Премини към съдържанието

    Препоръчан отговор


    Maniac    1327

    Здравейте!

    Стъпка 1

    Изтеглете fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

    Стартирайте FRST.exe и натиснете бутона Fix веднъж!

    След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

     

    Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

    Стъпка 2

    Моля, изтеглете Malwarebytes Anti-Malware 2.1.6.1022 и я запазете на вашия десктоп.

    • Стартирайте файла mbam-setup-2.0.3.1025.exe и следвайте указанията за да инсталирате програмата.
    • След като инсталацията приключи се уверете че сте сложили отметка пред:
    • Launch Malwarebytes Anti-Malware
    • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.
    • Натиснете бутона Finish.
    • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
    • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
    • Ще започне проверка за зловреден софтуер.
    • При някои инфекции можете да видите съобщението:
    • "Could not load DDA driver"
    • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
    • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
    • След като проверката приключи натиснете бутона Apply Actions.
    • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
    • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
    • Отидете то табът History > Application Logs.
    • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
    • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.
    В следващия си коментар в тази тема, включете следните лог файлове:
    • Лог файл от FRST
    • Лог файл от Malwarebytes Anti-Malware

    fixlist.txt

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    stanilm    1
    Мисля, че всичко е изпълнено според указанията.
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 26.6.2015 г.
    Scan Time: 20:48:15 ч.
    Logfile: 
    Administrator: Yes
     
    Version: 2.01.6.1022
    Malware Database: v2015.06.26.06
    Rootkit Database: v2015.06.26.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: STANIL
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 301381
    Time Elapsed: 5 min, 59 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 6
    PUP.Optional.LuckyTab.A, HKU\S-1-5-21-2924463148-2046589775-2370302242-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, Quarantined, [301ef3cc7e0cb1853a90dd900cf7768a], 
    PUP.Optional.LuckyTab.A, HKU\S-1-5-21-2924463148-2046589775-2370302242-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, Quarantined, [301ef3cc7e0cb1853a90dd900cf7768a], 
    PUP.Optional.Delta.A, HKLM\SOFTWARE\delta-homesSoftware, Quarantined, [0c42a41bb5d56fc7d430b66b5da721df], 
    PUP.Optional.Picexa.A, HKLM\SOFTWARE\PicexaSvc, Quarantined, [3e10b20dafdbf4426da49bf6dc29e020], 
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\webssearchesSoftware, Quarantined, [82cc5669f8924ee887ca76c4cf35837d], 
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, Quarantined, [fd51c5fa9bef8da9afb217053dc7c23e], 
     
    Registry Values: 1
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, kmp, Quarantined, [fd51c5fa9bef8da9afb217053dc7c23e]
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 5
    PUP.Optional.OpenCandy, C:\Users\STANIL\AppData\Roaming\OpenCandy, Quarantined, [f5597e41a9e1fe388b1d843ed62df30d], 
    PUP.Optional.OpenCandy, C:\Users\STANIL\AppData\Roaming\OpenCandy\C7C7299392314C22A12850BCDE853E3C, Quarantined, [f5597e41a9e1fe388b1d843ed62df30d], 
    PUP.Optional.WebsSearches.A, C:\Users\STANIL\AppData\Roaming\webssearches, Quarantined, [2c22f2cd90fa80b62142f3d5a85b857b], 
    PUP.Optional.WebsSearches.A, C:\Users\STANIL\AppData\Roaming\webssearches\log, Quarantined, [2c22f2cd90fa80b62142f3d5a85b857b], 
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [61ed308fd0bae84e2383fdf7709332ce], 
     
    Files: 4
    Backdoor.Bot.ED, C:\Users\STANIL\AppData\Roaming\Identities\msdn.exe, Quarantined, [e668942bccbe55e161ff2939966b4db3], 
    PUP.Optional.OpenCandy, C:\Users\STANIL\AppData\Roaming\OpenCandy\C7C7299392314C22A12850BCDE853E3C\TuneUpUtilities2014WORLDW1D_en-US.exe, Quarantined, [f5597e41a9e1fe388b1d843ed62df30d], 
    PUP.Optional.WebsSearches.A, C:\Users\STANIL\AppData\Roaming\webssearches\UninstallManager.exe, Quarantined, [2c22f2cd90fa80b62142f3d5a85b857b], 
    PUP.Optional.WebsSearches.A, C:\Users\STANIL\AppData\Roaming\webssearches\log\UninstallManager_2015-01-24[15-06-07-802].log, Quarantined, [2c22f2cd90fa80b62142f3d5a85b857b], 
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)

    Fixlog.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    stanilm    1

    JRT.txt :

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.1.9 (06.27.2015:2)
    OS: Windows 7 Ultimate x86
    Ran by STANIL on бкЎ 27.06.2015 Ј. at 21:40:39,70
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Tasks
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
    Failed to delete: [Folder] C:\ProgramData\tuneup software
    Successfully deleted: [Folder] C:\ProgramData\apn
    Successfully deleted: [Folder] C:\Users\STANIL\AppData\Roaming\tuneup software
    Successfully deleted: [Folder] C:\Users\STANIL\local settings\application data\tuneup software
     
     
     
    ~~~ Chrome
     
     
    [C:\Users\STANIL\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
     
    [C:\Users\STANIL\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
     
    [C:\Users\STANIL\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
     
    [C:\Users\STANIL\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on бкЎ 27.06.2015 Ј. at 21:41:57,78
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    AdwCleaner[s0].txt):
    # AdwCleaner v4.207 - Logfile created 27/06/2015 at 21:44:48
    # Updated 21/06/2015 by Xplode
    # Database : 2015-06-23.1 [server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x86)
    # Username : STANIL - STANIL-PC
    # Running from : C:\Users\STANIL\Desktop\adwcleaner_4.207.exe
    # Option : Cleaning
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
     
    ***** [ Scheduled tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
    Shortcut Disinfected : C:\Users\Public\Desktop\Assassin's Creed IV - Black Flag.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed IV - Black Flag\Assassin's Creed IV - Black Flag.lnk
    Shortcut Disinfected : C:\Users\STANIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    Shortcut Disinfected : C:\Users\STANIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Shortcut Disinfected : C:\Users\STANIL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\hdcode
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-homes.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta-homes.com
     
    ***** [ Web browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17728
     
     
    -\\ Google Chrome v43.0.2357.130
     
    [C:\Users\STANIL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
     
    *************************
     
    AdwCleaner[R0].txt - [1821 bytes] - [27/06/2015 21:44:02]
    AdwCleaner[s0].txt - [1771 bytes] - [27/06/2015 21:44:48]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1830  bytes] ##########
     
