58 PM

Posted 11 June 2017 - 04:39 AM

NoMansSky:

 

Thank you for your FRST logs.  They are still in Spanish.  Did you rename "FRST64.exe" to FRST64English.exe, as I requested?

 

There are some anomalies in your FRST logs.  I will take a pass through them today and get back to you, probably this afternoon.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:58 PM

Posted 11 June 2017 - 06:13 AM

NoMansSky:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: In going over your logs I noticed that you have µTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.


:step2: Something might be interfering with FRST.
 
Please download Rkill by Grinler from one of the 3 links below (if one of them does not work, try another...) and save it to your desktop:

  • rkill.scr
  • rkill.com
  • rkill.exe
  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista or above, please right-click on it and select Run As Administrator.)
  • Note: You may have to run Rkill a few times before it is successful. As a reminder, you may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (the file is also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

.


:step3: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000 -> {B1B85507-7ACA-4AA1-83DF-3FE64C863FA6} URL = hxxps://ve.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
U1 aswbdisk; no ImagePath
U3 iswSvc; no ImagePath
2016-11-20 00:50 - 2016-11-20 00:50 - 0000046 _____ () C:\Users\XTECH\AppData\Roaming\WB.CFG
2016-06-29 07:42 - 2016-06-29 07:42 - 0000148 _____ () C:\Users\XTECH\AppData\Local\DisableService.reg
2016-06-29 07:42 - 2016-06-29 07:42 - 0052704 _____ () C:\Users\XTECH\AppData\Local\regall.reg
2016-06-29 07:42 - 2016-06-29 07:42 - 0001012 _____ () C:\Users\XTECH\AppData\Local\service.inf
2016-06-29 07:42 - 2016-06-29 07:42 - 0033019 _____ () C:\Users\XTECH\AppData\Local\slerror.xml
2016-06-29 07:42 - 2016-06-29 07:42 - 2945485 _____ () C:\Users\XTECH\AppData\Local\tokensall.dat
File: C:\ProgramData\rznaopga.sea
Task: {08C82C50-CCD1-4828-9532-6F153C553A3C} - \SafeZone scheduled Autoupdate 1487339738 -> No File <==== ATTENTION
Task: {3C24544B-CFF5-4B8F-95B8-123028C8C29D} - \{477B883D-6B6A-4313-AFF9-0CDDFEA4755D} -> No File <==== ATTENTION
Task: {67607B88-A673-44C8-86F8-09E828BC9B0B} - \SafeZone scheduled Autoupdate 1483851649 -> No File <==== ATTENTION
Task: {69F2C2E3-67E9-4017-80C5-53AF4C57219D} - \{923203DE-C1CB-4A21-8372-3797BF8501D7} -> No File <==== ATTENTION
Task: {8DCA6C17-79AB-4F04-A427-ACF4CFFC3EB9} - \{24EF0A60-8584-4444-88AA-99721E0A20DD} -> No File <==== ATTENTION
Task: {94DA3493-8029-494F-83B3-4370BBF85374} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION
Task: {9BA9B2A1-1C6E-4A65-BC4B-79B07611145C} - \{AA144057-932B-454A-876B-32124E725539} -> No File <==== ATTENTION
Task: {A44BC645-1275-474C-805E-3A2B86E107D0} - \{26020CD9-86B3-486E-AE55-5CC6E832F430} -> No File <==== ATTENTION
Task: {A93424AA-8E20-4791-9F8B-2770DEFAF3B4} - \AVG EUpdate Task -> No File <==== ATTENTION
Task: {AB009214-35CF-4B30-990E-9A024EB41164} - \{0A7CC92E-6616-4E39-9397-7915DB92F997} -> No File <==== ATTENTION
Task: {B4787CA1-8868-42C9-A2F3-E7509060820F} - \{1713EFA4-3D28-4049-89FA-A924470D4A51} -> No File <==== ATTENTION
Task: {BC4AC670-7E4E-4CCA-B449-84BC4FFC40C7} - \{60694184-C1CB-426D-BFAA-F300F21D1483} -> No File <==== ATTENTION
Task: {C86B011A-D6CD-4B90-BD35-1D72DB737963} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {DCB615E9-004C-4161-AEC2-7E8AE802E9F0} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {FA6FAEA2-CE54-4DA2-92C8-4402EF16CAAB} - \{04CA712C-9414-4FBD-BCE2-0DD7519B6679} -> No File <==== ATTENTION
File: C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\EMMSN.exe
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.


:step4: If your computer reboots, please run RKill again. Please copy and paste the contents of the second RKill log into a reply.

