Премини към съдържанието

Препоръчан отговор


Здравейте,

вчера сканирах с mbam и откри някактв bitcoin miner. Уж се изтри, ама знам ли... Без антивирусна съм и може нещо да се е лепнало. Пазя се, ама то вече и торент тракерите не са безопастни...

 

Здравейте..! Ами време е да се замислите за по сериозна защита на системата си..Иначе ще сте често в нашия подраздел.

 

 

Деинсталирайте  по стандартния начин  следните програми:

 

Download Updater (AOL Inc.) (HKLM-x32...SoftwareUpdUtility) (Version:  - AOL Inc.)

Остатъците от Panda Cloud Antivirus

 

 

Публикувано изображение Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt

Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Тоя ъпдейтър го махнах, ама пандата не. Аз уж я деинсталирах със IObit Uninstaller и махнах каквото е останало...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-03-2014Ran by PC at 2014-03-03 21:07:50 Run:1Running from C:UsersPCDesktopBoot Mode: Normal==============================================Content of fixlist:*****************startC:ProgramDatahash.datC:UsersPCAppDataLocalTemp5e506dd108b185cf7114235dfabdfb41.dllC:UsersPCAppDataLocalTempBRSVC_1051204578_hlp.exeC:UsersPCAppDataLocalTempExPromo.exeC:UsersPCAppDataLocalTempriftuninstall.exeC:UsersPCAppDataLocalTemputt5C61.tmp.exeAlternateDataStreams: C:ProgramDataTEMP:A1EDB939end*****************C:ProgramDatahash.dat => Moved successfully.C:UsersPCAppDataLocalTemp5e506dd108b185cf7114235dfabdfb41.dll => Moved successfully.C:UsersPCAppDataLocalTempBRSVC_1051204578_hlp.exe => Moved successfully.C:UsersPCAppDataLocalTempExPromo.exe => Moved successfully.C:UsersPCAppDataLocalTempriftuninstall.exe => Moved successfully.C:UsersPCAppDataLocalTemputt5C61.tmp.exe => Moved successfully.C:ProgramDataTEMP => ":A1EDB939" ADS removed successfully.==== End of Fixlog ====

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

R1 NNSALPC; C:WindowsSystem32DRIVERSNNSAlpc.sys [98560 2014-02-14] (Panda Security, S.L.)

R1 NNSHTTP; C:WindowsSystem32DRIVERSNNSHttp.sys [164096 2014-02-14] (Panda Security, S.L.)

R1 NNSHTTPS; C:WindowsSystem32DRIVERSNNSHttps.sys [113408 2014-02-14] (Panda Security, S.L.)

R1 NNSIDS; C:WindowsSystem32DRIVERSNNSIds.sys [116992 2014-02-14] (Panda Security, S.L.)

R1 NNSNAHSL; C:WindowsSystem32DRIVERSNNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)

R1 NNSPICC; C:WindowsSystem32DRIVERSNNSPicc.sys [97536 2014-02-14] (Panda Security, S.L.)

R1 NNSPIHSW; C:WindowsSystem32DRIVERSNNSPihsw.sys [71424 2014-02-14] (Panda Security, S.L.)

R1 NNSPOP3; C:WindowsSystem32DRIVERSNNSPop3.sys [128256 2014-02-14] (Panda Security, S.L.)

R1 NNSPROT; C:WindowsSystem32DRIVERSNNSProt.sys [308992 2014-02-14] (Panda Security, S.L.)

R1 NNSPRV; C:WindowsSystem32DRIVERSNNSPrv.sys [171776 2014-02-14] (Panda Security, S.L.)

R1 NNSSMTP; C:WindowsSystem32DRIVERSNNSSmtp.sys [118016 2014-02-14] (Panda Security, S.L.)

R1 NNSSTRM; C:WindowsSystem32DRIVERSNNSStrm.sys [261888 2014-02-14] (Panda Security, S.L.)

R1 NNSTLSC; C:WindowsSystem32DRIVERSNNSTlsc.sys [110848 2014-02-14] (Panda Security, S.L.)

 

 

Висят драйвери на Panda Security затова ви писах.....! :)

Използвайте този инструмент: CloudAV Uninstaller  . Не забравяйте след приключване на работата на инструмента да рестартирате компютъра си.

 

Да направим и контролни сканирания:

 

СТЪПКА 1:

Публикувано изображениеМоля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

[*]Затворете всички стартирани програми и браузъри

[*]Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.

[*]Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.

[*]Маркирайте Clean

[*]Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.

[*]Моля, да публикувате съдържанието на този лог в отговора си

[*]Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

Публикувано изображение

 

СТЪПКА 2:

Публикувано изображение Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

[*]Спрете временно работата на защитните програми.

[*]Стартирайте инструмента JRT.exe

[*]Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.

[*]Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.

[*]Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).

[*]Моля копирайте съдържанието на лог файла в следващия си пост.

Публикувано изображение

 

 

СТЪПКА 3:

 

1.Изтеглете Hitman Pro.

[*]За 32-битова система - Публикувано изображение.

[*]За 64-битова система - Публикувано изображение

2.Стартирайте програмата.

3.След като сте стартирали програмата като кликнете върху иконата Публикувано изображение и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.

Забележка: Ако няма падащо меню, където да изберете ignore както на снимката

:

Публикувано изображение

...тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:ProgramdataHitmanProLogs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

 

 

СТЪПКА 4:

 

Публикувано изображение Изтеглете Security Check (автор: screen317) от тук

[*]Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.

[*]Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.

[*]Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

А нещо трябва ли да правя за тези драйвъри?

 

Ами аз съм ви писал с кой инструмент да ги премахнете..CloudAV Uninstaller

 

 

Публикувано изображениеИзтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt

Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

След това моля архивирайте папката C:FRSTQuarantine и качете архива на следния адрес => http://file.bg/ и публикувайте линк за теглене в следващия си коментар...След това изтрийте архива, но не трийте папката...нея ще я изтрием по-специален начин.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

modedit: Линка е премахнат с цел безопасност от заразяване със зловреден софтуер.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014
Ran by PC at 2014-03-05 18:19:38 Run:2
Running from C:UsersPCDesktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:ProgramDataInstallMate{58495167-45C9-45C1-A72A-0DEB83AA7391}Custom.dll
C:UsersPCDesktop64bit
C:UsersPCDesktopcgminer-3.7.2-windows
C:UsersPCDesktopjhProtominer
C:UsersPCDropboxPublicserver.exe
end
*****************

C:ProgramDataInstallMate{58495167-45C9-45C1-A72A-0DEB83AA7391}Custom.dll => Moved successfully.
C:UsersPCDesktop64bit => Moved successfully.
C:UsersPCDesktopcgminer-3.7.2-windows => Moved successfully.
C:UsersPCDesktopjhProtominer => Moved successfully.
C:UsersPCDropboxPublicserver.exe => Moved successfully.

==== End of Fixlog ====

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..! Наблюдавате ли някакви проблеми от зловреден характер по системата ви..? Някакви нередности..?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Вече не. А и мисля, че след извършените процедури даже има подобрение за което искам да Ви благодаря!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прекрасно..! :) За да премахнем използваните от нас инструменти направете следното:

Изтеглете следния файл и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи публикувайте лог файла - fixlog.txt, който ще се създаде след работата. Той трябва да изтрие карантинната папка на инструмента разположена в C:FRSTQuarantine.

Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools и след това натиснете бутона Run
Инструмента ще се самоизтрие след като приключи своята задача!

Ако има инструменти, папки или логове от използваните от нас неща и те не са се изтрили при горе-споменатите процедури, ги изтрийте ръчно.
 
Препоръчвам програмата Malwarebytes' Anti-Malware да остане на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..! Хубаво е да помислите за антивирусна защита,като подържате антивирусната си програма и ако използвате друг antispyware софтуер с актуални ъпдейти и сканирайте с тях редовно.
 
Стартирайте PatchMyPC и инсталирайте всички ъпдейти и обновления  които инструмента ви предложи.

Ако нямате повече въпроси и проблеми, ще маркирам случая като РЕШЕН.Пожелавам лека вечер и безопасен интернет..!

Поздрави! :)

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Още веднъж благодаря! Лека вечер!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014Ran by PC at 2014-03-05 19:57:39 Run:3Running from C:UsersPCDesktopBoot Mode: Normal==============================================Content of fixlist:*****************startDeleteQuarantine:end*****************C:FRSTQuarantine => Removed successfully.==== End of Fixlog ====