    ComboFix  (log):
    ComboFix 15-06-27.01 - STANIL 06.2015 г.  21:50:49.1.4 - x86
    Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.3574.2514 [GMT 3:00]
    Running from: c:\users\STANIL\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Local Settings\Temp
    c:\programdata\Local Settings\Temp\msqzzamb.com
    .
    .
    (((((((((((((((((((((((((   Files Created from 2015-05-27 to 2015-06-27  )))))))))))))))))))))))))))))))
    .
    .
    2015-06-27 18:54 . 2015-06-27 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-06-27 18:43 . 2015-06-27 18:44 -------- d-----w- C:\AdwCleaner
    2015-06-27 18:40 . 2015-06-27 18:40 -------- d-----w- C:\RegBackup
    2015-06-26 17:47 . 2015-06-27 18:45 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-06-26 17:46 . 2015-06-27 11:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-06-26 17:46 . 2015-06-26 17:46 -------- d-----w- c:\programdata\Malwarebytes
    2015-06-26 17:46 . 2015-06-18 05:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-06-26 17:46 . 2015-06-18 05:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-06-26 17:46 . 2015-06-18 05:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-06-24 18:29 . 2015-06-26 17:43 -------- d-----w- C:\FRST
    2015-06-10 04:48 . 2015-06-10 04:53 -------- d-----w- c:\users\STANIL\AppData\Local\Microsoft Games
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-06-24 12:15 . 2014-11-01 21:49 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-06-24 12:15 . 2014-11-01 21:49 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-06-02 28785792]
    "GomTray"="c:\program files\GRETECH\GOMTray\GomTray.exe" [2013-07-04 2384472]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 1690224]
    "NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-10-04 2462536]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
    "ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-10-04 2197680]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-10-27 280576]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer8"=wdmaud.drv
    .
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-01-31 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-10-26 218688]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-04 915784]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-04 1795912]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-04 18044232]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-16 410768]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
    S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
    S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
    S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-04 19272]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-09-04 32928]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-28 327784]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-04 1143920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-06-24 18:24 990024 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-01 12:15]
    .

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    Това не е целият лог файл от ComboFix. Моля, уверете се, че сте го копирали целият, преди да го публикувате тук.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    stanilm    1
    Моля, за извинение.
     
    ComboFix 15-06-27.01 - STANIL 06.2015 г.  21:50:49.1.4 - x86
    Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.3574.2514 [GMT 3:00]
    Running from: c:\users\STANIL\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Local Settings\Temp
    c:\programdata\Local Settings\Temp\msqzzamb.com
    .
    .
    (((((((((((((((((((((((((   Files Created from 2015-05-27 to 2015-06-27  )))))))))))))))))))))))))))))))
    .
    .
    2015-06-27 18:54 . 2015-06-27 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-06-27 18:43 . 2015-06-27 18:44 -------- d-----w- C:\AdwCleaner
    2015-06-27 18:40 . 2015-06-27 18:40 -------- d-----w- C:\RegBackup
    2015-06-26 17:47 . 2015-06-27 18:45 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-06-26 17:46 . 2015-06-27 11:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-06-26 17:46 . 2015-06-26 17:46 -------- d-----w- c:\programdata\Malwarebytes
    2015-06-26 17:46 . 2015-06-18 05:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-06-26 17:46 . 2015-06-18 05:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-06-26 17:46 . 2015-06-18 05:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-06-24 18:29 . 2015-06-26 17:43 -------- d-----w- C:\FRST
    2015-06-10 04:48 . 2015-06-10 04:53 -------- d-----w- c:\users\STANIL\AppData\Local\Microsoft Games
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-06-24 12:15 . 2014-11-01 21:49 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-06-24 12:15 . 2014-11-01 21:49 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-06-02 28785792]
    "GomTray"="c:\program files\GRETECH\GOMTray\GomTray.exe" [2013-07-04 2384472]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 1690224]
    "NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-10-04 2462536]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
    "ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-10-04 2197680]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-10-27 280576]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer8"=wdmaud.drv
    .
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-01-31 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-10-26 218688]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-04 915784]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-04 1795912]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-04 18044232]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-16 410768]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
    S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
    S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
    S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-04 19272]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-09-04 32928]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-28 327784]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-04 1143920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-06-24 18:24 990024 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-01 12:15]
    .
    2015-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2015-06-24 18:24]
    .
    2015-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2015-06-24 18:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:Tabs
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{B8BFED57-45CB-4B04-B37E-49C18C7006C8}: NameServer = 8.8.8.8,8.8.4.4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-KMPConnect - c:\program files\KMPConnect\kair_view.exe
    HKLM-Run-PowerDVD13Agent - c:\program files\CyberLink\PowerDVD13\PowerDVD13Agent.exe
    AddRemove-AC3Filter_is1 - c:\program files\AC3Filter\unins000.exe
    AddRemove-InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
    AddRemove-SendToKindle - c:\program files\Amazon\SendToKindle\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-06-27  21:55:54
    ComboFix-quarantined-files.txt  2015-06-27 18:55
    .
    Pre-Run: 20 821 086 208 bytes free
    Post-Run: 20 720 631 808 bytes free
    .
    - - End Of File - - 36EE0D1B85D63034392E8B0171C57822
    A36C5E4F47E84449FF07ED3517B43A31

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    • Моля изтеглете и стартирайте изпълнимия файл от линка отдолу:

      ESET OnlineScan

    • Сложете отметката предesetAcceptTerms.png
    • Натиснете бутона esetStart.png.
    • Сложете отметката пред Enable detection of potentially unwanted applications.
    • Сега кликнете на Advanced Settings и се уверете, че опцията Remove found threats не е маркирана, а следните са маркирани:
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
      • Изберете сега бутона Change и изберете само Operating memory и дял C:\
    fhSji42.png
    • Натиснете бутона Start.
    • ESET ще започне да сваля и инсталира актуализации за вирусните дефиниции и след това ще започне да сканира компютъра. Бъдете търпеливи, защото процеса е бавен и може да отнеме доста време.
    • След като проверката приключи натиснете бутонаesetListThreats.png
    • Сега натиснете бутона esetExport.png, и запазете файла на десктопа с име по избор като например (ESETScan.txt). Копирайте резултата в следващия си коментар.
    • Натиснете бутона esetBack.png и след това натиснете бутона esetFinish.png за да затворите приложението.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    stanilm    1
    C:\FRST\Quarantine\C\Program Files\MiuiTab\BrowerWatchCH.dll Win32/ELEX.BM potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\BrowerWatchFF.dll Win32/ELEX.BM potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\BrowserAction.dll a variant of Win32/ELEX.DH potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\CmdShell.exe a variant of Win32/ELEX.CY potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\ffsearch_toolbar!1.0.0.1031.xpi Win32/Toolbar.TNT2.I potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\HPNotify.exe a variant of Win32/ELEX.DK potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\IeWatchDog.dll Win32/ELEX.BM potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\ProtectService.exe a variant of Win32/ELEX.EE potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\SupTab.dll a variant of Win32/Thinknice.B potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\everything.dll a variant of Win32/ELEX.DJ potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\helper.dll a variant of Win32/ELEX.DJ potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\Patch.dll a variant of Win32/ELEX.DJ potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\ServiceEverything.exe a variant of Win32/ELEX.DJ potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\SFKEX.exe a variant of Win32/ELEX.DJ potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\SFKEX64.exe a variant of Win64/ELEX.A potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Local\Temp\utt25C4.tmp.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
    C:\Users\STANIL\AppData\Local\Viber\Helper.dll Win32/Toolbar.SearchSuite.W potentially unwanted application
    C:\Users\STANIL\AppData\Local\Viber\Uninstall.exe a variant of Win32/Toolbar.SearchSuite.W.gen potentially unwanted application
    C:\Users\STANIL\AppData\Roaming\uTorrent\updates\3.4.2_35141.exe a variant of Win32/OpenCandy.C potentially unsafe application
    C:\Users\STANIL\Desktop\ViberSetup.exe Win32/Toolbar.SearchSuite.W potentially unwanted application
    C:\Users\STANIL\Downloads\GOMPLAYERENSETUP.EXE a variant of Win32/OpenCandy.C potentially unsafe application

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    Чудесно!