Then please run another set of fresh FRST logs by right-clicking FRST64English.exe and selecting "Run as Administrator."

Please copy and paste the resulting FRST logs into your next reply, or replies.

.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:58 PM

Posted 14 June 2017 - 04:25 AM

NoMansSky:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#15 NoMansSky

NoMansSky
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 14 June 2017 - 04:51 AM

Yes i do, sorry , here i am.

 

i mean, by now ,because i have to go xd , but here are the logs , i ran the fix and no matter what i do rkill does not work, it says there's missing a enviroment variable: appdata.Rkill terminated.


Fix result of Farbar Recovery Scan Tool (x64) Version: 12-06-2017
Ran by XTECH (14-06-2017 04:17:50) Run:1
Running from C:\Users\XTECH\Downloads
Loaded Profiles: XTECH (Available Profiles: XTECH)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1179365018-2919913279-3888768026-1000 -> {B1B85507-7ACA-4AA1-83DF-3FE64C863FA6} URL = hxxps://ve.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
U1 aswbdisk; no ImagePath
U3 iswSvc; no ImagePath
2016-11-20 00:50 - 2016-11-20 00:50 - 0000046 _____ () C:\Users\XTECH\AppData\Roaming\WB.CFG
2016-06-29 07:42 - 2016-06-29 07:42 - 0000148 _____ () C:\Users\XTECH\AppData\Local\DisableService.reg
2016-06-29 07:42 - 2016-06-29 07:42 - 0052704 _____ () C:\Users\XTECH\AppData\Local\regall.reg
2016-06-29 07:42 - 2016-06-29 07:42 - 0001012 _____ () C:\Users\XTECH\AppData\Local\service.inf
2016-06-29 07:42 - 2016-06-29 07:42 - 0033019 _____ () C:\Users\XTECH\AppData\Local\slerror.xml
2016-06-29 07:42 - 2016-06-29 07:42 - 2945485 _____ () C:\Users\XTECH\AppData\Local\tokensall.dat
File: C:\ProgramData\rznaopga.sea
Task: {08C82C50-CCD1-4828-9532-6F153C553A3C} - \SafeZone scheduled Autoupdate 1487339738 -> No File <==== ATTENTION
Task: {3C24544B-CFF5-4B8F-95B8-123028C8C29D} - \{477B883D-6B6A-4313-AFF9-0CDDFEA4755D} -> No File <==== ATTENTION
Task: {67607B88-A673-44C8-86F8-09E828BC9B0B} - \SafeZone scheduled Autoupdate 1483851649 -> No File <==== ATTENTION
Task: {69F2C2E3-67E9-4017-80C5-53AF4C57219D} - \{923203DE-C1CB-4A21-8372-3797BF8501D7} -> No File <==== ATTENTION
Task: {8DCA6C17-79AB-4F04-A427-ACF4CFFC3EB9} - \{24EF0A60-8584-4444-88AA-99721E0A20DD} -> No File <==== ATTENTION
Task: {94DA3493-8029-494F-83B3-4370BBF85374} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION
Task: {9BA9B2A1-1C6E-4A65-BC4B-79B07611145C} - \{AA144057-932B-454A-876B-32124E725539} -> No File <==== ATTENTION
Task: {A44BC645-1275-474C-805E-3A2B86E107D0} - \{26020CD9-86B3-486E-AE55-5CC6E832F430} -> No File <==== ATTENTION
Task: {A93424AA-8E20-4791-9F8B-2770DEFAF3B4} - \AVG EUpdate Task -> No File <==== ATTENTION
Task: {AB009214-35CF-4B30-990E-9A024EB41164} - \{0A7CC92E-6616-4E39-9397-7915DB92F997} -> No File <==== ATTENTION
Task: {B4787CA1-8868-42C9-A2F3-E7509060820F} - \{1713EFA4-3D28-4049-89FA-A924470D4A51} -> No File <==== ATTENTION
Task: {BC4AC670-7E4E-4CCA-B449-84BC4FFC40C7} - \{60694184-C1CB-426D-BFAA-F300F21D1483} -> No File <==== ATTENTION
Task: {C86B011A-D6CD-4B90-BD35-1D72DB737963} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {DCB615E9-004C-4161-AEC2-7E8AE802E9F0} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {FA6FAEA2-CE54-4DA2-92C8-4402EF16CAAB} - \{04CA712C-9414-4FBD-BCE2-0DD7519B6679} -> No File <==== ATTENTION
File: C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\EMMSN.exe
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-1179365018-2919913279-3888768026-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B1B85507-7ACA-4AA1-83DF-3FE64C863FA6} => key removed successfully
HKLM\Software\Classes\CLSID\{B1B85507-7ACA-4AA1-83DF-3FE64C863FA6} => key not found. 
HKLM\System\CurrentControlSet\Services\HWDeviceService64.exe => key removed successfully
HWDeviceService64.exe => service removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => key removed successfully
aswbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\iswSvc => key removed successfully
iswSvc => service removed successfully
C:\Users\XTECH\AppData\Roaming\WB.CFG => moved successfully
C:\Users\XTECH\AppData\Local\DisableService.reg => moved successfully
C:\Users\XTECH\AppData\Local\regall.reg => moved successfully
C:\Users\XTECH\AppData\Local\service.inf => moved successfully
C:\Users\XTECH\AppData\Local\slerror.xml => moved successfully
C:\Users\XTECH\AppData\Local\tokensall.dat => moved successfully
 