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от Rada Beliata
      Здравейте, 
      Все още не съм успяла да си купя нов комп. С мъж-о ползваме неговия, преди няколко дена като пътувахме и ползвахме различен доставчик чрез телефон за връзка с мобилен  интернет изведнъж при отваряне на ИЕ (IE) вместо гугъл се появи Vivakom . Не можах по никакъв начин да го махна. Сега пи всеки опит да отворя Интернет Експлоер ми се появява страница на Виваком( не ползваме този доставчик на услуги нито като телефони , нито като домашен Интернет) . Нямам и идея от къде се настани и защо не успявам да го махна. Изтеглих  instrumenta Malwаrebytes , нищо не показа, после изтеглих и AdwCleaner , но и след тези ми действия това нахално "нещо" стои . Явно аз не съм в час какво трябва да направя. Моля за помощта ви и предварително благодаря!
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018
      Ran by User (administrator) on USER-PC (28-09-2018 22:57:32)
      Running from C:\Users\User\Downloads
      Loaded Profiles: User (Available Profiles: User)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      (AMD) C:\Windows\System32\atiesrxx.exe
      (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
      (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (VoipConnect) C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe
      (Viber Media S.à r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe
      () C:\ProgramData\MobileBrServ\mbbService.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
      (Microsoft Corporation) C:\Windows\System32\mspaint.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
      HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-12-05] (IDT, Inc.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2795248 2013-10-25] (Synaptics Incorporated)
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-18] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
      HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-11-01] (IVT Corporation)
      Winlogon\Notify\igfxcui: igfxdev.dll [X]
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [*LABAL*] => [X]
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [36547168 2016-05-14] (VoipConnect)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [35790408 2018-09-17] (Viber Media S.à r.l.)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [50100160 2018-03-02] (Skype Technologies S.A.)
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4F635613-A958-44D2-ABE6-D3CC1A3DABC3}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{7019DF92-BFEA-4C0F-A4AA-C467798353EB}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
      HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://online.bulbank.bg/capicom.cab
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
      FireFox:
      ========
      FF DefaultProfile: aewkzmml.default
      FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\aewkzmml.default [2018-03-10]
      FF NetworkProxy: Mozilla\Firefox\Profiles\aewkzmml.default -> autoconfig_url", "hxxp://aiidatapro.net/proxy2.js"
      FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-14] ()
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-14] ()
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR HomePage: Default -> msn.com
      CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
      CHR DefaultSearchKeyword: Default -> bing.com
      CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-09-28]
      CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
      CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
      CHR Extension: (Skype Calling) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-09-06]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
      CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
      CHR Extension: (Bing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-09-28]
      CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
      CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-19]
      CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-03]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]
      CHR HKU\S-1-5-21-3914007145-2479916420-1064401623-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
      R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1706744 2013-11-01] (IVT Corporation)
      R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-11-01] (IVT Corporation)
      R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
      R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
      S2 JWC; C:\Jeppesen\JWC\JWC.exe [658016 2014-10-06] (Jeppesen)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
      R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
      R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
      R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-12-05] (IDT, Inc.) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
      S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [33968 2012-12-19] (IVT Corporation)
      S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [33968 2012-12-19] (IVT Corporation)
      R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
      R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
      R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
      R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-25] (Disc Soft Ltd)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-09-27] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-09-28] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-09-28] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-09-28] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-09-28] (Malwarebytes)
      R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
      R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
      R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
      R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
      R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
      S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [444632 2013-09-26] (Realsil Semiconductor Corporation)
      R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
      S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
      S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
      S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
      S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
      S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
      S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
      S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
      S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
      S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-28 22:57 - 2018-09-28 22:59 - 000019536 _____ C:\Users\User\Downloads\FRST.txt
      2018-09-28 22:57 - 2018-09-28 22:57 - 000000000 ____D C:\FRST
      2018-09-28 22:56 - 2018-09-28 22:56 - 002414080 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
      2018-09-28 22:38 - 2018-09-28 22:38 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-09-28 22:38 - 2018-09-28 22:38 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-09-28 22:38 - 2018-09-28 22:38 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-09-28 22:35 - 2018-09-28 22:35 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-09-28 22:27 - 2018-09-28 22:29 - 000000000 ____D C:\AdwCleaner
      2018-09-28 22:27 - 2018-09-28 22:27 - 007592144 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_7.2.4.0.exe
      2018-09-27 23:44 - 2018-09-27 23:44 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-09-27 23:44 - 2018-09-27 23:44 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
      2018-09-27 23:44 - 2018-09-27 23:44 - 000000000 ____D C:\Users\User\AppData\Local\mbam
      2018-09-27 23:43 - 2018-09-27 23:43 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-09-27 23:43 - 2018-09-27 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-09-27 23:43 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
      2018-09-27 23:42 - 2018-09-27 23:43 - 080334792 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.6985.exe
      2018-09-27 17:21 - 2018-09-27 17:21 - 000515494 _____ C:\Users\User\Downloads\20180621_BEG_Vacation Regulation for BEG FCM & CCM.pdf
      2018-09-27 11:00 - 2018-09-27 11:01 - 000656891 _____ C:\Users\User\Documents\viewtickets.pdf
      2018-09-26 13:36 - 2018-09-26 13:37 - 000000000 ____D C:\Users\User\AppData\Local\Viber
      2018-09-16 10:51 - 2018-09-16 10:51 - 000022032 _____ C:\Users\User\Desktop\molba-za-napuskane-na-rabota-na-osnovanie-chl325-t1-ot-kt.pdf
      2018-09-14 22:21 - 2018-09-14 22:21 - 000018446 _____ C:\Users\User\Downloads\Новата такса + нов фонд ремонт.xlsx
      2018-09-14 22:19 - 2018-09-14 22:19 - 000018453 _____ C:\Users\User\Downloads\Новата такса.xlsx
      2018-09-12 18:35 - 2018-08-31 18:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
      2018-09-12 18:35 - 2018-08-31 18:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2018-09-12 18:35 - 2018-08-30 04:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
      2018-09-12 18:35 - 2018-08-30 04:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-09-12 18:35 - 2018-08-28 08:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
      2018-09-12 18:35 - 2018-08-24 22:47 - 000398424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-09-12 18:35 - 2018-08-24 21:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2018-09-12 18:35 - 2018-08-24 02:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-09-12 18:35 - 2018-08-24 01:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-09-12 18:35 - 2018-08-24 01:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-09-12 18:35 - 2018-08-24 01:45 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-09-12 18:35 - 2018-08-24 01:44 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-09-12 18:35 - 2018-08-24 01:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-09-12 18:35 - 2018-08-24 01:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-09-12 18:35 - 2018-08-24 01:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-09-12 18:35 - 2018-08-24 01:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-09-12 18:35 - 2018-08-24 01:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-09-12 18:35 - 2018-08-24 01:34 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-09-12 18:35 - 2018-08-24 01:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-09-12 18:35 - 2018-08-24 01:33 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-09-12 18:35 - 2018-08-24 01:27 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-09-12 18:35 - 2018-08-24 01:24 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-09-12 18:35 - 2018-08-24 01:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-09-12 18:35 - 2018-08-24 01:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-09-12 18:35 - 2018-08-24 01:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-09-12 18:35 - 2018-08-24 01:15 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-09-12 18:35 - 2018-08-24 01:15 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-09-12 18:35 - 2018-08-24 01:13 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-09-12 18:35 - 2018-08-24 01:12 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-09-12 18:35 - 2018-08-24 01:03 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-09-12 18:35 - 2018-08-24 01:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-09-12 18:35 - 2018-08-24 01:01 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-09-12 18:35 - 2018-08-24 01:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-09-12 18:35 - 2018-08-24 00:59 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-09-12 18:35 - 2018-08-24 00:59 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-09-12 18:35 - 2018-08-24 00:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-09-12 18:35 - 2018-08-24 00:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-09-12 18:35 - 2018-08-24 00:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-09-12 18:35 - 2018-08-24 00:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2018-09-12 18:35 - 2018-08-24 00:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2018-09-12 18:35 - 2018-08-24 00:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2018-09-12 18:35 - 2018-08-24 00:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2018-09-12 18:35 - 2018-08-24 00:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2018-09-12 18:35 - 2018-08-24 00:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2018-09-12 18:35 - 2018-08-24 00:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2018-09-12 18:35 - 2018-08-24 00:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2018-09-12 18:35 - 2018-08-24 00:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2018-09-12 18:35 - 2018-08-24 00:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2018-09-12 18:35 - 2018-08-24 00:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2018-09-12 18:35 - 2018-08-24 00:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2018-09-12 18:35 - 2018-08-24 00:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2018-09-12 18:35 - 2018-08-23 23:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2018-09-12 18:35 - 2018-08-23 23:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2018-09-12 18:35 - 2018-08-23 23:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2018-09-12 18:35 - 2018-08-23 23:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2018-09-12 18:35 - 2018-08-23 23:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2018-09-12 18:35 - 2018-08-23 23:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2018-09-12 18:35 - 2018-08-23 23:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2018-09-12 18:35 - 2018-08-23 23:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2018-09-12 18:35 - 2018-08-23 23:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2018-09-12 18:35 - 2018-08-23 23:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2018-09-12 18:35 - 2018-08-23 23:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2018-09-12 18:35 - 2018-08-23 23:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2018-09-12 18:35 - 2018-08-23 23:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2018-09-12 18:35 - 2018-08-23 23:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2018-09-12 18:35 - 2018-08-23 23:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2018-09-12 18:35 - 2018-08-23 23:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 001888768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-09-12 18:35 - 2018-08-13 18:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
      2018-09-12 18:35 - 2018-08-13 18:53 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-09-12 18:35 - 2018-08-13 18:53 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
      2018-09-12 18:35 - 2018-08-13 18:41 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
      2018-09-12 18:35 - 2018-08-13 18:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
      2018-09-12 18:35 - 2018-08-12 23:32 - 000378464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-09-12 18:35 - 2018-08-12 23:31 - 001894496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-09-12 18:35 - 2018-08-12 23:31 - 000289376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-09-12 18:35 - 2018-08-12 23:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
      2018-09-12 18:35 - 2018-08-12 23:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
      2018-09-12 18:35 - 2018-08-10 18:59 - 005552816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-09-12 18:35 - 2018-08-10 18:59 - 000154800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-09-12 18:35 - 2018-08-10 18:58 - 000385120 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-09-12 18:35 - 2018-08-10 18:58 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-09-12 18:35 - 2018-08-10 18:58 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-09-12 18:35 - 2018-08-10 18:57 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
      2018-09-12 18:35 - 2018-08-10 18:57 - 000631624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
      2018-09-12 18:35 - 2018-08-10 18:56 - 001664296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-09-12 18:35 - 2018-08-10 18:55 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-09-12 18:35 - 2018-08-10 18:54 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
      2018-09-12 18:35 - 2018-08-10 18:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2018-09-12 18:35 - 2018-08-10 18:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
      2018-09-12 18:35 - 2018-08-10 18:42 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
      2018-09-12 18:35 - 2018-08-10 18:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
      2018-09-12 18:35 - 2018-08-10 18:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
      2018-09-12 18:35 - 2018-08-10 18:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-09-12 18:35 - 2018-08-10 18:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-09-12 18:35 - 2018-08-10 18:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-09-12 18:35 - 2018-08-10 18:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-09-12 18:35 - 2018-08-10 18:21 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-09-12 18:35 - 2018-08-10 18:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
      2018-09-12 18:35 - 2018-08-10 18:17 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-09-12 18:35 - 2018-08-10 18:17 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-09-12 18:35 - 2018-08-10 18:17 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-09-12 18:35 - 2018-08-10 18:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
      2018-09-12 18:35 - 2018-08-10 18:13 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-09-12 18:35 - 2018-08-10 18:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2018-09-12 18:35 - 2018-08-10 18:12 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-09-12 18:35 - 2018-08-10 18:12 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
      2018-09-12 18:35 - 2018-08-10 18:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
      2018-09-12 18:35 - 2018-08-10 18:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
      2018-09-12 18:35 - 2018-08-10 18:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
      2018-09-12 18:35 - 2018-08-10 18:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-12 18:35 - 2018-08-10 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
      2018-09-12 18:35 - 2018-07-29 18:55 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
      2018-09-12 18:35 - 2018-07-18 18:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
      2018-09-12 18:35 - 2018-06-27 16:20 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
      2018-09-12 18:35 - 2018-06-27 16:19 - 000419648 _____ C:\Windows\system32\locale.nls
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-28 22:44 - 2009-07-14 07:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-09-28 22:44 - 2009-07-14 07:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-09-28 22:35 - 2016-08-05 16:18 - 000003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
      2018-09-28 22:34 - 2013-11-20 10:44 - 000001077 _____ C:\Windows\SysWOW64\bscs.ini
      2018-09-28 22:32 - 2016-08-05 16:18 - 000000061 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
      2018-09-28 22:31 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-09-28 13:43 - 2016-08-05 16:20 - 000000713 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
      2018-09-28 12:07 - 2009-07-14 08:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-09-28 12:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2018-09-27 23:43 - 2014-12-09 01:10 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-09-27 23:33 - 2017-06-11 18:30 - 000000000 ____D C:\Users\User\Documents\ViberDownloads
      2018-09-27 10:07 - 2017-06-11 18:28 - 000000000 ____D C:\Users\User\AppData\Roaming\ViberPC
      2018-09-26 17:00 - 2016-08-05 16:22 - 000000680 _____ C:\Windows\SysWOW64\SHORTCUT.INI
      2018-09-26 13:44 - 2014-12-30 12:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2018-09-26 13:42 - 2017-03-06 15:12 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-09-19 18:08 - 2014-12-09 00:49 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-09-19 18:08 - 2014-12-09 00:49 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-09-16 10:47 - 2016-10-20 11:15 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-09-14 20:15 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
      2018-09-14 18:44 - 2018-03-13 14:57 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-09-14 18:44 - 2014-08-21 19:10 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-09-14 18:44 - 2014-08-21 19:10 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-09-14 18:44 - 2014-08-21 19:10 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-09-14 18:44 - 2014-08-21 19:10 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-09-14 18:44 - 2014-08-21 19:10 - 000000000 ____D C:\Windows\system32\Macromed
      2018-09-14 17:41 - 2014-08-18 17:35 - 000110008 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-09-14 17:38 - 2009-07-14 07:45 - 000410984 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-09-12 23:27 - 2014-08-18 19:28 - 000000000 ____D C:\Windows\system32\MRT
      2018-09-12 23:23 - 2014-08-18 19:28 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2018-09-12 23:20 - 2014-08-18 17:35 - 000767916 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2018-09-01 11:30 - 2018-03-31 21:36 - 000000000 ____D C:\Users\User\Desktop\Flying Book R.I
      ==================== Files in the root of some directories =======
      2016-05-14 21:19 - 2016-05-14 21:19 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
      2017-07-13 23:04 - 2017-07-13 23:04 - 000000000 _____ () C:\Users\User\AppData\Local\{08496EBD-3675-4FFD-9190-C60ED46C2602}
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-26 14:18
      ==================== End of FRST.txt ============================
       