    Моля, повторете сканирането, но този път изберете Remove found threats.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    stanilm    1
    C:\FRST\Quarantine\C\Program Files\MiuiTab\BrowerWatchCH.dll Win32/ELEX.BM potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\BrowerWatchFF.dll Win32/ELEX.BM potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\BrowserAction.dll a variant of Win32/ELEX.DH potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\CmdShell.exe a variant of Win32/ELEX.CY potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\ffsearch_toolbar!1.0.0.1031.xpi Win32/Toolbar.TNT2.I potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\HPNotify.exe a variant of Win32/ELEX.DK potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\IeWatchDog.dll Win32/ELEX.BM potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\ProtectService.exe a variant of Win32/ELEX.EE potentially unwanted application
    C:\FRST\Quarantine\C\Program Files\MiuiTab\SupTab.dll a variant of Win32/Thinknice.B potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\everything.dll a variant of Win32/ELEX.DJ potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\helper.dll a variant of Win32/ELEX.DJ potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\Patch.dll a variant of Win32/ELEX.DJ potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\ServiceEverything.exe a variant of Win32/ELEX.DJ potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\SFKEX.exe a variant of Win32/ELEX.DJ potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\SFKEX64.exe a variant of Win64/ELEX.A potentially unwanted application
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Local\Temp\utt25C4.tmp.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
    C:\Users\STANIL\AppData\Local\Viber\Helper.dll Win32/Toolbar.SearchSuite.W potentially unwanted application
    C:\Users\STANIL\AppData\Local\Viber\Uninstall.exe a variant of Win32/Toolbar.SearchSuite.W.gen potentially unwanted application
    C:\Users\STANIL\AppData\Roaming\uTorrent\updates\3.4.2_35141.exe a variant of Win32/OpenCandy.C potentially unsafe application

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    Сигурни ли сте, че маркирахте опцията за която ви писах?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    stanilm    1

    Здравейте,

    Мисля ,че сега всичко е ОК.Обърнах специално внимание на отметките.

    Резултат по-долу, е след поставяне на отметки пред всички горе описани тагове.Включително и  Remove found threats.

    Сега мисля , че има разлика.

     

    C:\FRST\Quarantine\C\Program Files\MiuiTab\BrowerWatchCH.dll Win32/ELEX.BM potentially unwanted application cleaned by deleting - quarantined

    C:\FRST\Quarantine\C\Program Files\MiuiTab\BrowerWatchFF.dll Win32/ELEX.BM potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Program Files\MiuiTab\BrowserAction.dll a variant of Win32/ELEX.DH potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Program Files\MiuiTab\CmdShell.exe a variant of Win32/ELEX.CY potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Program Files\MiuiTab\ffsearch_toolbar!1.0.0.1031.xpi Win32/Toolbar.TNT2.I potentially unwanted application deleted - quarantined
    C:\FRST\Quarantine\C\Program Files\MiuiTab\HPNotify.exe a variant of Win32/ELEX.DK potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Program Files\MiuiTab\IeWatchDog.dll Win32/ELEX.BM potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Program Files\MiuiTab\ProtectService.exe a variant of Win32/ELEX.EE potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Program Files\MiuiTab\SupTab.dll a variant of Win32/Thinknice.B potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\everything.dll a variant of Win32/ELEX.DJ potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\helper.dll a variant of Win32/ELEX.DJ potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\Patch.dll a variant of Win32/ELEX.DJ potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\ServiceEverything.exe a variant of Win32/ELEX.DJ potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\SFKEX.exe a variant of Win32/ELEX.DJ potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Everything\SFKEX64.exe a variant of Win64/ELEX.A potentially unwanted application cleaned by deleting - quarantined
    C:\FRST\Quarantine\C\Users\STANIL\AppData\Local\Temp\utt25C4.tmp.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application cleaned by deleting - quarantined
    C:\Users\STANIL\AppData\Local\Viber\Helper.dll Win32/Toolbar.SearchSuite.W potentially unwanted application cleaned by deleting - quarantined
    C:\Users\STANIL\AppData\Local\Viber\Uninstall.exe a variant of Win32/Toolbar.SearchSuite.W.gen potentially unwanted application cleaned by deleting - quarantined
    C:\Users\STANIL\AppData\Roaming\uTorrent\updates\3.4.2_35141.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined
    C:\Users\STANIL\Desktop\ViberSetup.exe Win32/Toolbar.SearchSuite.W potentially unwanted application cleaned by deleting - quarantined
    C:\Users\STANIL\Downloads\GOMPLAYERENSETUP.EXE a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Maniac    1327

    Това е чудесно! :)

    Нека изчистим използваните инструменти и сме готови:

    Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run. Инструмента ще се самоизтрие след като приключи своята задача!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    stanilm    1

    Ако това е краят, Благодаря, за пореден път на всички от екипа на kaldata !

     

    # DelFix v1.010 - Logfile created 08/07/2015 at 18:34:22
    # Updated 26/04/2015 by Xplode
    # Username : STANIL - STANIL-PC
    # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
     
    ~ Removing disinfection tools ...
     
    Deleted : C:\Qoobox
    Deleted : C:\FRST
    Deleted : C:\AdwCleaner
    Deleted : C:\RegBackup
    Deleted : C:\Users\STANIL\Desktop\FRST-OlderVersion
    Deleted : C:\ComboFix.txt
    Deleted : C:\Users\STANIL\Desktop\Addition (1).txt
    Deleted : C:\Users\STANIL\Desktop\Addition.txt
    Deleted : C:\Users\STANIL\Desktop\AdwCleaner[s0].txt
    Deleted : C:\Users\STANIL\Desktop\adwcleaner_4.207.exe
    Deleted : C:\Users\STANIL\Desktop\ComboFix.exe
    Deleted : C:\Users\STANIL\Desktop\esetsmartinstaller_enu.exe
    Deleted : C:\Users\STANIL\Desktop\Fixlog.txt
    Deleted : C:\Users\STANIL\Desktop\FRST.exe
    Deleted : C:\Users\STANIL\Desktop\FRST.txt
    Deleted : C:\Users\STANIL\Desktop\JRT.exe
    Deleted : C:\Users\STANIL\Desktop\JRT.txt
    Deleted : C:\Users\STANIL\Desktop\log ESET.txt
    Deleted : C:\Users\STANIL\Desktop\log.txt
    Deleted : C:\Users\STANIL\Desktop\report_2015-01-31_09-31-28.xlsx
    Deleted : C:\Users\STANIL\Desktop\report_2015-01-31_09-31-49.csv
    Deleted : C:\Windows\grep.exe
    Deleted : C:\Windows\PEV.exe
    Deleted : C:\Windows\NIRCMD.exe
    Deleted : C:\Windows\MBR.exe
    Deleted : C:\Windows\SED.exe
    Deleted : C:\Windows\SWREG.exe
    Deleted : C:\Windows\SWSC.exe
    Deleted : C:\Windows\SWXCACLS.exe
    Deleted : C:\Windows\Zip.exe
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
     