========================= File: C:\ProgramData\rznaopga.sea ========================
 
File not signed
MD5: B585CA916EB0EFD820D3040B98A803FE
Creation and modification date: 2014-03-07 12:28 - 2014-03-07 12:28
Size: 0004919
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{08C82C50-CCD1-4828-9532-6F153C553A3C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08C82C50-CCD1-4828-9532-6F153C553A3C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SafeZone scheduled Autoupdate 1487339738 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C24544B-CFF5-4B8F-95B8-123028C8C29D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C24544B-CFF5-4B8F-95B8-123028C8C29D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{477B883D-6B6A-4313-AFF9-0CDDFEA4755D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{67607B88-A673-44C8-86F8-09E828BC9B0B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67607B88-A673-44C8-86F8-09E828BC9B0B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SafeZone scheduled Autoupdate 1483851649 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69F2C2E3-67E9-4017-80C5-53AF4C57219D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69F2C2E3-67E9-4017-80C5-53AF4C57219D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{923203DE-C1CB-4A21-8372-3797BF8501D7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DCA6C17-79AB-4F04-A427-ACF4CFFC3EB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DCA6C17-79AB-4F04-A427-ACF4CFFC3EB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{24EF0A60-8584-4444-88AA-99721E0A20DD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94DA3493-8029-494F-83B3-4370BBF85374} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94DA3493-8029-494F-83B3-4370BBF85374} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BA9B2A1-1C6E-4A65-BC4B-79B07611145C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BA9B2A1-1C6E-4A65-BC4B-79B07611145C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AA144057-932B-454A-876B-32124E725539} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A44BC645-1275-474C-805E-3A2B86E107D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A44BC645-1275-474C-805E-3A2B86E107D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{26020CD9-86B3-486E-AE55-5CC6E832F430} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A93424AA-8E20-4791-9F8B-2770DEFAF3B4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A93424AA-8E20-4791-9F8B-2770DEFAF3B4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG EUpdate Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB009214-35CF-4B30-990E-9A024EB41164} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB009214-35CF-4B30-990E-9A024EB41164} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A7CC92E-6616-4E39-9397-7915DB92F997} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4787CA1-8868-42C9-A2F3-E7509060820F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4787CA1-8868-42C9-A2F3-E7509060820F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1713EFA4-3D28-4049-89FA-A924470D4A51} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC4AC670-7E4E-4CCA-B449-84BC4FFC40C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC4AC670-7E4E-4CCA-B449-84BC4FFC40C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{60694184-C1CB-426D-BFAA-F300F21D1483} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C86B011A-D6CD-4B90-BD35-1D72DB737963} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C86B011A-D6CD-4B90-BD35-1D72DB737963} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCB615E9-004C-4161-AEC2-7E8AE802E9F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCB615E9-004C-4161-AEC2-7E8AE802E9F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA6FAEA2-CE54-4DA2-92C8-4402EF16CAAB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA6FAEA2-CE54-4DA2-92C8-4402EF16CAAB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{04CA712C-9414-4FBD-BCE2-0DD7519B6679} => key removed successfully
 
========================= File: C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\EMMSN.exe ========================
 
"C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\EMMSN.exe" => not found.
====== End of File: ======
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7965677 B
Java, Flash, Steam htmlcache => 36362011 B
Windows/system/drivers => 1732990678 B
Edge => 0 B
Chrome => 4884480 B
Firefox => 5016146 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 85146 B
systemprofile32 => 4774606 B
LocalService => 66228 B
NetworkService => 0 B
XTECH => 16638372 B
 
RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 04:22:09 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users