      Addition.txt

    • от rvp
      здравейте,
       
      Проблема е че след рестарт или изключване процесът отива на 100% и трябва да го спирам ръчно. ето логовете:
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03
      Ran by kpacko (administrator) on KPACKO-MOBILEPC (07-09-2018 10:02:30)
      Running from C:\Users\kpacko\Desktop
      Loaded Profiles: kpacko (Available Profiles: kpacko)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
      () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
      (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
      (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
      (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
      () C:\Users\kpacko\AppData\Roaming\WinRAR\Precomp\precomp.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
      HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
      HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
      HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.)
      HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
      HKU\S-1-5-21-2772379611-2548023608-3356451699-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
      IFEO\LogTransport2.exe: [Debugger] 0
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows.vbs [2018-02-26] ()
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{EDC66EE9-FC63-456B-9263-6FA1362BFECA}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{F056F4A9-7DE8-4608-90FE-D6F4B68785AC}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2772379611-2548023608-3356451699-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed
      FireFox:
      ========
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      Chrome: 
      =======
      CHR NewTab: Default ->  Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
      CHR Session Restore: Default -> is enabled.
      CHR Profile: C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default [2018-09-07]
      CHR Extension: (Презентации) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Документи) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Диск) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-15]
      CHR Extension: (Auto Copy) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijpdibkloghppkbmhcklkogpjaenfkg [2018-01-11]
      CHR Extension: (YouTube) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-15]
      CHR Extension: (Forecastfox (fix version)) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljdehmejbffnfiiicckjhafabdepnd [2018-08-05]
      CHR Extension: (uBlock Origin) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-27]
      CHR Extension: (Таблици) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
      CHR Extension: (Google Документи офлайн) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
      CHR Extension: (Speed Dial 2 Нов раздел) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2018-03-28]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
      CHR Extension: (Gmail) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-15]
      CHR Extension: (Chrome Media Router) - C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-07]
      CHR Profile: C:\Users\kpacko\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-26]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
      R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
      S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-07-17] (Microsoft Corporation)
      R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation)
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
      R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [54192 2017-07-04] (CrystalIdea Software)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2017-09-16] (DT Soft Ltd)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-12-11] (Intel Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2018-03-16] (NVIDIA Corporation)
      U4 AdobeARMservice; no ImagePath
      U3 SwitchBoard; no ImagePath
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-07 10:02 - 2018-09-07 10:03 - 000009284 _____ C:\Users\kpacko\Desktop\FRST.txt
      2018-09-07 10:02 - 2018-09-07 10:02 - 000000000 ____D C:\FRST
      2018-09-07 10:01 - 2018-09-07 10:01 - 002413056 _____ (Farbar) C:\Users\kpacko\Desktop\FRST64.exe
      2018-09-06 22:25 - 2018-09-06 13:48 - 000083968 _____ C:\Users\kpacko\Desktop\Working_Schedule_01-10_Sep_Update_4.xls
      2018-09-04 00:43 - 2018-08-03 18:55 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
      2018-09-04 00:43 - 2018-08-02 06:18 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-09-04 00:43 - 2018-08-02 06:07 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-09-04 00:43 - 2018-08-02 06:02 - 001665320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
      2018-09-04 00:43 - 2018-08-02 05:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-09-04 00:43 - 2018-08-02 05:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
      2018-09-04 00:43 - 2018-08-02 05:45 - 003959984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
      2018-09-04 00:43 - 2018-08-02 05:43 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:42 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
      2018-09-04 00:43 - 2018-08-02 05:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:26 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-09-04 00:43 - 2018-08-02 05:26 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-09-04 00:43 - 2018-08-02 05:26 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-09-04 00:43 - 2018-08-02 05:25 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-09-04 00:43 - 2018-08-02 05:22 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-09-04 00:43 - 2018-08-02 05:21 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-09-04 00:43 - 2018-08-02 05:21 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-09-04 00:43 - 2018-08-02 05:17 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-09-04 00:43 - 2018-08-02 05:16 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
      2018-09-04 00:43 - 2018-08-02 05:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
      2018-09-04 00:43 - 2018-08-02 05:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
      2018-09-04 00:43 - 2018-08-02 05:11 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
      2018-09-04 00:43 - 2018-08-02 05:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
      2018-09-04 00:43 - 2018-08-02 05:10 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
      2018-09-04 00:43 - 2018-08-02 05:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
      2018-09-04 00:43 - 2018-07-20 02:53 - 000396936 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-09-04 00:43 - 2018-07-20 01:58 - 000350272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2018-09-04 00:43 - 2018-07-19 07:48 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-09-04 00:43 - 2018-07-19 07:47 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-09-04 00:43 - 2018-07-19 07:35 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-09-04 00:43 - 2018-07-19 07:34 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-09-04 00:43 - 2018-07-19 07:33 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-09-04 00:43 - 2018-07-19 07:33 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-09-04 00:43 - 2018-07-19 07:33 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-09-04 00:43 - 2018-07-19 07:32 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-09-04 00:43 - 2018-07-19 07:30 - 005778432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-09-04 00:43 - 2018-07-19 07:26 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-09-04 00:43 - 2018-07-19 07:25 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-09-04 00:43 - 2018-07-19 07:23 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-09-04 00:43 - 2018-07-19 07:22 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-09-04 00:43 - 2018-07-19 07:22 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-09-04 00:43 - 2018-07-19 07:21 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-09-04 00:43 - 2018-07-19 07:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2018-09-04 00:43 - 2018-07-19 07:14 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-09-04 00:43 - 2018-07-19 07:11 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-09-04 00:43 - 2018-07-19 07:05 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2018-09-04 00:43 - 2018-07-19 07:05 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-09-04 00:43 - 2018-07-19 07:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2018-09-04 00:43 - 2018-07-19 07:04 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-09-04 00:43 - 2018-07-19 07:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2018-09-04 00:43 - 2018-07-19 07:03 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-09-04 00:43 - 2018-07-19 07:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2018-09-04 00:43 - 2018-07-19 07:01 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2018-09-04 00:43 - 2018-07-19 07:00 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-09-04 00:43 - 2018-07-19 07:00 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-09-04 00:43 - 2018-07-19 06:58 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-09-04 00:43 - 2018-07-19 06:58 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2018-09-04 00:43 - 2018-07-19 06:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2018-09-04 00:43 - 2018-07-19 06:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2018-09-04 00:43 - 2018-07-19 06:56 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-09-04 00:43 - 2018-07-19 06:55 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2018-09-04 00:43 - 2018-07-19 06:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2018-09-04 00:43 - 2018-07-19 06:54 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2018-09-04 00:43 - 2018-07-19 06:47 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-09-04 00:43 - 2018-07-19 06:46 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-09-04 00:43 - 2018-07-19 06:46 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2018-09-04 00:43 - 2018-07-19 06:45 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-09-04 00:43 - 2018-07-19 06:45 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-09-04 00:43 - 2018-07-19 06:43 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-09-04 00:43 - 2018-07-19 06:43 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-09-04 00:43 - 2018-07-19 06:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2018-09-04 00:43 - 2018-07-19 06:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2018-09-04 00:43 - 2018-07-19 06:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2018-09-04 00:43 - 2018-07-19 06:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2018-09-04 00:43 - 2018-07-19 06:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2018-09-04 00:43 - 2018-07-19 06:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2018-09-04 00:43 - 2018-07-19 06:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2018-09-04 00:43 - 2018-07-19 06:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2018-09-04 00:43 - 2018-07-19 06:31 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-09-04 00:43 - 2018-07-19 06:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2018-09-04 00:43 - 2018-07-19 06:28 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2018-09-04 00:43 - 2018-07-19 06:28 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2018-09-04 00:43 - 2018-07-19 06:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2018-09-04 00:43 - 2018-07-19 06:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2018-09-04 00:43 - 2018-07-19 06:20 - 001554944 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-09-04 00:43 - 2018-07-19 06:09 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2018-09-04 00:43 - 2018-07-19 06:09 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-09-04 00:43 - 2018-07-19 06:06 - 001329152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2018-09-04 00:43 - 2018-07-19 06:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2018-09-04 00:43 - 2018-07-13 22:19 - 001894080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-09-04 00:43 - 2018-07-13 22:19 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-09-04 00:43 - 2018-07-13 22:19 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-09-04 00:43 - 2018-07-08 19:08 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-09-04 00:43 - 2018-07-08 19:02 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-09-04 00:43 - 2018-07-08 19:01 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-09-04 00:43 - 2018-07-08 18:47 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2018-09-04 00:43 - 2018-07-08 18:42 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2018-09-04 00:43 - 2018-07-06 19:09 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
      2018-09-04 00:43 - 2018-07-06 19:03 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
      2018-09-04 00:43 - 2018-07-06 18:48 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000695808 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
      2018-09-04 00:43 - 2018-06-29 18:55 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
      2018-09-04 00:43 - 2018-06-29 18:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
      2018-09-04 00:43 - 2018-06-29 18:14 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
      2018-09-04 00:43 - 2018-06-29 18:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
      2018-09-04 00:43 - 2018-06-27 19:01 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
      2018-09-04 00:43 - 2018-06-27 18:55 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
      2018-09-04 00:43 - 2018-06-27 18:55 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
      2018-09-04 00:43 - 2018-06-27 18:54 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
      2018-09-04 00:43 - 2018-06-27 18:54 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
      2018-09-04 00:43 - 2018-06-27 18:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
      2018-09-04 00:43 - 2018-06-27 18:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
      2018-09-04 00:43 - 2018-06-27 18:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
      2018-09-04 00:43 - 2018-06-27 18:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
      2018-09-04 00:43 - 2018-06-27 18:21 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
      2018-09-04 00:43 - 2018-06-27 18:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
      2018-09-04 00:43 - 2018-06-16 08:11 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
      2018-09-04 00:43 - 2018-06-13 19:20 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-09-04 00:43 - 2018-06-13 19:19 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-09-04 00:43 - 2018-06-13 18:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
      2018-09-04 00:43 - 2018-06-13 18:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
      2018-09-04 00:43 - 2018-06-08 19:21 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
      2018-09-04 00:43 - 2018-06-08 19:20 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
      2018-09-04 00:43 - 2018-06-08 19:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
      2018-09-04 00:43 - 2018-06-08 18:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
      2018-09-04 00:43 - 2018-06-08 18:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
      2018-09-04 00:43 - 2018-06-08 18:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
      2018-09-04 00:43 - 2018-06-08 18:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
      2018-09-04 00:43 - 2018-06-07 19:19 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-09-04 00:43 - 2018-06-07 18:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
      2018-09-04 00:43 - 2018-06-07 18:49 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-09-04 00:43 - 2018-06-07 18:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
      2018-09-04 00:43 - 2018-05-15 06:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
      2018-09-04 00:43 - 2018-05-15 06:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
      2018-09-04 00:43 - 2018-05-15 06:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
      2018-09-04 00:43 - 2018-05-15 06:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
      2018-09-04 00:43 - 2018-05-15 06:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
      2018-09-04 00:43 - 2018-05-15 06:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
      2018-09-04 00:43 - 2018-05-15 06:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
      2018-09-04 00:43 - 2018-05-15 06:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
      2018-09-04 00:43 - 2018-05-12 05:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
      2018-09-04 00:43 - 2018-05-12 05:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
      2018-09-04 00:43 - 2018-05-12 05:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
      2018-09-04 00:43 - 2018-05-12 00:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
      2018-09-04 00:43 - 2018-05-11 03:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
      2018-09-04 00:43 - 2018-05-11 03:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000019288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
      2018-09-04 00:43 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
      2018-09-04 00:43 - 2018-04-25 19:02 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
      2018-09-04 00:43 - 2018-04-25 18:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
      2018-09-04 00:43 - 2018-04-23 02:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
      2018-09-04 00:43 - 2018-04-18 19:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
      2018-09-04 00:43 - 2018-04-18 19:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
      2018-09-04 00:43 - 2018-04-18 18:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
      2018-09-04 00:43 - 2018-04-18 18:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
      2018-09-04 00:43 - 2018-04-18 18:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
      2018-09-04 00:43 - 2018-04-18 18:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
      2018-09-04 00:43 - 2018-04-11 19:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
      2018-09-04 00:43 - 2018-04-11 19:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
      2018-09-04 00:43 - 2018-04-10 19:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
      2018-09-04 00:43 - 2018-04-10 19:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
      2018-09-04 00:43 - 2018-04-10 19:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
      2018-09-04 00:43 - 2018-04-10 19:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
      2018-09-04 00:43 - 2018-04-10 19:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
      2018-09-04 00:43 - 2018-04-10 19:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
      2018-09-04 00:43 - 2018-04-10 18:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
      2018-09-04 00:43 - 2018-04-10 18:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
      2018-09-04 00:43 - 2018-04-10 18:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
      2018-09-04 00:43 - 2018-04-07 19:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
      2018-09-04 00:43 - 2018-03-14 20:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-09-04 00:43 - 2018-03-14 20:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-09-04 00:43 - 2018-03-14 20:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
      2018-09-04 00:43 - 2018-03-14 19:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
      2018-09-04 00:43 - 2018-03-14 19:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
      2018-09-04 00:43 - 2018-03-14 19:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-09-04 00:43 - 2018-03-14 19:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-09-04 00:43 - 2018-03-14 19:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-09-04 00:43 - 2018-03-14 19:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-09-04 00:43 - 2018-03-14 19:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
      2018-09-04 00:43 - 2018-03-06 21:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
      2018-09-04 00:43 - 2018-03-06 21:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
      2018-09-04 00:43 - 2018-02-22 06:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
      2018-09-04 00:43 - 2018-02-22 06:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
      2018-09-04 00:43 - 2018-02-10 21:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
      2018-09-04 00:43 - 2018-02-10 21:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
      2018-09-04 00:43 - 2018-02-10 21:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
      2018-09-04 00:43 - 2018-02-10 21:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
      2018-09-04 00:43 - 2018-02-10 21:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
      2018-09-04 00:43 - 2018-02-10 21:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
      2018-09-04 00:43 - 2018-02-10 21:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