    ########## - EOF - ##########

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Подобни теми

      • от v3cko
        Съмнения за вирус/и - курсорът на мишката на моменти прави странни движения без да съм местил мишката , няколко пъти като съм в хром и ми се отваря интернет експлорър без да съм кликал на него
        Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2017
        Ran by BECKO (administrator) on BECKO-PC (25-09-2017 12:22:36)
        Running from C:\Users\BECKO\Downloads
        Loaded Profiles: BECKO (Available Profiles: BECKO)
        Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Български (България)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Lenovo.) C:\Windows\System32\ibmpmsvc.exe
        (Lenovo.) C:\Windows\System32\LPlatSvc.exe
        (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
        (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
        (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
        (Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
        (Intel Corporation) C:\Windows\System32\igfxtray.exe
        (Intel Corporation) C:\Windows\System32\hkcmd.exe
        (Intel Corporation) C:\Windows\System32\igfxpers.exe
        (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Intel Corporation) C:\Windows\System32\igfxext.exe
        (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        () C:\Users\BECKO\AppData\Roaming\8b5a5cb069b1cfec65bffb9aafc26fad.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
        HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [93032 2009-11-24] (Lenovo Group Limited)
        HKU\S-1-5-21-773789430-497128755-430906800-1000\...\Run: [Win32Svc] => C:\Users\BECKO\AppData\Roaming\8b5a5cb069b1cfec65bffb9aafc26fad.exe [280064 2017-09-02] ()
        HKU\S-1-5-21-773789430-497128755-430906800-1000\...\MountPoints2: E - E:\Lenovo_Suite.exe
        HKU\S-1-5-21-773789430-497128755-430906800-1000\...\MountPoints2: {a8400ed0-8faa-11e7-863f-000000f01d00} - E:\Lenovo_Suite.exe
        Startup: C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemSet.exe.lnk [2017-09-22]
        ShortcutTarget: MemSet.exe.lnk -> C:\Windows\MemSave\MemSet.exe ()
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{DAAE74CA-6078-43E6-B668-40201FAFD495}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://www.dskdirect.bg/com/capicom.cab
        FireFox:
        ========
        FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        Chrome: 
        =======
        CHR HomePage: Default -> hxxp://google.bg/
        CHR StartupUrls: Default -> "hxxps://www.google.bg/"
        CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2017-09-25]
        CHR Extension: (Google Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-01]
        CHR Extension: (Google Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-01]
        CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-01]
        CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-01]
        CHR Extension: (Електронни таблици от Google) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-01]
        CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-01]
        CHR Extension: (The Great Suspender) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-09-01]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-01]
        CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-01]
        CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-01]
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
        R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [258104 2016-10-07] (Intel Corporation)
        R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [694352 2017-02-20] (Lenovo.)
        S3 VSStandardCollectorService150; C:\Program Files\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [100984 2017-08-17] (Microsoft Corporation)
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation)
        S3 monectdevices; C:\Windows\System32\DRIVERS\monectdevices.sys [14104 2013-12-03] ()
        S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [44496 2016-09-02] (Intel Corporation )
        R3 pimoukbd; C:\Windows\System32\DRIVERS\pimoukbd.sys [32664 2017-09-24] (Christian Gulden)
        R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [23152 2009-11-24] (Lenovo Group Limited)
        R3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [50224 2016-02-03] (Shaul Eizikovich)
        R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [7168 2013-07-21] (Windows (R) Win 7 DDK provider) [File not signed]
        R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
        R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
        R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
        S3 VGPU; System32\drivers\rdvgkmd.sys [X]
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-25 12:22 - 2017-09-25 12:23 - 000010653 _____ C:\Users\BECKO\Downloads\FRST.txt
        2017-09-25 12:20 - 2017-09-25 12:22 - 000000000 ____D C:\FRST
        2017-09-25 12:19 - 2017-09-25 12:20 - 001796096 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe
        2017-09-25 09:40 - 2017-09-25 09:41 - 055555872 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\MouseKeyboardCenter_32bit_ENG_3.0.337.exe
        2017-09-25 09:30 - 2017-09-25 09:52 - 000000000 ____D C:\Program Files\Common Files\Logitech
        2017-09-25 09:30 - 2017-09-25 09:30 - 000000000 ____D C:\Program Files\Logitech
        2017-09-25 09:28 - 2017-09-25 09:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Logitech
        2017-09-25 09:28 - 2017-09-25 09:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Logishrd
        2017-09-25 09:27 - 2017-09-25 09:28 - 015087456 _____ (Logitech Inc.) C:\Users\BECKO\Downloads\lgs510.exe
        2017-09-25 08:15 - 2017-09-25 08:15 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\NuGet
        2017-09-25 08:15 - 2017-09-25 08:15 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp
        2017-09-24 19:11 - 2017-09-24 19:11 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_pimoukbd_01009.Wdf
        2017-09-24 19:09 - 2017-09-24 19:09 - 000000000 ____D C:\Users\BECKO\AppData\Local\IsolatedStorage
        2017-09-24 19:08 - 2017-09-24 19:37 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pluralinput
        2017-09-24 19:08 - 2017-09-24 19:37 - 000000000 ____D C:\Users\BECKO\AppData\Local\Pluralinput
        2017-09-24 19:08 - 2017-09-24 19:08 - 000032664 _____ (Christian Gulden) C:\Windows\system32\Drivers\pimoukbd.sys
        2017-09-24 19:07 - 2017-09-24 19:08 - 006547544 _____ (Pluralinput) C:\Users\BECKO\Downloads\PluralinputSetup.exe
        2017-09-24 18:53 - 2017-09-24 18:54 - 000000395 _____ C:\Users\BECKO\Downloads\316DAvitescfg.rar
        2017-09-24 13:16 - 2017-09-24 13:18 - 000051056 _____ C:\Users\BECKO\Downloads\NotepadMemoryWriter.zip
        2017-09-24 12:45 - 2017-09-24 12:45 - 000000000 ____D C:\Users\BECKO\source
        2017-09-24 12:44 - 2017-09-24 12:44 - 000000000 ____D C:\Users\BECKO\AppData\Local\.IdentityService