      2018-09-04 00:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
      2018-09-04 00:43 - 2018-02-10 20:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
      2018-09-04 00:43 - 2018-02-10 20:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
      2018-09-04 00:43 - 2018-02-10 20:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
      2018-09-04 00:43 - 2018-01-12 19:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
      2018-09-04 00:43 - 2018-01-12 19:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
      2018-09-04 00:43 - 2018-01-12 19:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
      2018-09-04 00:43 - 2018-01-12 19:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
      2018-09-04 00:43 - 2018-01-11 19:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
      2018-09-04 00:43 - 2018-01-11 19:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
      2018-09-04 00:43 - 2018-01-01 05:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
      2018-09-04 00:43 - 2018-01-01 05:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
      2018-09-04 00:43 - 2018-01-01 05:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 001361408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
      2018-09-04 00:43 - 2018-01-01 05:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
      2018-09-04 00:43 - 2018-01-01 05:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
      2018-09-04 00:43 - 2018-01-01 05:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
      2018-09-04 00:43 - 2018-01-01 05:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
      2018-09-04 00:43 - 2018-01-01 05:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
      2018-09-04 00:43 - 2018-01-01 05:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
      2018-09-04 00:43 - 2018-01-01 04:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
      2018-09-04 00:43 - 2018-01-01 04:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
      2018-09-04 00:43 - 2018-01-01 04:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
      2018-09-04 00:43 - 2018-01-01 04:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
      2018-09-04 00:43 - 2018-01-01 04:47 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
      2018-09-04 00:43 - 2018-01-01 04:46 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
      2018-09-04 00:43 - 2018-01-01 04:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
      2018-09-04 00:43 - 2018-01-01 04:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
      2018-09-04 00:43 - 2017-12-05 20:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
      2018-09-04 00:43 - 2017-12-05 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
      2018-09-04 00:43 - 2017-12-05 20:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
      2018-09-04 00:43 - 2017-12-05 19:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
      2018-09-04 00:43 - 2017-12-05 18:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
      2018-09-04 00:42 - 2018-08-03 18:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
      2018-09-04 00:42 - 2018-08-02 06:20 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
      2018-09-04 00:42 - 2018-08-02 06:06 - 000156256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-09-04 00:42 - 2018-08-02 06:05 - 005553760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-09-04 00:42 - 2018-08-02 06:00 - 000633080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
      2018-09-04 00:42 - 2018-08-02 05:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-09-04 00:42 - 2018-08-02 05:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-09-04 00:42 - 2018-08-02 05:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-09-04 00:42 - 2018-08-02 05:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-09-04 00:42 - 2018-08-02 05:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-09-04 00:42 - 2018-08-02 05:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-09-04 00:42 - 2018-08-02 05:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
      2018-09-04 00:42 - 2018-08-02 05:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
      2018-09-04 00:42 - 2018-08-02 05:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
      2018-09-04 00:42 - 2018-07-19 09:15 - 025745408 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-09-04 00:42 - 2018-07-19 07:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2018-09-04 00:42 - 2018-07-08 19:02 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-09-04 00:42 - 2018-07-08 19:02 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-09-04 00:42 - 2018-07-08 19:01 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-09-04 00:42 - 2018-07-08 18:42 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2018-09-04 00:42 - 2018-07-08 18:41 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2018-09-04 00:42 - 2018-07-08 18:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2018-09-04 00:42 - 2018-07-08 18:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2018-09-04 00:42 - 2018-07-07 18:24 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2018-09-04 00:42 - 2018-07-06 19:03 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
      2018-09-04 00:42 - 2018-07-06 18:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
      2018-09-04 00:42 - 2018-06-29 18:55 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
      2018-09-04 00:42 - 2018-06-27 18:55 - 003246592 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
      2018-09-04 00:42 - 2018-06-27 18:55 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
      2018-09-04 00:42 - 2018-06-27 18:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
      2018-09-04 00:42 - 2018-06-21 06:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2018-09-04 00:42 - 2018-06-21 06:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
      2018-09-04 00:42 - 2018-06-16 08:24 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
      2018-09-04 00:42 - 2018-06-16 08:11 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
      2018-09-04 00:42 - 2018-06-13 19:23 - 000140992 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2018-09-04 00:42 - 2018-06-13 19:18 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2018-09-04 00:42 - 2018-06-08 19:20 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
      2018-09-04 00:42 - 2018-06-08 19:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
      2018-09-04 00:42 - 2018-06-08 18:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
      2018-09-04 00:42 - 2018-06-08 18:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
      2018-09-04 00:42 - 2018-06-08 18:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
      2018-09-04 00:42 - 2018-06-08 16:05 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2018-09-04 00:42 - 2018-06-08 16:05 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2018-09-04 00:42 - 2018-06-08 16:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2018-09-04 00:42 - 2018-06-07 19:20 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-09-04 00:42 - 2018-06-07 19:19 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-09-04 00:42 - 2018-06-07 19:19 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-09-04 00:42 - 2018-05-15 07:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2018-09-04 00:42 - 2018-05-15 06:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
      2018-09-04 00:42 - 2018-05-15 06:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
      2018-09-04 00:42 - 2018-05-15 06:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
      2018-09-04 00:42 - 2018-05-15 06:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
      2018-09-04 00:42 - 2018-05-12 00:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
      2018-09-04 00:42 - 2018-05-02 18:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
      2018-09-04 00:42 - 2018-05-02 18:32 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
      2018-09-04 00:42 - 2018-04-23 03:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
      2018-09-04 00:42 - 2018-04-11 19:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
      2018-09-04 00:42 - 2018-04-11 19:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
      2018-09-04 00:42 - 2018-04-10 19:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
      2018-09-04 00:42 - 2018-03-10 20:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2018-09-04 00:42 - 2018-03-06 21:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
      2018-09-04 00:42 - 2018-03-06 21:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
      2018-09-04 00:42 - 2018-03-06 21:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
      2018-09-04 00:42 - 2018-03-06 21:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
      2018-09-04 00:42 - 2018-02-10 21:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
      2018-09-04 00:42 - 2018-02-10 21:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
      2018-09-04 00:42 - 2018-02-10 21:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
      2018-09-04 00:42 - 2018-02-10 20:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
      2018-09-04 00:42 - 2018-02-10 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
      2018-09-04 00:42 - 2018-02-10 20:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
      2018-09-04 00:42 - 2018-02-10 20:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
      2018-09-04 00:42 - 2018-01-01 05:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
      2018-09-04 00:42 - 2018-01-01 05:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
      2018-09-04 00:42 - 2018-01-01 05:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:18 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
      2018-09-04 00:42 - 2018-01-01 05:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
      2018-09-04 00:42 - 2018-01-01 05:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
      2018-09-04 00:42 - 2018-01-01 05:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
      2018-09-04 00:42 - 2018-01-01 04:46 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
      2018-09-04 00:42 - 2018-01-01 04:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
      2018-09-04 00:42 - 2017-12-05 20:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
      2018-09-04 00:42 - 2017-12-05 20:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
      2018-09-04 00:42 - 2017-12-05 20:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
      2018-08-13 10:45 - 2018-08-13 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
      2018-08-13 10:45 - 2018-08-13 10:45 - 000000000 ____D C:\Program Files\qBittorrent
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-07 10:02 - 2017-09-16 15:50 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\qBittorrent
      2018-09-07 07:53 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-09-07 07:53 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-09-07 07:51 - 2009-07-14 08:13 - 000772130 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-09-07 07:51 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2018-09-07 07:49 - 2017-09-15 22:54 - 000002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-09-07 07:45 - 2017-09-16 17:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-09-07 07:45 - 2017-09-15 18:18 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-09-07 07:45 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-09-07 00:19 - 2017-10-22 09:50 - 000000000 ____D C:\Users\kpacko\AppData\Local\CrashDumps
      2018-09-06 23:59 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\rescache
      2018-09-04 22:42 - 2017-09-17 23:54 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\FileZilla
      2018-09-04 00:58 - 2009-07-14 07:45 - 000295648 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-09-04 00:56 - 2017-09-16 19:15 - 000000000 ____D C:\Windows\system32\appraiser
      2018-09-04 00:56 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-09-04 00:51 - 2017-07-17 23:37 - 000756356 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2018-09-02 00:28 - 2017-10-02 14:41 - 000000000 ____D C:\Users\kpacko\AppData\Roaming\ViberPC
      2018-09-02 00:27 - 2018-07-02 00:59 - 000000000 ____D C:\Users\kpacko\AppData\Local\Viber
      2018-09-02 00:26 - 2017-10-02 14:41 - 000000000 ____D C:\Users\kpacko\Documents\ViberDownloads
      2018-08-19 17:49 - 2017-11-02 01:00 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-08-08 00:53 - 2017-10-02 09:30 - 000000000 ____D C:\Users\kpacko\AppData\Local\ElevatedDiagnostics
      2018-08-08 00:53 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
      ==================== Files in the root of some directories =======
      2018-05-04 13:56 - 2018-05-01 20:53 - 001527138 _____ () C:\Users\kpacko\AppData\Roaming\ccseetup542pro.exe
      2018-05-04 13:56 - 2018-04-30 15:50 - 015816144 ____R (Piriform Ltd) C:\Users\kpacko\AppData\Roaming\ccsetup542pro.exe
      2018-05-04 13:56 - 2018-03-12 20:36 - 001371485 _____ () C:\Users\kpacko\AppData\Roaming\ccsetup542proo.exe
      2018-05-04 13:56 - 2018-03-12 20:34 - 000211375 _____ () C:\Users\kpacko\AppData\Roaming\ccsetup542prro.exe
      2017-11-30 16:35 - 2018-02-22 12:29 - 000007603 _____ () C:\Users\kpacko\AppData\Local\Resmon.ResmonCfg
      Some files in TEMP:
      ====================
      2018-04-30 12:09 - 2018-04-30 12:09 - 011491456 _____ (Raxco Software, Inc.                                        ) C:\Users\kpacko\AppData\Local\Temp\PD140p_x64.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-06 23:52
      ==================== End of FRST.txt ============================
      Addition.txt
    • от мирослав24
      Здравейте,сблъсках се със следния проблем-неизвестно лице или лица правят опити за проникване в мои акаунти в електронни  пощи и  сайтове където съм се регистрирал.Получих писмо от единия сайт че е правен опит за вписване с моето потребителско име,но с грешна парола,и аналогично съобщение от е-майл провайдър.Ползвам десктоп компютър и лаптоп и не знам дали някое от устройствата не е със зловреден софтуер.Видимо нямам проблеми с машините,освен че и на двата компютъра като исках да си сменя паролата на един сайт,ми излезе прозорец с искане да си напиша електронната поща с който съм регистриран в сайта и като я написах след това ми излезе втори прозорец с подкана да напиша и паролата си за съответната поща.Нищо не смених в крайна сметка докато не установя къде е проблема.Изпращам резултатите от сканиране с FRST на настолния компютър :
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.08.2018
      Ran by User1 (administrator) on PC1 (30-08-2018 15:49:50)
      Running from C:\Documents and Settings\User1\Desktop
      Loaded Profiles: User1 (Available Profiles: User1 & User2 & Administrator)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      (Comodo) C:\Program Files\Comodo\Dragon\dragon_updater.exe
      () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
      () C:\WINDOWS\tsnpstd3.exe
      () C:\WINDOWS\vsnpstd3.exe
      () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
      (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
      (BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
      (MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
      (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
      (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
      (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [262144 2006-06-19] ()
      HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe [827392 2006-09-19] ()
      HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [8063200 2016-07-18] ()
      HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
      HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Messenger (Yahoo!)] => "F:\SKYPE_~1\yahoo\Messenger\YahooMessenger.exe" -quiet
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [395640 2011-05-02] (BitTorrent, Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [Google Update] => C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-12-02] (Google Inc.)
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
      HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
      HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [1447936 2018-07-27] (Adobe Systems Incorporated)
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2018-03-28]
      ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2018-08-30]
      ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\..\Interfaces\{0227FD86-8C54-4C88-8029-3F44137A8ADF}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{1524681E-CD57-4084-9846-709C0A2CC0ED}: [NameServer] 192.168.100.40,192.168.100.140
      Internet Explorer:
      ==================
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKU\S-1-5-21-220523388-412668190-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_152\bin\ssv.dll [2017-12-08] (Oracle Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_152\bin\jp2ssv.dll [2017-12-08] (Oracle Corporation)
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-12-08] ()
      FF Plugin: @java.com/DTPlugin,version=11.152.2 -> C:\Program Files\Java\jre1.8.0_152\bin\dtplugin\npDeployJava1.dll [2017-12-08] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.152.2 -> C:\Program Files\Java\jre1.8.0_152\bin\plugin2\npjp2.dll [2017-12-08] (Oracle Corporation)
      FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\User1\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
      FF Plugin HKU\S-1-5-21-220523388-412668190-1417001333-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
      FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
      FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\User1\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-27] (Adobe Systems Incorporated) [File not signed]
      S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
      R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
      R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
      R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
      R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2060848 2016-02-05] (Comodo)
      R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
      R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
      S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
      R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [602112 2007-06-04] (Hewlett-Packard Co.) [File not signed]
      S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-01-12] (Oracle Corporation)
      R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
      R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
      R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [664040 2016-07-18] ()
      S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation) [File not signed]
      S3 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
      R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
      R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
      R3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
      R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
      R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
      R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
      R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
      S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
      S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
      R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)
      S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
      R3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
      R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) [File not signed]
      R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
      R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys [175008 2016-04-28] (BitDefender LLC)
      R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-19] (HP)
      R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-19] (HP)
      R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-19] (HP)
      R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
      R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4368896 2006-08-15] (Realtek Semiconductor Corp.) [File not signed]
      R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
      R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
      R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
      R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
      S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
      R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
      R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
      R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
      R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
      R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
      S3 SNPSTD3; C:\WINDOWS\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
      R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
      R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
      S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [428832 2016-04-28] (BitDefender S.R.L.)
      S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-17] (Microsoft Corporation) [File not signed]