        2017-09-24 12:40 - 2017-09-24 12:56 - 000000000 ____D C:\Users\BECKO\Documents\Visual Studio 2017
        2017-09-24 12:39 - 2017-09-24 12:39 - 000000000 ____D C:\Program Files\Entity Framework Tools
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\3082
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\2052
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1055
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1049
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1046
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1045
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1042
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1041
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1040
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1036
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1033
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1031
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1029
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1028
        2017-09-24 12:34 - 2017-09-24 12:34 - 000000000 ____D C:\Program Files\NuGet
        2017-09-24 12:25 - 2017-09-24 12:25 - 000000000 ____D C:\Program Files\Microsoft SQL Server
        2017-09-24 12:21 - 2017-09-24 12:21 - 000000000 ____D C:\Program Files\Common Files\Designer
        2017-09-24 12:20 - 2017-09-24 12:36 - 000000000 ____D C:\Program Files\Microsoft SDKs
        2017-09-24 12:20 - 2017-09-24 12:24 - 000000000 ____D C:\Program Files\Windows Kits
        2017-09-24 12:20 - 2017-09-24 12:20 - 000004291 _____ C:\Users\BECKO\Downloads\ProcessMemoryReader.cs
        2017-09-24 12:18 - 2017-09-24 12:18 - 000001665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
        2017-09-24 12:18 - 2017-09-24 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
        2017-09-24 12:07 - 2017-09-24 12:07 - 000001421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
        2017-09-24 11:58 - 2017-09-24 11:58 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
        2017-09-24 11:55 - 2017-09-24 11:55 - 000000000 ____D C:\Users\BECKO\AppData\Local\ServiceHub
        2017-09-24 11:54 - 2017-09-24 12:59 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Visual Studio Setup
        2017-09-24 11:54 - 2017-09-24 12:35 - 000000000 ____D C:\Program Files\Microsoft Visual Studio
        2017-09-24 11:54 - 2017-09-24 11:56 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\vstelemetry
        2017-09-24 11:50 - 2017-09-24 11:51 - 001071352 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\vs_Community.exe
        2017-09-23 18:21 - 2017-09-23 18:21 - 000001588 _____ C:\Users\BECKO\Downloads\setups at.zip
        2017-09-23 17:40 - 2017-09-23 17:40 - 000001057 _____ C:\Users\BECKO\Desktop\LFSShifterV6.0 test - Пряк път.lnk
        2017-09-23 14:07 - 2017-09-23 14:10 - 000000000 ____D C:\LFS Shifter
        2017-09-23 14:01 - 2017-09-23 14:01 - 000867295 _____ C:\Users\BECKO\Downloads\LFS Shifter v6 test.zip
        2017-09-23 13:19 - 2017-09-23 13:19 - 000032166 _____ C:\Users\BECKO\Downloads\XRG_default.zip
        2017-09-23 13:00 - 2017-09-23 13:00 - 000009477 _____ C:\Users\BECKO\Downloads\Mufflord's Setup Pack.RAR
        2017-09-23 13:00 - 2016-10-09 14:24 - 000000132 _____ C:\Users\BECKO\Downloads\XRT_Muff Allround 5.set
        2017-09-23 13:00 - 2016-10-09 13:44 - 000000132 _____ C:\Users\BECKO\Downloads\XFR_Allround.set
        2017-09-23 13:00 - 2016-08-25 18:11 - 000000132 _____ C:\Users\BECKO\Downloads\XRT_Muff old update.set
        2017-09-23 12:34 - 2017-09-23 12:35 - 000000132 _____ C:\Users\BECKO\Downloads\XFG_205 Rallye.set
        2017-09-23 09:13 - 2017-09-23 09:19 - 001669949 _____ C:\Users\BECKO\Downloads\crsctrl.zip
        2017-09-23 09:02 - 2017-09-23 09:03 - 000000000 ____D C:\Users\BECKO\Downloads\setup
        2017-09-23 09:02 - 2017-09-23 09:02 - 000019711 _____ C:\Users\BECKO\Downloads\Real car setups.zip
        2017-09-23 08:25 - 2017-09-23 08:25 - 002996135 _____ C:\Users\BECKO\Downloads\WhelenEpsilonWhelenGamma2.rar
        2017-09-22 19:17 - 2017-09-24 19:09 - 000000000 ____D C:\Users\BECKO\AppData\Local\SquirrelTemp
        2017-09-22 19:17 - 2017-09-22 20:34 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\discord
        2017-09-22 19:17 - 2017-09-22 19:17 - 000002156 _____ C:\Users\BECKO\Desktop\Discord.lnk
        2017-09-22 19:17 - 2017-09-22 19:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
        2017-09-22 19:17 - 2017-09-22 19:17 - 000000000 ____D C:\Users\BECKO\AppData\Local\Discord
        2017-09-22 19:15 - 2017-09-22 19:16 - 054332920 _____ (Discord Inc.) C:\Users\BECKO\Downloads\DiscordSetup.exe
        2017-09-22 09:13 - 2017-09-22 09:13 - 000000000 ____D C:\Windows\MemSave
        2017-09-22 09:02 - 2017-09-22 09:13 - 000000000 ____D C:\Users\BECKO\Downloads\memset
        2017-09-22 09:01 - 2017-09-22 09:01 - 000409147 _____ C:\Users\BECKO\Downloads\MemSet41.zip
        2017-09-22 08:59 - 2017-09-22 08:59 - 000445630 _____ C:\Users\BECKO\Downloads\CPU-Tweaker.zip
        2017-09-22 08:47 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
        2017-09-22 08:47 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
        2017-09-22 08:47 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
        2017-09-22 08:46 - 2017-09-22 08:46 - 002353288 _____ C:\Users\BECKO\Downloads\d3dx43.exe
        2017-09-22 08:42 - 2017-09-22 08:42 - 004665640 _____ (techPowerUp (www.techpowerup.com)) C:\Users\BECKO\Downloads\GPU-Z.2.4.0.exe
        2017-09-21 19:00 - 2017-09-21 19:00 - 000000824 _____ C:\Users\BECKO\Desktop\Mary - Пряк път.lnk
        2017-09-21 17:50 - 2017-09-21 17:50 - 000095196 _____ C:\Users\BECKO\Downloads\Mary.zip
        2017-09-21 12:17 - 2012-03-09 19:10 - 000699192 _____ C:\Users\BECKO\Documents\testalloy4.dds
        2017-09-21 12:14 - 2017-09-21 12:18 - 001525785 _____ C:\Users\BECKO\Downloads\20150706193019.rar
        2017-09-21 12:09 - 2017-09-21 12:09 - 000008866 _____ C:\Users\BECKO\Downloads\rims.rar
        2017-09-21 12:07 - 2017-09-21 12:07 - 003503545 _____ C:\Users\BECKO\Downloads\Styling 7.zip
        2017-09-21 08:57 - 2017-09-21 09:00 - 072828153 _____ C:\Users\BECKO\Downloads\TC Stock Car Skins Thread Pack.rar
        2017-09-20 15:54 - 2017-09-20 15:54 - 000000000 ____D C:\Users\BECKO\My Drivers
        2017-09-20 15:54 - 2017-09-20 15:54 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Innovative Solutions
        2017-09-20 15:54 - 2017-09-20 15:54 - 000000000 ____D C:\Users\BECKO\AppData\Local\Innovative Solutions
        2017-09-20 15:54 - 2017-09-20 15:54 - 000000000 ____D C:\My Drivers
        2017-09-20 15:53 - 2017-09-20 15:53 - 003108432 _____ (Innovative Solutions) C:\Users\BECKO\Downloads\Intel-R-ICH7-M-Family-Serial-ATA-Storage-Controller---27C4-Intel-Intel-32-bits.exe
        2017-09-20 15:33 - 2017-09-20 15:55 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\DriverAgentPlus
        2017-09-20 14:59 - 2017-09-20 15:02 - 001724680 _____ ( ) C:\Users\BECKO\Downloads\cpu-z_1.80-en.exe
        2017-09-20 14:38 - 2017-09-20 14:39 - 000329753 _____ C:\Users\BECKO\Downloads\ClockGen.zip
        2017-09-20 11:30 - 2017-09-20 11:30 - 007320888 _____ C:\Users\BECKO\Downloads\200000239_93d3ef34bb13b42983099062e5adff03602d7e8b.cab
        2017-09-20 11:26 - 2017-09-20 11:47 - 000000000 ____D C:\Program Files\DriverToolkit
        2017-09-20 11:26 - 2017-09-20 11:26 - 000000000 ____D C:\Users\BECKO\AppData\Local\DriverToolkit
        2017-09-20 10:14 - 2017-09-20 10:14 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIOS FINDER.LNK
        2017-09-20 10:14 - 2000-05-22 00:00 - 000608448 _____ (Microsoft Corporation) C:\Windows\system32\COMCTL32.OCX
        2017-09-20 10:14 - 2000-05-22 00:00 - 000115920 _____ (Microsoft Corporation) C:\Windows\system32\MSINET.OCX
        2017-09-20 10:14 - 1999-08-03 20:33 - 000205824 _____ (xyz) C:\Windows\system32\CRESIZE5.OCX
        2017-09-20 10:14 - 1997-12-16 04:00 - 000143872 _____ (Info-ZIP) C:\Windows\system32\unzip32.dll
        2017-09-20 10:14 - 1997-06-23 19:06 - 000123664 _____ (Microsoft Corporation) C:\Windows\system32\MSJInt35.dll
        2017-09-20 10:14 - 1997-06-23 19:06 - 000024848 _____ (Microsoft Corporation) C:\Windows\system32\MSJtEr35.dll
        2017-09-20 10:14 - 1995-07-25 23:00 - 000089600 _____ (Microsoft Corporation) C:\Windows\system32\GRID32.OCX
        2017-09-20 10:11 - 1998-10-15 12:04 - 001355776 _____ (Microsoft Corporation) C:\Windows\system32\MSVBVM50.dll
        2017-09-20 10:11 - 1997-01-16 01:00 - 000071680 _____ (Microsoft Corporation) C:\Windows\ST5UNST.EXE
        2017-09-20 10:11 - 1997-01-16 01:00 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\VB5StKit.dll
        2017-09-20 10:03 - 2017-09-20 10:03 - 003646301 _____ C:\Users\BECKO\Downloads\biosfind.zip
        2017-09-19 14:56 - 2017-09-19 14:56 - 000243989 _____ C:\Users\BECKO\Downloads\bmw-rins.rar
        2017-09-19 10:45 - 2010-06-17 12:02 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
        2017-09-19 10:44 - 2017-09-19 10:44 - 002865688 _____ (Intel Corporation) C:\Users\BECKO\Downloads\INF_allOS_9.1.2.1008_PV.exe
        2017-09-19 10:31 - 2017-09-19 10:32 - 015647865 _____ C:\Users\BECKO\Downloads\UBU_v1_69_5.rar
        2017-09-19 10:20 - 2017-09-19 10:20 - 000000000 ____D C:\Program Files\VulkanRT
        2017-09-19 10:12 - 2017-09-19 10:15 - 257123639 _____ C:\Users\BECKO\Downloads\win64_154519.4678.zip
        2017-09-19 09:43 - 2017-09-19 09:46 - 255391032 _____ (Intel Corporation) C:\Users\BECKO\Downloads\win64_154519.4678.exe
        2017-09-19 09:39 - 2017-09-19 09:39 - 001127996 _____ C:\Users\BECKO\Downloads\Intel_Integrator_Toolkit_6.1.6.zip
        2017-09-19 09:34 - 2017-09-19 09:34 - 000099434 _____ C:\Users\BECKO\Downloads\KeplerBiosTweaker_1.27.zip
        2017-09-18 18:21 - 2017-09-18 18:22 - 000000000 ___HD C:\Windows\AxInstSV
        2017-09-18 18:14 - 2017-09-18 18:14 - 000183559 _____ C:\Users\BECKO\Downloads\capicom.cab
        2017-09-18 18:14 - 2017-09-18 18:14 - 000011073 _____ C:\Users\BECKO\Downloads\xenroll.cab
        2017-09-17 13:57 - 2017-09-17 13:57 - 001015296 _____ C:\Users\BECKO\Downloads\LAGG SWITCH_[unknowncheats.me]_.exe
        2017-09-17 13:45 - 2017-09-17 13:46 - 005251125 _____ C:\Users\BECKO\Downloads\pics.zip
        2017-09-17 11:35 - 2017-09-17 11:35 - 001546533 _____ C:\Users\BECKO\Downloads\XRT_skins.zip
        2017-09-17 10:28 - 2017-09-17 10:32 - 040811322 _____ C:\Users\BECKO\Downloads\Skins.zip
        2017-09-16 16:27 - 2017-09-16 16:27 - 000406668 _____ C:\Users\BECKO\Downloads\XRG_IDS_FAT_FLAME.pdn
        2017-09-15 17:54 - 2017-09-15 17:54 - 003889529 _____ C:\Users\BECKO\Downloads\ZenKiT By tadydrift.rar
        2017-09-15 17:53 - 2017-09-15 17:53 - 005464453 _____ C:\Users\BECKO\Downloads\Team Gripenemy pics.rar
        2017-09-15 17:53 - 2017-09-15 17:53 - 000275230 _____ C:\Users\BECKO\Downloads\Team GripEnemy.rar
        2017-09-15 17:52 - 2017-09-15 17:52 - 000246991 _____ C:\Users\BECKO\Downloads\RFactory EVOLUTION.zip
        2017-09-15 17:20 - 2017-09-15 17:20 - 004713929 _____ C:\Users\BECKO\Downloads\RFactory D1 2010 SkinPack.rar
        2017-09-15 17:10 - 2017-09-15 17:11 - 013464202 _____ C:\Users\BECKO\Downloads\RF XRT-FC kit By TaDy(update).rar
        2017-09-15 17:06 - 2017-09-15 17:06 - 000455977 _____ C:\Users\BECKO\Downloads\MEGA-texture-PACK.rar
        2017-09-15 17:04 - 2017-09-15 17:04 - 002635166 _____ C:\Users\BECKO\Downloads\XRT_Anilator_Kit_update.zip
        2017-09-15 17:03 - 2017-09-15 17:04 - 000574966 _____ C:\Users\BECKO\Downloads\ProStreet Pack 2.rar
        2017-09-12 20:42 - 2017-09-12 20:42 - 000470016 _____ C:\Users\BECKO\Downloads\Tutorial 5.5.exe
        2017-09-12 18:01 - 2017-09-12 18:01 - 000000000 ____D C:\Program Files\Microsoft Synchronization Services
        2017-09-12 18:01 - 2017-09-12 18:01 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
        2017-09-12 17:58 - 2017-09-12 17:58 - 039888608 _____ (Intel Corporation) C:\Users\BECKO\Downloads\Intel Extreme Tuning Utility (Intel XTU)-Version 6.3.0.56.exe
        2017-09-12 17:12 - 2017-09-12 17:15 - 000000000 ____D C:\ProgramData\Intel
        2017-09-12 17:10 - 2017-09-12 17:11 - 010461728 _____ (Intel) C:\Users\BECKO\Downloads\Intel Driver Update Utility Installer.exe
        2017-09-10 17:34 - 2017-09-10 17:34 - 000001314 _____ C:\Users\BECKO\Downloads\Trainer LUA.zip
        2017-09-10 17:32 - 2017-09-10 17:32 - 000000000 ____D C:\Users\BECKO\Downloads\LUA
        2017-09-10 17:31 - 2017-09-10 17:31 - 000001715 _____ C:\Users\BECKO\Downloads\Trainer LUA (UPDATED).zip
        2017-09-10 11:49 - 2017-09-10 11:50 - 001258570 _____ C:\Users\BECKO\Downloads\xfg_complete_interior.zip
        2017-09-10 08:42 - 2017-09-10 08:42 - 001065704 _____ C:\Users\BECKO\Downloads\XF_Interior1.rar
        2017-09-10 08:37 - 2017-09-10 08:37 - 004499750 _____ C:\Users\BECKO\Downloads\Retextured XRT interior.rar
        2017-09-10 07:57 - 2017-09-10 08:25 - 000935389 _____ C:\Users\BECKO\Downloads\Hub.rar
        2017-09-10 07:57 - 2017-09-10 07:57 - 001921131 _____ C:\Users\BECKO\Downloads\Grip.rar
        2017-09-10 07:38 - 2017-09-10 07:38 - 000864710 _____ C:\Users\BECKO\Downloads\LFS_S1_DECALS.rar
        2017-09-10 07:38 - 2017-09-10 07:38 - 000022769 _____ C:\Users\BECKO\Downloads\MSz_logos.rar
        2017-09-10 07:37 - 2017-09-10 07:37 - 000082377 _____ C:\Users\BECKO\Downloads\SUPER_CF.rar
        2017-09-10 07:36 - 2017-09-10 07:36 - 000414511 _____ C:\Users\BECKO\Downloads\scooppack1.zip
        2017-09-10 07:35 - 2017-09-10 07:35 - 001038380 _____ C:\Users\BECKO\Downloads\RF SKYLINES LIGHTS pack.rar
        2017-09-10 07:34 - 2017-09-10 07:34 - 000458826 _____ C:\Users\BECKO\Downloads\xfrhireslight.zip
        2017-09-09 19:59 - 2017-09-09 19:59 - 000033190 _____ C:\Users\BECKO\Downloads\Derby-decals-firebird-big.jpeg
        2017-09-09 14:43 - 2017-09-09 14:43 - 000276289 _____ C:\Users\BECKO\Downloads\TCLights2.zip