      R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]
      R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
      S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]
      R3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
      S3 catchme; \??\C:\DOCUME~1\User1\LOCALS~1\Temp\catchme.sys [X]
      S4 IntelIde; no ImagePath
      S2 StarOpen; no ImagePath
      S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
      S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-30 15:49 - 2018-08-30 15:50 - 000014109 _____ C:\Documents and Settings\User1\Desktop\FRST.txt
      2018-08-30 15:15 - 2018-08-30 15:15 - 001773568 _____ (Farbar) C:\Documents and Settings\User1\Desktop\FRST.exe
      2018-08-10 12:36 - 2018-08-10 12:40 - 000000000 ____D C:\Documents and Settings\User2\Desktop\куче Анжело 0887999938
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-30 15:50 - 2015-07-18 13:46 - 000000000 ____D C:\Documents and Settings\User1\Local Settings\temp
      2018-08-30 15:49 - 2018-03-26 11:31 - 000000000 ____D C:\FRST
      2018-08-30 15:48 - 2011-05-02 12:46 - 000000000 ____D C:\Documents and Settings\User1\Application Data\uTorrent
      2018-08-30 15:31 - 2011-05-02 12:44 - 000000000 ____D C:\Program Files\Opera
      2018-08-30 14:58 - 2016-02-20 13:25 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
      2018-08-30 14:58 - 2015-06-22 14:14 - 000000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
      2018-08-30 14:58 - 2015-06-22 14:14 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
      2018-08-30 14:58 - 2011-05-02 10:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2018-08-30 14:57 - 2018-03-27 15:50 - 000032638 _____ C:\WINDOWS\SchedLgU.Txt
      2018-08-30 14:57 - 2011-05-02 12:10 - 000000178 ___SH C:\Documents and Settings\User1\ntuser.ini
      2018-08-30 14:57 - 2011-05-02 12:10 - 000000000 ____D C:\Documents and Settings\User1
      2018-08-30 14:55 - 2013-03-08 15:11 - 000001078 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003UA.job
      2018-08-30 14:47 - 2015-04-26 09:48 - 000000000 ____D C:\Documents and Settings\User2\Application Data\Skype
      2018-08-30 14:47 - 2011-05-02 13:28 - 000000000 ____D C:\Documents and Settings\User2\Local Settings\Temp
      2018-08-30 12:55 - 2013-03-08 15:11 - 000001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-412668190-1417001333-1003Core.job
      2018-08-30 07:50 - 2001-08-23 12:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
      2018-08-25 12:48 - 2017-01-16 13:16 - 000000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
      2018-08-25 12:48 - 2011-05-02 10:10 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2018-08-09 12:25 - 2011-05-16 16:38 - 000000000 ____D C:\Program Files\Recuva
      2018-08-02 14:29 - 2013-12-09 13:51 - 000000000 ____D C:\Documents and Settings\User2\Desktop\образци PDF
      ==================== Files in the root of some directories =======
      2011-05-02 13:33 - 2014-09-24 16:20 - 000014848 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-01-01 13:07 - 2014-01-01 13:07 - 000000036 _____ () C:\Documents and Settings\User1\Local Settings\Application Data\housecall.guid.cache
      2011-05-15 13:35 - 2011-05-15 13:35 - 000000056 _____ () C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
      2017-09-02 12:57 - 2018-04-11 15:32 - 000021736 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => MD5 is legit
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => MD5 is legit
      C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      ==================== End of FRST.txt ============================
      Addition.txt
    • от d1cho
      Привет преди два дни ми изпищя windows defender-a и антивируснта програма,пише, че гадината е Trojan:Win32/Killav.DR. Компютрите са в мрежа, единя е с vista business 64 bit, a другия с windows 10 32bit. Този с vistata не ми да ва да включа защитната стена и да инсталриам антивирусна. Мъчих компютъра с windows 10 с различни антивирусни понеже ми позволява да инсталриам,но само ги слага под карантина,а мен ме е страх да ги трия понеже имаме софтуер за работа и ме тревожи да не би да повредя нещо и да замине информацията.
      Моля за съдействие, понеже е почти невъзможно да се работи на компютрите.
      Ето тоша ми е от лог файла на компѝтъра с вистата FRST.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
      Ran by DBPROTOOLS (administrator) on DBPROTOOLS-PC (17-08-2018 10:17:44)
      Running from C:\Users\DBPROTOOLS\Desktop
      Loaded Profiles: DBPROTOOLS (Available Profiles: DBPROTOOLS)
      Platform: Windows Vista (TM) Business Service Pack 2 (X64) Language: English (United States)
      Internet Explorer Version 7 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      () C:\Windows\zqmeyojeujuakpbxqoc.exe
      (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
      () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
      HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-23] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [mqzelo] => C:\Windows\fuoewkdwkxgksvfzq.exe [503808 2018-08-17] ()
      HKLM-x32\...\Run: [qapanwkyhpts] => C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe [503808 2018-08-16] () <==== ATTENTION
      HKLM-x32\...\RunOnce: [zeoucgp] => mebupgcypfryjpcztshe.exe .
      HKLM-x32\...\RunOnce: [tcqamuhucjm] => C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe . [503808 2018-08-16] () <==== ATTENTION
      HKLM\...\Policies\Explorer\Run: [oufmvaku] => C:\Windows\zqmeyojeujuakpbxqoc.exe [503808 2018-08-16] ()
      HKLM\...\Policies\Explorer\Run: [bemqw] => C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe [503808 2018-08-16] ()
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Run: [fmygqwhsy] => C:\Windows\oezqjysmbpzenrcxpm.exe [503808 2018-08-17] ()
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Run: [mqzelo] => C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe [503808 2018-08-16] () <==== ATTENTION
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\RunOnce: [ygtcnugszf] => fuoewkdwkxgksvfzq.exe .
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\RunOnce: [zeoucgp] => C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe . [503808 2018-08-16] () <==== ATTENTION
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Policies\system: [DisableRegistryTools] 1
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\MountPoints2: {175dbd82-9a45-11e8-861a-0019990d7d87} - E:\tyquftktfbz.bat
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\MountPoints2: {1b56a57f-9a44-11e8-a149-8748c642f7d2} - E:\setup.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
      Tcpip\..\Interfaces\{16F65250-913D-4F56-B2DA-49AF5C765191}: [DhcpNameServer] 192.168.0.1 192.168.0.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      SearchScopes: HKU\S-1-5-21-3181692578-1277306937-1901717452-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-04-11] (Microsoft Corporation)
      FireFox:
      ========
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
      Chrome: 
      =======
      CHR Profile: C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default [2018-08-17]
      CHR Extension: (Slides) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-07]
      CHR Extension: (Docs) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-07]
      CHR Extension: (Google Drive) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-07]
      CHR Extension: (YouTube) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-07]
      CHR Extension: (Sheets) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-07]
      CHR Extension: (Google Docs Offline) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-07]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-07]
      CHR Extension: (Gmail) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-07]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
      S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
      S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
      S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-17 10:17 - 2018-08-17 10:18 - 000008964 _____ C:\Users\DBPROTOOLS\Desktop\FRST.txt
      2018-08-17 10:16 - 2018-08-17 10:17 - 000000000 ____D C:\FRST
      2018-08-17 10:15 - 2018-08-17 10:15 - 002412544 _____ (Farbar) C:\Users\DBPROTOOLS\Desktop\FRST64.exe
      2018-08-17 09:35 - 2018-08-17 09:36 - 046625016 _____ (Microsoft Corporation) C:\Users\DBPROTOOLS\Downloads\Windows-KB890830-x64-V5.63.exe
      2018-08-16 12:03 - 2018-08-16 12:03 - 000000000 ____D C:\ProgramData\AVG
      2018-08-16 12:02 - 2018-08-16 11:36 - 007460520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\DBPROTOOLS\Desktop\avg_antivirus_free_setup.exe
      2018-08-15 16:13 - 2018-08-15 16:33 - 000038147 _____ C:\Users\DBPROTOOLS\Documents\ПРОТОКОЛ КОНСИГНАЦИЯ.odt
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Windows\SysWOW64\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Windows\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Program Files (x86)\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\ymfulyqivhpszbkd.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\fuoewkdwkxgksvfzq.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\busmiaxumdqykrfdyyomf.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\zqmeyojeujuakpbxqoc.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\zqmeyojeujuakpbxqoc.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\ymfulyqivhpszbkd.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\fuoewkdwkxgksvfzq.exe
      2018-08-15 10:03 - 2018-08-15 10:03 - 000503808 __RSH C:\Windows\SysWOW64\busmiaxumdqykrfdyyomf.exe
      2018-08-08 19:55 - 2018-08-08 19:55 - 000000586 _____ C:\Users\DBPROTOOLS\Desktop\control8.lnk
      2018-08-08 19:53 - 2018-08-08 19:54 - 000000586 _____ C:\Users\DBPROTOOLS\Desktop\control7.lnk
      2018-08-08 10:50 - 2018-08-08 10:51 - 000000000 ___HD C:\Program Files (x86)\Temp
      2018-08-08 10:49 - 2018-08-08 10:49 - 020227746 _____ C:\Users\DBPROTOOLS\Downloads\FTS_RealtekHDAudio_6015911_1039707.zip
      2018-08-08 10:36 - 2018-08-08 10:36 - 000529696 _____ (Fujitsu) C:\Users\DBPROTOOLS\Downloads\AutoDetect_CR.exe
      2018-08-08 10:19 - 2018-08-08 10:19 - 000870768 _____ (PDFLogic Corporation ) C:\Users\DBPROTOOLS\Downloads\pdfvista.exe
      2018-08-08 10:14 - 2018-08-08 10:14 - 000127389 _____ C:\Users\DBPROTOOLS\Downloads\received_1656658347796650.jpeg
      2018-08-08 09:51 - 2018-08-08 09:51 - 000131068 _____ C:\Users\DBPROTOOLS\Downloads\ACFrOgD5qMx8urBDsFoSA7F_JPxuDeiEhFOgmeQLIU44kuc2fxOLoZfY-xq9ebf1sM-mw4X0coR12Y2kOz69foLufsDyMtHGIiFwi_Ya2E4BRTKHCOlw-VxJoiTp7S8=
      2018-08-08 09:41 - 2018-08-08 09:41 - 000949332 _____ (Vivid Document Imaging Technologies ) C:\Users\DBPROTOOLS\Downloads\PDFViewerSetup (1).exe
      2018-08-08 09:40 - 2018-08-16 12:03 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\YcanPDF
      2018-08-08 09:39 - 2018-08-08 09:39 - 003451040 _____ (PDFZilla, Inc. ) C:\Users\DBPROTOOLS\Downloads\freepdfreader.exe
      2018-08-07 17:15 - 2018-08-07 17:15 - 000008192 ___RS C:\BOOTSECT.BAK
      2018-08-07 17:15 - 2018-08-07 16:22 - 000000000 ____D C:\Windows\Panther
      2018-08-07 17:15 - 2009-04-11 19:22 - 000333257 __RSH C:\bootmgr
      2018-08-07 16:21 - 2018-08-07 16:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
      2018-08-07 16:18 - 2018-08-07 16:18 - 000000000 ____D C:\Windows\CSC
      2018-08-07 12:34 - 2018-08-07 12:34 - 000044749 _____ C:\Users\DBPROTOOLS\Downloads\logo_db_protools.pdf
      2018-08-07 12:29 - 2018-08-07 12:29 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\DBPROTOOLS\Downloads\readerdc_en_ha_install.exe
      2018-08-07 12:27 - 2018-08-07 12:27 - 000949332 _____ (Vivid Document Imaging Technologies ) C:\Users\DBPROTOOLS\Downloads\PDFViewerSetup.exe
      2018-08-07 12:22 - 2018-08-07 12:22 - 000004088 ____H C:\Users\DBPROTOOLS\AppData\Local\ygtcnugszfhefberbqviqmyucpyjqcov.dab
      2018-08-07 12:20 - 2018-08-17 10:18 - 000000272 ____H C:\Users\DBPROTOOLS\AppData\Local\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 12:19 - 2018-08-07 12:19 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\Оферти Доставчици
      2018-08-07 12:16 - 2018-08-07 12:16 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\ControlCenter4
      2018-08-07 12:13 - 2018-08-07 12:13 - 000001975 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
      2018-08-07 12:13 - 2018-08-07 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\ProgramData\ControlCenter4
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\ControlCenter4
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\BrownyInd
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\Browny02
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Brother
      2018-08-07 12:11 - 2012-12-14 04:31 - 000180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000113744 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
      2018-08-07 12:11 - 2012-12-14 04:31 - 000077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000045056 _____ C:\Windows\SysWOW64\BRTCPCON.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000000114 _____ C:\Windows\SysWOW64\BRLMW03A.INI
      2018-08-07 12:11 - 2012-12-14 04:29 - 000000050 _____ C:\Windows\system32\BRADM12A.DAT
      2018-08-07 12:11 - 2012-12-13 19:00 - 000226816 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOM12A.DLL
      2018-08-07 12:11 - 2012-10-19 15:07 - 001441792 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWi212c.dll
      2018-08-07 12:11 - 2012-10-19 15:03 - 000054272 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrUsi12c.dll
      2018-08-07 12:11 - 2012-07-06 13:56 - 000012800 _____ (Brother Industries Ltd.) C:\Windows\system32\BrCiImg.dll
      2018-08-07 12:11 - 2011-09-08 12:36 - 000279040 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrJDec.dll
      2018-08-07 12:10 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\Brother
      2018-08-07 12:10 - 2018-08-07 12:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2018-08-07 12:10 - 2012-11-02 18:15 - 000245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
      2018-08-07 12:10 - 2012-02-02 11:21 - 000002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
      2018-08-07 12:10 - 2010-03-15 19:45 - 000073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
      2018-08-07 12:10 - 2007-12-13 22:16 - 000005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
      2018-08-07 12:09 - 2018-08-07 12:13 - 000000000 ____D C:\ProgramData\Brother
      2018-08-07 12:09 - 2018-08-07 12:09 - 000000000 ____D C:\Users\DBPROTOOLS\Downloads\install
      2018-08-07 12:08 - 2018-08-07 12:08 - 141297272 _____ (A.I.SOFT,INC.) C:\Users\DBPROTOOLS\Downloads\DCP-1510-inst-A1-eeu.EXE
      2018-08-07 10:22 - 2018-08-07 10:22 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\OpenOffice
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000985 _____ C:\Users\Public\Desktop\OpenOffice 4.1.5.lnk
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
      2018-08-07 09:45 - 2018-08-07 09:46 - 000456080 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI22E4.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000011632 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI22E4.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000452836 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI223D.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000011616 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI223D.txt
      2018-08-07 09:44 - 2018-08-07 09:44 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\OpenOffice 4.1.5 (bg) Installation Files
      2018-08-07 09:40 - 2018-08-07 09:40 - 013057882 _____ C:\Users\DBPROTOOLS\Downloads\Apache_OpenOffice_4.1.5_Win_x86_langpack_bg.exe
      2018-08-07 09:40 - 2018-08-07 09:40 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\OpenOffice 4.1.5 Language Pack (Bulgarian) Installation Files
      2018-08-07 09:39 - 2018-08-07 09:40 - 129515834 _____ C:\Users\DBPROTOOLS\Downloads\Apache_OpenOffice_4.1.5_Win_x86_install_bg.exe
      2018-08-07 09:34 - 2018-08-07 09:34 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\Нова папка
      2018-08-07 09:34 - 2013-06-28 14:49 - 001732096 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys
      2018-08-07 09:31 - 2018-08-07 09:32 - 245571584 _____ C:\Users\DBPROTOOLS\Downloads\LibreOffice_5.4.7_Win_x64.msi
      2018-08-07 07:22 - 2018-08-08 09:45 - 000054608 _____ C:\Users\DBPROTOOLS\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000979 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000974 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000949 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
      2018-08-07 07:21 - 2018-08-16 17:01 - 000000732 _____ C:\Users\DBPROTOOLS\AppData\Local\d3d9caps64.dat
      2018-08-07 07:21 - 2018-08-10 15:00 - 000000000 ____D C:\Users\DBPROTOOLS
      2018-08-07 07:21 - 2018-08-07 12:20 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\VirtualStore
      2018-08-07 07:21 - 2018-08-07 07:22 - 000000915 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
      2018-08-07 07:21 - 2018-08-07 07:21 - 000000020 ___SH C:\Users\DBPROTOOLS\ntuser.ini
      2018-08-07 00:53 - 2018-08-16 17:02 - 000000680 _____ C:\Users\DBPROTOOLS\AppData\Local\d3d9caps.dat
      2018-08-07 00:52 - 2018-08-16 17:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-08-07 00:52 - 2018-08-15 06:17 - 000000882 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-08-07 00:52 - 2018-08-15 06:17 - 000000870 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
      2018-08-07 00:52 - 2018-08-07 00:52 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\TeamViewer
      2018-08-07 00:51 - 2018-08-07 00:51 - 020688888 _____ (TeamViewer GmbH) C:\Users\DBPROTOOLS\Downloads\TeamViewer_Setup.exe
      2018-08-07 00:47 - 2018-08-07 00:47 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-07 00:47 - 2018-08-07 00:47 - 000002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Google
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Deployment
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Apps\2.0
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Program Files (x86)\Google
      2018-08-07 00:47 - 2018-08-06 16:30 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2018-08-07 00:47 - 2018-08-06 16:30 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2018-08-06 19:35 - 2018-08-06 19:35 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\TeamViewer
      2018-08-06 16:30 - 2018-08-06 16:30 - 000000693 _____ C:\Users\DBPROTOOLS\Desktop\Downloads - Shortcut.lnk
      2018-08-06 16:29 - 2018-08-06 16:29 - 000000000 ____D C:\Program Files (x86)\GUM4368.tmp
      2018-08-06 14:37 - 2018-08-06 14:38 - 274317312 _____ C:\Users\DBPROTOOLS\Downloads\LibreOffice_6.0.6_Win_x64.msi
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-17 09:01 - 2006-11-02 18:20 - 000005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-17 09:01 - 2006-11-02 18:20 - 000005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-16 17:08 - 2006-11-02 16:33 - 000000000 ____D C:\Windows\inf
      2018-08-16 17:08 - 2006-11-02 15:46 - 000690960 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-16 17:01 - 2006-11-02 18:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-16 14:51 - 2006-11-02 18:38 - 000011762 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-08-08 09:44 - 2006-11-02 18:20 - 000256016 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-07 17:15 - 2006-11-02 18:05 - 000262144 _____ C:\Windows\system32\config\BCD-Template
      2018-08-07 09:44 - 2006-11-02 16:33 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
      2018-08-07 09:43 - 2006-11-02 16:34 - 000000000 ____D C:\Windows\system32\NDF
      2018-08-07 07:21 - 2006-11-02 16:33 - 000000000 ____D C:\Windows\rescache
      ==================== Files in the root of some directories =======
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H () C:\Program Files (x86)\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 00:53 - 2018-08-16 17:02 - 000000680 _____ () C:\Users\DBPROTOOLS\AppData\Local\d3d9caps.dat
      2018-08-07 07:21 - 2018-08-16 17:01 - 000000732 _____ () C:\Users\DBPROTOOLS\AppData\Local\d3d9caps64.dat
      2018-08-07 12:20 - 2018-08-17 10:18 - 000000272 ____H () C:\Users\DBPROTOOLS\AppData\Local\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 09:44 - 2018-08-07 09:45 - 000452836 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI223D.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000456080 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI22E4.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000011616 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI223D.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000011632 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI22E4.txt
      2018-08-07 12:22 - 2018-08-07 12:22 - 000004088 ____H () C:\Users\DBPROTOOLS\AppData\Local\ygtcnugszfhefberbqviqmyucpyjqcov.dab
      Files to move or delete:
      ====================
      C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe
      C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe .
      C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe
      C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe .

      Some files in TEMP:
      ====================
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\busmiaxumdqykrfdyyomf.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe
      2018-08-07 12:20 - 2018-08-07 12:20 - 000327680 _____ () C:\Users\DBPROTOOLS\AppData\Local\Temp\gegdhvgwcqz.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe
      2018-08-07 12:20 - 2018-08-07 12:20 - 000708608 _____ () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-17 05:08
      ==================== End of FRST.txt ============================
      Addition.txt
    • от v3cko
      malwarbytes засече троянец и други гадинки
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
      Ran by BECKO (administrator) on BECKO-PC (12-08-2018 08:46:39)
      Running from C:\Users\BECKO\Downloads
      Loaded Profiles: BECKO (Available Profiles: BECKO)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Intel Corporation) C:\Windows\System32\igfxtray.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2018-08-11] (Synaptics Incorporated)
      HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\...\Run: [Chromium] => "c:\users\becko\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4447F6FC-1164-470A-9CC4-84A798333B40}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{566E0D37-D76E-44FA-984D-4A40BF15E2B7}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF ProfilePath: C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default [2018-08-12]
      FF user.js: detected! => C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\ignaeef5.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-11] ()
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
      CHR Extension: (Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-11]
      CHR Extension: (Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-11]
      CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-11]
      CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-11]
      CHR Extension: (Adblock Plus) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-11]
      CHR Extension: (Таблици) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-11]
      CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-08-11]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-11]
      CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-11]
      CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2018-08-11] (Broadcom Corporation.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
      R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2018-08-11] (Broadcom Corporation.)
      S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2018-08-11] (Broadcom Corporation.)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-06-19] (Malwarebytes)
      S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [38224 2018-08-11] ()
      R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2018-08-11] (Intel Corporation)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2018-08-11] (Intel Corporation)
      R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2018-08-11] (Infineon Technologies AG)
      R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2018-08-11] (Windows (R) Codename Longhorn DDK provider)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165608 2018-08-11] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [95488 2018-08-12] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [42728 2018-08-12] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-12] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73336 2018-08-12] (Malwarebytes)
      R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2018-08-11] (Intel Corporation)
      R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [7424 2018-08-11] ()
      R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2018-08-12] (Zemana Ltd.)
      R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2018-08-12] (Zemana Ltd.)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 08:46 - 2018-08-12 08:47 - 000008916 _____ C:\Users\BECKO\Downloads\FRST.txt
      2018-08-12 08:46 - 2018-08-12 08:46 - 000000000 ____D C:\FRST
      2018-08-12 08:44 - 2018-08-12 08:44 - 001773056 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe
      2018-08-12 08:08 - 2018-08-12 08:46 - 000032169 _____ C:\Windows\ZAM.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:46 - 000011705 _____ C:\Windows\ZAM_Guard.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\Program Files\Zemana AntiMalware
      2018-08-12 08:06 - 2018-08-12 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Local\Zemana
      2018-08-12 08:05 - 2018-08-12 08:05 - 006625600 _____ (Zemana Ltd. ) C:\Users\BECKO\Downloads\Zemana.AntiMalware.Setup.exe
      2018-08-12 07:45 - 2018-08-12 07:45 - 007417040 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.2.2.exe
      2018-08-12 07:44 - 2018-08-12 07:45 - 000000000 ____D C:\AdwCleaner
      2018-08-12 07:44 - 2018-08-12 07:44 - 007277776 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.1.1.exe
      2018-08-12 07:12 - 2018-08-12 07:12 - 000000000 ____D C:\Users\BECKO\AppData\Local\CrashDumps
      2018-08-12 06:43 - 2018-08-12 08:36 - 000000000 ____D C:\ProgramData\RogueKiller
      2018-08-12 06:43 - 2018-08-12 08:16 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
      2018-08-12 06:42 - 2018-08-12 06:42 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\Program Files\RogueKiller
      2018-08-12 06:41 - 2018-08-12 06:41 - 036826200 _____ (Adlice Software ) C:\Users\BECKO\Downloads\RogueKiller_setup.exe
      2018-08-12 06:39 - 2018-08-12 06:39 - 000000000 _____ C:\Users\BECKO\Downloads\RogueKiller.exe
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ C:\Users\BECKO\AppData\Roaming\WB.CFG
      2018-08-12 00:38 - 2018-08-11 13:48 - 000000000 ____D C:\Windows\Panther
      2018-08-12 00:32 - 2018-08-12 00:32 - 000000000 ____D C:\Windows.old
      2018-08-12 00:20 - 2018-08-12 00:20 - 000000000 ____D C:\Windows\pss
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____D C:\Program Files\Synaptics
      2018-08-11 22:18 - 2018-08-11 22:18 - 000214312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000120104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo4.dll
      2018-08-11 22:14 - 2018-08-11 22:14 - 000165160 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
      2018-08-11 22:11 - 2018-08-11 22:11 - 001303728 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
      2018-08-11 22:09 - 2018-08-11 22:09 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\risdptsk.sys
      2018-08-11 22:04 - 2018-08-11 22:04 - 000044800 _____ (Infineon Technologies AG) C:\Windows\system32\Drivers\ifxtpm.sys
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____D C:\Program Files\AuthenTec
      2018-08-11 21:54 - 2018-08-11 21:54 - 000000000 ____D C:\Intel
      2018-08-11 21:52 - 2018-08-11 21:53 - 000571904 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll
      2018-08-11 21:52 - 2018-08-11 21:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
      2018-08-11 21:51 - 2018-08-11 21:52 - 004411392 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
      2018-08-11 21:48 - 2018-08-11 21:51 - 011405312 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000000268 _____ C:\Windows\system32\GfxUI.exe.config
      2018-08-11 21:47 - 2018-08-11 21:48 - 003157784 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
      2018-08-11 21:47 - 2018-08-11 21:47 - 000189552 _____ C:\Windows\system32\Gfxres.th-TH.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000121173 _____ C:\Windows\system32\Gfxres.tr-TR.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000120320 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
      2018-08-11 21:47 - 2018-08-11 21:47 - 000104044 _____ C:\Windows\system32\Gfxres.zh-TW.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000102883 _____ C:\Windows\system32\Gfxres.zh-CN.resources
      2018-08-11 21:46 - 2018-08-11 21:47 - 000119360 _____ C:\Windows\system32\Gfxres.sv-SE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000178407 _____ C:\Windows\system32\Gfxres.el-GR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000165395 _____ C:\Windows\system32\Gfxres.ru-RU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000139909 _____ C:\Windows\system32\Gfxres.ar-SA.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000136401 _____ C:\Windows\system32\Gfxres.ja-JP.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000133746 _____ C:\Windows\system32\Gfxres.he-IL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000125558 _____ C:\Windows\system32\Gfxres.it-IT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000123230 _____ C:\Windows\system32\Gfxres.ko-KR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122927 _____ C:\Windows\system32\Gfxres.es-ES.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122709 _____ C:\Windows\system32\Gfxres.de-DE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120800 _____ C:\Windows\system32\Gfxres.fr-FR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120366 _____ C:\Windows\system32\Gfxres.pt-BR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119616 _____ C:\Windows\system32\Gfxres.hu-HU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119586 _____ C:\Windows\system32\Gfxres.nl-NL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119067 _____ C:\Windows\system32\Gfxres.pt-PT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118745 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118697 _____ C:\Windows\system32\Gfxres.fi-FI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118409 _____ C:\Windows\system32\Gfxres.pl-PL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118058 _____ C:\Windows\system32\Gfxres.sk-SK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114852 _____ C:\Windows\system32\Gfxres.nb-NO.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114372 _____ C:\Windows\system32\Gfxres.sl-SI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114261 _____ C:\Windows\system32\Gfxres.da-DK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000110214 _____ C:\Windows\system32\Gfxres.en-US.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
      2018-08-11 21:45 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
      2018-08-11 21:43 - 2018-08-11 21:45 - 008198936 _____ (Intel(R) Corporation) C:\Windows\system32\TVWSetup.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000261632 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
      2018-08-11 21:43 - 2018-08-11 21:43 - 000179480 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000023552 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
      2018-08-11 21:42 - 2018-08-11 21:43 - 000172824 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000828928 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000268056 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000228864 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000208896 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000195584 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000171288 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000147456 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000138008 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000115200 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
      2018-08-11 21:42 - 2018-08-11 21:42 - 000095232 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
      2018-08-11 21:41 - 2018-08-11 21:42 - 001921265 _____ C:\Windows\system32\iglhxa32.cpa
      2018-08-11 21:41 - 2018-08-11 21:41 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2555.dll
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060254 _____ C:\Windows\system32\iglhxg32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060226 _____ C:\Windows\system32\iglhxc32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060015 _____ C:\Windows\system32\iglhxo32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000051628 _____ C:\Windows\system32\iglhxs32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000001090 _____ C:\Windows\system32\iglhxa32.vp
      2018-08-11 21:40 - 2018-08-11 21:41 - 000982240 _____ C:\Windows\system32\igkrng500.bin
      2018-08-11 21:37 - 2018-08-11 21:37 - 000017408 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\KMWDFILTER.sys
      2018-08-11 21:36 - 2018-08-11 21:36 - 000007424 _____ () C:\Windows\system32\Drivers\whfltr2k.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000095488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000073336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000042728 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-08-11 20:30 - 2018-08-11 20:30 - 000165608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-08-11 20:27 - 2018-08-11 20:28 - 000000000 ____D C:\Users\BECKO\Downloads\windows.loader.v2.2.2
      2018-08-11 20:26 - 2018-08-11 20:26 - 001768154 _____ C:\Users\BECKO\Downloads\windows.loader.v2.2.2.zip
      2018-08-11 19:36 - 2018-08-11 19:36 - 078989872 _____ (Malwarebytes ) C:\Users\BECKO\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe
      2018-08-11 19:36 - 2018-08-11 19:36 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-08-11 19:36 - 2018-06-19 14:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2018-08-11 19:15 - 2018-08-11 19:15 - 000038224 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
      2018-08-11 19:14 - 2018-08-11 19:15 - 000000000 ____D C:\ProgramData\HitmanPro
      2018-08-11 18:56 - 2018-08-12 08:13 - 000001134 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-11 18:53 - 2018-08-12 06:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\41B13405-F6F9-0E07-41F8-1ED9F82C4739
      2018-08-11 18:52 - 2018-08-11 19:54 - 000000000 ____D C:\ProgramData\McAfee
      2018-08-11 18:51 - 2018-08-12 00:31 - 000000000 ____D C:\Windows\system32\yiuxtdsr
      2018-08-11 18:50 - 2018-08-11 19:43 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Sound Volume Control
      2018-08-11 18:47 - 2018-08-11 18:47 - 000000000 ____D C:\Windows\system32\appmgmt
      2018-08-11 18:28 - 2018-08-11 18:28 - 017142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 011220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 004240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 003969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 003914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-08-11 18:28 - 2018-08-11 18:28 - 002166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-08-11 18:28 - 2018-08-11 18:28 - 001818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
      2018-08-11 18:28 - 2018-08-11 18:28 - 000610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-08-11 18:28 - 2018-08-11 18:28 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp
      2018-08-11 18:27 - 2018-08-11 18:27 - 001294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-08-11 18:27 - 2018-08-11 18:27 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 002284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
      2018-08-11 18:23 - 2018-08-11 18:23 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
      2018-08-11 18:22 - 2018-08-11 18:22 - 031194832 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\IE11-Windows6.1-x86-bg-bg.exe
      2018-08-11 17:59 - 2018-08-11 18:02 - 009037312 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
      2018-08-11 17:57 - 2018-08-11 17:58 - 002760704 _____ (Intel Corporation) C:\Windows\system32\NETwNr32.dll
      2018-08-11 17:57 - 2018-08-11 17:57 - 000684032 _____ (Intel Corporation) C:\Windows\system32\NETwNc32.dll
      2018-08-11 17:55 - 2018-08-11 17:57 - 007523840 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs32.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000527344 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000026096 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000232664 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y6232.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000081600 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000028792 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000003313 _____ C:\Windows\system32\e1y6232.din
      2018-08-11 17:53 - 2018-08-11 17:53 - 000144600 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
      2018-08-11 17:53 - 2018-08-11 17:53 - 000060120 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll
      2018-08-11 17:52 - 2018-08-11 17:53 - 001680088 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
      2018-08-11 17:52 - 2018-08-11 17:52 - 001640152 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll
      2018-08-11 17:52 - 2018-08-11 17:52 - 000175320 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
      2018-08-11 17:50 - 2018-08-11 17:50 - 000048128 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys
      2018-08-11 17:45 - 2018-08-11 17:45 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01009.dll
      2018-08-11 17:45 - 2018-08-11 17:45 - 000015544 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\CPQBttn.sys
      2018-08-11 17:44 - 2018-08-11 17:44 - 000971752 _____ (AuthenTec, Inc.) C:\Windows\system32\Drivers\ATSwpWDF.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000035896 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000026168 _____ (Hewlett-Packard Company) C:\Windows\system32\hpservice.exe
      2018-08-11 17:42 - 2018-08-11 17:42 - 000025656 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000016952 _____ (Hewlett-Packard Company) C:\Windows\system32\accelerometerdll.DLL
      2018-08-11 17:42 - 2018-08-11 17:42 - 000014392 _____ (Hewlett-Packard Company) C:\Windows\system32\HPMDPCoInst12.dll
      2018-08-11 17:40 - 2018-08-12 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
      2018-08-11 17:39 - 2018-08-11 17:39 - 004107032 _____ (Easeware ) C:\Users\BECKO\Downloads\DriverEasy_Setup.exe
      2018-08-11 16:22 - 2018-08-11 16:22 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Windows\system32\Macromed
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF
      2018-08-11 16:17 - 2018-08-11 17:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001067 _____ C:\Users\Public\Desktop\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\Downloads\k-meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Mozilla
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Program Files\K-Meleon
      2018-08-11 16:14 - 2018-08-11 16:14 - 032875887 _____ (kmeleonbrowser.org) C:\Users\BECKO\Downloads\K-Meleon76RC.exe
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
      2018-08-11 16:04 - 2012-07-26 06:39 - 000526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
      2018-08-11 16:04 - 2012-07-26 06:39 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
      2018-08-11 16:04 - 2012-07-26 05:46 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
      2018-08-11 16:04 - 2012-06-02 17:34 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      2018-08-11 14:20 - 2018-07-17 01:02 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2018-08-11 14:18 - 2018-08-11 14:18 - 000000492 _____ C:\Users\BECKO\Desktop\LFS.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google
      2018-08-11 14:03 - 2018-08-11 14:18 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google
      2018-08-11 14:03 - 2018-08-11 14:03 - 000000000 ____D C:\Program Files\Google
      2018-08-11 14:02 - 2018-08-11 14:02 - 000057560 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-11 13:49 - 2018-08-11 13:49 - 000001417 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-11 13:49 - 2014-05-14 19:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-08-11 13:49 - 2014-05-14 19:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-08-11 13:49 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-08-11 13:49 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-08-11 13:48 - 2018-08-12 08:13 - 000000000 ____D C:\Users\BECKO
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000020 ___SH C:\Users\BECKO\ntuser.ini
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore
      2018-08-11 13:48 - 2010-11-21 03:46 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs
      2018-08-11 13:43 - 2018-08-11 13:43 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2018-08-11 13:42 - 2018-08-11 13:42 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2018-08-11 13:41 - 2018-08-11 13:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:56 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-12 07:56 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-08-12 07:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-12 00:38 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
      2018-08-11 21:57 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
      2018-08-11 21:40 - 2009-07-14 01:09 - 004967424 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
      2018-08-11 18:36 - 2009-07-14 07:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-11 18:34 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-08-11 17:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
      2018-08-11 17:24 - 2010-11-21 03:38 - 000000000 ____D C:\Windows\system32\WCN
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\oobe
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\servicing
      2018-08-11 17:23 - 2010-11-21 03:46 - 000000000 ____D C:\Program Files\Windows Journal
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Sidebar
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker
      2018-08-11 17:23 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System
      2018-08-11 14:05 - 2017-10-21 15:53 - 000000000 ____D C:\LFS
      2018-08-11 13:48 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries
      2018-08-11 13:43 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-08-11 13:39 - 2010-11-21 03:46 - 000000000 ____D C:\Windows\CSC
      ==================== Files in the root of some directories =======
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ () C:\Users\BECKO\AppData\Roaming\WB.CFG
      Some files in TEMP:
      ====================
      2018-08-12 06:43 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Local\Temp\dllnt_dump.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-11 13:38
      ==================== End of FRST.txt ============================
      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
      Ran by BECKO (12-08-2018 08:47:38)
      Running from C:\Users\BECKO\Downloads
      Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2018-08-11 10:48:46)
      Boot Mode: Normal
      ==========================================================

      ==================== Accounts: =============================
      Administrator (S-1-5-21-4192057778-3853912004-1886924142-500 - Administrator - Disabled)
      BECKO (S-1-5-21-4192057778-3853912004-1886924142-1001 - Administrator - Enabled) => C:\Users\BECKO
      Guest (S-1-5-21-4192057778-3853912004-1886924142-501 - Limited - Disabled)
      HomeGroupUser$ (S-1-5-21-4192057778-3853912004-1886924142-1002 - Limited - Enabled)
      ==================== Security Center ========================
      (If an entry is included in the fixlist, it will be removed.)
      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      ==================== Installed Programs ======================
      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
      Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Driver Easy 5.6.4 (HKLM\...\DriverEasy_is1) (Version: 5.6.4 - Easeware)
      Google Chrome (HKLM\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
      K-Meleon 76.0 (x86 en-US) (HKLM\...\K-Meleon 76.0 (x86 en-US)) (Version: 76.0 - kmeleonbrowser.org)
      Malwarebytes, версия 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
      Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
      RogueKiller version 12.12.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.31.0 - Adlice Software)
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
      Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
      ==================== Custom CLSID (Whitelisted): ==========================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      CustomCLSID: HKU\S-1-5-21-4192057778-3853912004-1886924142-1001_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
      ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2018-08-11] (Intel Corporation)
      ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ==================== Scheduled Tasks (Whitelisted) =============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {15D51586-5D78-42F1-9AC0-F11850F32BB2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {4311FBF7-FF23-4B96-8A7A-7C848E6879A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {755ADDF9-F707-4126-9FD6-5EE5C09A6ED0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {87310821-94B6-4F2B-B233-805F8167F2AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {A663C5B5-F8F8-4769-83E9-A86545183E28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-08-11] (Adobe Systems Incorporated)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      ==================== Shortcuts & WMI ========================
      (The entries could be listed to be restored or removed.)