        2017-09-09 07:17 - 2017-09-09 07:17 - 000736920 _____ C:\Users\BECKO\Downloads\XRG_Cruise151.pdn
        2017-09-09 06:34 - 2017-09-09 06:34 - 000000000 ____D C:\Users\BECKO\.thumbnails
        2017-09-09 06:33 - 2017-09-09 06:34 - 000000000 ____D C:\Users\BECKO\Downloads\Blender
        2017-09-09 06:29 - 2017-09-09 06:30 - 016372630 _____ C:\Users\BECKO\Downloads\LFS_cars_ready_to_render_BLENDER.rar
        2017-09-09 06:28 - 2017-09-09 06:30 - 104647991 _____ C:\Users\BECKO\Downloads\blender-2.79-rc2-windows32.zip
        2017-09-07 21:15 - 2017-09-07 21:15 - 000902749 _____ C:\Users\BECKO\Downloads\ds-autos_lfs_maxpax-xfr.exe
        2017-09-07 21:15 - 2017-09-07 21:15 - 000000000 ____D C:\Users\BECKO\Downloads\scenes
        2017-09-07 21:15 - 2017-09-07 21:15 - 000000000 ____D C:\Users\BECKO\Downloads\images
        2017-09-07 19:09 - 2017-09-07 19:09 - 000544670 _____ C:\Users\BECKO\Downloads\XFG_interior.zip
        2017-09-07 19:09 - 2017-09-07 19:09 - 000116050 _____ C:\Users\BECKO\Downloads\XRG_interior.zip
        2017-09-07 19:06 - 2017-09-07 19:06 - 000515238 _____ C:\Users\BECKO\Downloads\XFG. XFR leather interior.rar
        2017-09-07 19:01 - 2017-09-07 19:01 - 000325761 _____ C:\Users\BECKO\Downloads\XR_LED_lights_by_Kancel.rar
        2017-09-07 18:11 - 2017-09-25 09:52 - 000000000 ____D C:\Windows\system32\appmgmt
        2017-09-07 05:05 - 2017-09-07 05:05 - 000933207 _____ C:\Users\BECKO\Downloads\Ford_Sierra_Cosworth_Texturepack.rar
        2017-09-06 20:45 - 2017-09-06 20:45 - 000013841 _____ C:\Users\BECKO\Downloads\shaders-20170906T174421Z-001.zip
        2017-09-06 20:43 - 2017-09-06 20:43 - 016777344 _____ C:\Users\BECKO\Downloads\s_window_ALP.dds
        2017-09-06 17:57 - 2017-09-06 17:58 - 001305367 _____ C:\Users\BECKO\Downloads\Autoruns.zip
        2017-09-05 18:48 - 2017-09-05 18:48 - 000000000 ____D C:\ProgramData\Force Dynamics
        2017-09-05 18:45 - 2017-09-19 10:45 - 000000000 ____D C:\Program Files\Intel
        2017-09-05 18:45 - 2016-10-08 02:29 - 000002291 ____N C:\Windows\system32\SetupBD.din
        2017-09-05 18:41 - 2016-10-08 02:29 - 000370752 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
        2017-09-05 18:24 - 2017-09-05 18:24 - 000014200 _____ C:\Windows\system32\results.xml
        2017-09-05 18:20 - 2017-09-05 18:20 - 000000000 ____D C:\Windows\system32\Lang
        2017-09-05 18:20 - 2009-10-19 15:57 - 001002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
        2017-09-05 18:19 - 2017-09-05 18:19 - 023812912 _____ (Intel Corporation) C:\Users\BECKO\Downloads\win7_1512754.exe
        2017-09-04 19:39 - 2017-09-04 19:46 - 550935208 _____ (Live for Speed) C:\Users\BECKO\Downloads\LFS_S3_6R_setup (1).exe
        2017-09-04 18:54 - 2012-02-11 08:37 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
        2017-09-04 18:52 - 2014-07-09 04:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
        2017-09-04 18:52 - 2014-07-09 04:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
        2017-09-04 18:52 - 2014-07-09 04:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
        2017-09-04 18:52 - 2014-07-09 04:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
        2017-09-04 18:52 - 2014-07-09 04:29 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
        2017-09-04 18:49 - 2017-03-07 18:06 - 002746880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
        2017-09-04 18:49 - 2017-03-07 18:06 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
        2017-09-04 18:49 - 2017-03-07 18:06 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
        2017-09-04 18:49 - 2016-08-16 23:27 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
        2017-09-04 18:49 - 2016-08-16 23:27 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
        2017-09-04 18:49 - 2016-08-16 23:26 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
        2017-09-04 18:49 - 2016-08-16 23:26 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
        2017-09-04 18:49 - 2016-08-16 23:26 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
        2017-09-04 18:49 - 2016-08-16 23:26 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
        2017-09-04 18:49 - 2016-08-16 23:26 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
        2017-09-04 03:21 - 2015-07-16 22:12 - 006131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
        2017-09-04 03:21 - 2015-07-16 22:12 - 000856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
        2017-09-04 03:21 - 2015-07-16 22:12 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
        2017-09-04 03:21 - 2015-07-16 18:14 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
        2017-09-04 03:21 - 2014-12-11 20:47 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
        2017-09-03 19:56 - 2017-09-03 19:57 - 000000000 ____D C:\Program Files\vJoy
        2017-09-03 19:56 - 2017-09-03 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vJoy
        2017-09-03 19:43 - 2016-02-03 12:23 - 000050224 _____ (Shaul Eizikovich) C:\Windows\system32\Drivers\vjoy.sys
        2017-09-03 19:42 - 2017-09-03 19:42 - 007126695 _____ C:\Users\BECKO\Downloads\Receiver2017 EditorVersion.rar
        2017-09-03 16:51 - 2017-09-04 20:02 - 000000534 _____ C:\Users\BECKO\Desktop\LFS.lnk
        2017-09-03 16:51 - 2017-09-03 16:51 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed
        2017-09-03 16:41 - 2017-09-25 11:46 - 000000000 ____D C:\LFS
        2017-09-03 16:29 - 2017-01-29 07:43 - 550935208 _____ (Live for Speed) C:\Users\BECKO\Downloads\LFS_S3_6R_setup.exe
        2017-09-03 15:11 - 2017-09-03 15:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsigndfefe19eac837ef9
        2017-09-03 15:08 - 2017-09-03 15:08 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign453dc60071486f6d
        2017-09-03 15:03 - 2017-09-03 15:03 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign9f0a8a46786c1d6c
        2017-09-03 15:03 - 2017-09-03 15:03 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign6074fc35e5b4c48d
        2017-09-03 13:33 - 2017-09-03 13:33 - 000001410 _____ C:\Users\BECKO\Desktop\PaintDotNet - Пряк път.lnk
        2017-09-03 13:32 - 2017-09-03 14:17 - 000000000 ____D C:\Users\BECKO\AppData\Local\paint.net
        2017-09-03 13:24 - 2017-09-03 13:24 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign6b42f544879c7727
        2017-09-03 13:23 - 2017-09-03 13:23 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsignf781ccea0b6f3d93
        2017-09-03 13:23 - 2017-09-03 13:23 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign1e69207d3443abe6
        2017-09-03 12:49 - 2017-09-03 13:21 - 000001498 _____ C:\Users\BECKO\Desktop\Cheat Engine - Пряк път.lnk
        2017-09-03 11:29 - 2017-09-23 13:12 - 000000579 _____ C:\Users\BECKO\Documents\shiftercfg.ini
        2017-09-03 10:13 - 2017-09-03 10:13 - 000119081 _____ C:\Users\BECKO\Downloads\[LCS] Lights.zip
        2017-09-03 08:28 - 2017-09-03 08:28 - 046428288 _____ C:\Users\BECKO\Downloads\Spot Healing Brush.psd