      ==================== Loaded Modules (Whitelisted) ==============
      2018-08-11 19:36 - 2018-07-03 12:59 - 002077904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2018-08-11 19:36 - 2018-06-18 13:32 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 004076888 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 000096088 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libegl.dll
      ==================== Alternate Data Streams (Whitelisted) =========
      (If an entry is included in the fixlist, only the ADS will be removed.)
      AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6121592]
      ==================== Safe Mode (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      ==================== Association (Whitelisted) ===============
      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      ==================== Internet Explorer trusted/restricted ===============
      (If an entry is included in the fixlist, it will be removed from the registry.)

      ==================== Hosts content: ===============================
      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
      2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

      ==================== Other Areas ============================
      (Currently there is no automatic fix for this section.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.
      ==================== MSCONFIG/TASK MANAGER disabled items ==

      ==================== FirewallRules (Whitelisted) ===============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      FirewallRules: [{38F020BD-9D8B-47A7-BA58-523640743E70}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
      FirewallRules: [TCP Query User{73CDBD4B-E707-4433-90BB-0CA4D37853D5}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [UDP Query User{43AE0B81-FBBA-40D9-9930-B10662946E5D}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [{EB2B59E7-24DC-4376-8CA5-5C73EB6B45AC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [TCP Query User{3CA70832-11D6-43D6-996B-CE4FD0FFCA2F}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [UDP Query User{A8FAE1F8-F48D-463D-9467-C469B6224C66}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [{C20D9306-3310-4603-955A-D8750AB02ABC}] => (Allow) C:\Users\BECKO\AppData\Local\Chromium\Application\chrome.exe
      ==================== Restore Points =========================
      11-08-2018 13:48:58 Windows Update
      11-08-2018 14:19:49 Windows Update
      11-08-2018 16:16:29 Windows Backup
      11-08-2018 16:53:14 Language Pack Installation
      11-08-2018 18:23:09 Програма за инсталиране на модули за Windows
      11-08-2018 18:41:57 Windows Update
      11-08-2018 18:46:40 Removed Avira Software Updater
      11-08-2018 19:18:13 Точка на възстановяване на HitmanPro
      11-08-2018 19:29:58 Точка на възстановяване на HitmanPro
      ==================== Faulty Device Manager Devices =============
      Name: RICOH Bay8Controller
      Description: RICOH Bay8Controller
      Class Guid: 
      Manufacturer: 
      Service: 
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      ==================== Event log errors: =========================
      Application errors:
      ==================
      Error: (08/12/2018 07:53:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:16:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:12:39 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: rundll32.exe_rasapi32.dll, версия: 6.1.7600.16385, времево клеймо: 0x4a5bc637
      Име на модул с грешки: rasapi32.dll_unloaded, версия: 0.0.0.0, времево клеймо: 0x5b51fcfc
      Код на изключение: 0xc0000005
      Отместване на грешка: 0x5d2300fb
      ИД на процес на грешка: 0xc58
      Начален час на приложението с грешки: 0x01d431b9f55ad649
      Път на приложението с грешки: C:\Windows\System32\rundll32.exe
      Път на модула с грешки: rasapi32.dll
      ИД на доклад: f345bb24-9de5-11e8-8c5b-002713343a56
      Error: (08/12/2018 12:27:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 10:30:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 08:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 07:56:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

      System errors:
      =============
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Software Protection беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 120000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:46:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Windows Media Player Network Sharing Service не може да бъде стартирана поради следната грешка: 
      Системата не може да намери указания път.
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.

      Windows Defender:
      ===================================
      Date: 2018-08-11 18:49:37.775
      Description: 
      Windows Defender has detected spyware or other potentially unwanted software.
      For more information please see the following:
      http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289
      Name:SoftwareBundler:Win32/Prepscram
      ID:226289
      Severity:High
      Category:Software Bundler
      Path Found:file:C:\Program Files\KMSPico 10.2.1 Final\WindowsLoader.exe;process:pid:1664
      Detection Type:Concrete
      Detection Source:Real-Time Protection
      Status:Unknown
      Process Name:
      CodeIntegrity:
      ===================================
      Date: 2018-08-11 18:47:53.133
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:47:33.024
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:46:32.355
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:36:54.706
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:34:39.836
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:29:33.389
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:26:43.817
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:19:33.847
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      ==================== Memory info =========================== 
      Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
      Percentage of memory in use: 57%
      Total physical RAM: 3000.26 MB
      Available physical RAM: 1266.7 MB
      Total Virtual: 7094.55 MB
      Available Virtual: 5571.67 MB
      ==================== Drives ================================
      Drive c: () (Fixed) (Total:100.1 GB) (Free:34 GB) NTFS
      Drive d: () (Fixed) (Total:365.12 GB) (Free:278.48 GB) NTFS
      \\?\Volume{b6af5893-9d52-11e8-b3b1-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
      \\?\Volume{b6af5896-9d52-11e8-b3b1-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
      ==================== MBR & Partition Table ==================
      ========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
      Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
      ==================== End of Addition.txt ============================
      това беше открито снощи 
      Malwarebytes
      www.malwarebytes.com
      -Детайли за регистъра-
      Дата на сканиране: 11.08.18 г.
      Час на сканиране: 19:39
      Файл на регистъра: 1355b5a2-9d85-11e8-97c9-002713343a56.json
      Администратор: Да
      -Информация за софтуера-
      Версия: 3.5.1.2522
      Версия на компонентите: 1.0.391
      Актуализирай версията на пакета: 1.0.6301
      Лиценз: Пробен период
      -Системна информация-
      OS: Windows 7 Service Pack 1
      CPU: x86
      Файлова система: NTFS
      Потребител: BECKO-PC\BECKO
      -Резюме на сканирането-
      Тип сканиране: Threat Scan
      Сканирането е стартирано от: Ръчно
      Резултат: Завършено
      Сканирани обекти: 158748
      Открити заплахи: 85
      Заплахи под карантина: 85
      Изтекло време: 3 мин, 55 сек
      -Опции за сканиране-
      Памет: Разрешено
      Стартиране: Разрешено
      Файлова система: Разрешено
      Архиви: Разрешено
      руткитове: Разрешено
      Евристика: Разрешено
      PUP: Открий
      PUM: Открий
      -Детайли за сканирането-
      Процес: 0
      (Не бяха открити зловредни елементи)
      Модул: 0
      (Не бяха открити зловредни елементи)
      Ключ на регистъра: 16
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      Adware.FastDataX, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\FastDataX, Под карантина, [3932], [484533],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Под карантина, [417], [518478],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Под карантина, [417], [518476],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Под карантина, [417], [518473],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Под карантина, [417], [518479],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D2A33A63-8223-EBE3-33A3-9B63E32348E3}, Под карантина, [3725], [542290],1.0.6301
      Стойност на регистъра: 6
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Multitimer, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.NotChromeRun, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_A26881468A4EFB18BAF645F9B1FB72E9, Под карантина, [6940], [241243],1.0.6301
      Adware.Tuto4PC.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|QWTD433SW12, Под карантина, [3704], [522751],1.0.6301
      Adware.NeoBar, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|AwRWNQQxQn, Под карантина, [1236], [431477],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}|PATH, Под карантина, [103], [535907],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}|PATH, Под карантина, [3754], [483378],1.0.6301
      Данни на регистъра: 0
      (Не бяха открити зловредни елементи)
      Поток данни: 0
      (Не бяха открити зловредни елементи)
      Папка: 8
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712, Под карантина, [407], [463480],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-04d1-0, Под карантина, [679], [407181],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-56c1-1, Под карантина, [679], [407181],1.0.6301
      Adware.NeoBar, C:\USERS\BECKO\APPDATA\LOCAL\CYPJMERAKY, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}, Под карантина, [3725], [542290],1.0.6301
      Файл: 55
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-04d1-0\BITAC33.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-56c1-1\BIT96A0.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712\ic-0.9290ec7e4e043.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.BundleInstaller, C:\Users\BECKO\AppData\Local\Temp\845712\ic-0.ab640b600fd5f8.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.WinYahoo.Generic, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\allradio_4.27_portable.exe, Под карантина, [103], [536191],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER\UNINS000.DAT, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\Multitimer.exe, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\unins000.exe, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\fado, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat1, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat2, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      Adware.Tuto4PC.Generic, C:\PROGRAM FILES\YUYFG\5138832.EXE, Под карантина, [3704], [522751],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      Adware.NeoBar, C:\Users\BECKO\AppData\Local\cypjMERAky\activation.exe, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HOWTOREMOVE\HOWTOREMOVE.HTML, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\chromium-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\control panel-min-min.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\down.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff menu.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff search engine-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ff.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ie.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\search engine.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\setup pages.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\sp-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\start-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\up.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lilacisa, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lonadel, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninst.exe, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninstp.dat, Под карантина, [3725], [542290],1.0.6301
      Ransom.Crysis, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\REACSRHG\UIFBACFE.EXE, Под карантина, [7210], [551188],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Sound Volume Control.lnk, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\SOUND VOLUME CONTROL\SNDVOL.EXE, Под карантина, [0], [392686],1.0.6301
      PUP.Optional.BundleInstaller, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\REGISTRY_ACTIVATION_2751393056.EXE, Под карантина, [407], [505351],1.0.6301
      Trojan.MalPack, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\WINDOWSLOADER.EXE, Под карантина, [4152], [500527],1.0.6301
      Backdoor.Bot, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\ACTIVATION.EXE, Под карантина, [806], [419768],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\IS-AT1Q7.TMP\ZRGVBV.DLL, Под карантина, [103], [539849],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP2_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP3_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP4_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Adware.Tuto4PC, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\EYEKAZXXJYM.EXE, Под карантина, [2764], [474076],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\REFSUTIL.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\BEAD.TMP.EXE, Под карантина, [0], [392686],1.0.6301
      Физически сектор: 0
      (Не бяха открити зловредни елементи)
      WMI: 0
      (Не бяха открити зловредни елементи)

      (end)
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.