        2017-09-03 08:23 - 2017-09-03 08:23 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign64eab49f8c2e8f70
        2017-09-03 08:07 - 2017-09-03 08:07 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign8451f807890aeee4
        2017-09-03 08:01 - 2017-09-03 08:01 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Adobe
        2017-09-03 07:57 - 2017-09-03 07:57 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign632ee564d36a89a5
        2017-09-03 07:56 - 2017-09-03 07:56 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign09a43f07e233face
        2017-09-03 07:55 - 2017-09-03 07:55 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign8b9b2ea2429d6807
        2017-09-03 07:55 - 2017-09-03 07:55 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign84c5d6b8cab802da
        2017-09-03 07:54 - 2017-09-03 07:54 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
        2017-09-03 07:52 - 2017-09-03 07:52 - 000000000 ____D C:\Users\BECKO\Documents\Adobe
        2017-09-03 07:37 - 2017-09-03 17:21 - 000000000 ___RD C:\Users\BECKO\Creative Cloud Files
        2017-09-03 07:28 - 2017-09-03 07:28 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF
        2017-09-03 03:29 - 2017-09-03 03:30 - 000000000 ___SD C:\Windows\system32\CompatTel
        2017-09-03 03:29 - 2017-09-03 03:29 - 000000000 ____D C:\Windows\system32\appraiser
        2017-09-02 23:43 - 2012-08-23 17:46 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
        2017-09-02 23:43 - 2012-08-23 17:44 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
        2017-09-02 23:43 - 2012-08-23 14:12 - 000192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
        2017-09-02 23:23 - 2013-10-02 02:45 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
        2017-09-02 23:22 - 2013-10-02 03:42 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
        2017-09-02 23:22 - 2013-10-02 03:32 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
        2017-09-02 23:22 - 2013-10-02 03:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
        2017-09-02 23:22 - 2013-10-02 03:14 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
        2017-09-02 23:22 - 2013-10-02 03:14 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
        2017-09-02 23:22 - 2013-10-02 01:34 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
        2017-09-02 23:14 - 2017-09-02 23:18 - 000000000 ____D C:\Windows\system32\MRT
        2017-09-02 23:14 - 2017-09-02 23:14 - 137505280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
        2017-09-02 23:02 - 2017-09-02 23:02 - 000000000 ____D C:\Program Files\CONEXANT
        2017-09-02 22:50 - 2017-09-02 22:50 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_tp4track_01009.Wdf
        2017-09-02 22:50 - 2017-09-02 22:50 - 000000000 ____D C:\Program Files\Lenovo
        2017-09-02 22:42 - 2012-07-26 06:21 - 000196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
        2017-09-02 22:42 - 2012-07-26 06:20 - 000613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
        2017-09-02 22:42 - 2012-07-26 06:20 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
        2017-09-02 22:42 - 2012-07-26 06:20 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
        2017-09-02 22:42 - 2012-07-26 06:20 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
        2017-09-02 22:42 - 2012-07-26 05:33 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
        2017-09-02 22:42 - 2012-07-26 05:32 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
        2017-09-02 22:42 - 2012-06-02 17:57 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
        2017-09-02 22:30 - 2017-04-28 01:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
        2017-09-02 22:19 - 2015-12-16 21:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
        2017-09-02 22:19 - 2015-12-16 21:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
        2017-09-02 22:19 - 2015-12-16 21:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
        2017-09-02 22:18 - 2016-03-16 21:28 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
        2017-09-02 22:18 - 2016-03-16 21:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
        2017-09-02 22:18 - 2015-08-05 20:40 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
        2017-09-02 22:18 - 2015-08-05 19:58 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
        2017-09-02 22:18 - 2015-07-22 20:53 - 000635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
        2017-09-02 22:18 - 2015-05-25 21:01 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
        2017-09-02 22:18 - 2015-05-25 21:00 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
        2017-09-02 22:18 - 2015-05-25 21:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
        2017-09-02 22:18 - 2015-05-25 21:00 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
        2017-09-02 22:18 - 2015-05-25 21:00 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
        2017-09-02 22:18 - 2015-05-25 21:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
        2017-09-02 22:18 - 2015-01-09 05:48 - 000635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
        2017-09-02 22:18 - 2015-01-09 05:48 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
        2017-09-02 22:18 - 2015-01-09 05:48 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
        2017-09-02 22:18 - 2012-12-07 15:26 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
        2017-09-02 22:18 - 2012-12-07 15:20 - 002576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
        2017-09-02 22:18 - 2012-12-07 13:46 - 000055296 _____ (Microsoft) C:\Windows\system32\cero.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000030720 _____ (Microsoft) C:\Windows\system32\usk.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000021504 _____ (Microsoft) C:\Windows\system32\grb.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
        2017-09-02 22:17 - 2016-08-29 17:55 - 002972672 _____ (Microsoft Corporation) C:\Windows\explorer.exe
        2017-09-02 22:17 - 2012-10-03 19:42 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
        2017-09-02 22:17 - 2012-10-03 19:42 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
        2017-09-02 22:17 - 2012-10-03 19:40 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
        2017-09-02 22:17 - 2012-08-21 23:12 - 000245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
        2017-09-02 22:17 - 2011-03-11 08:39 - 000143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
        2017-09-02 22:17 - 2011-03-11 08:39 - 000117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
        2017-09-02 22:17 - 2011-03-11 08:38 - 000332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
        2017-09-02 22:17 - 2011-03-11 08:38 - 000080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
        2017-09-02 22:17 - 2011-03-11 08:38 - 000022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
        2017-09-02 22:17 - 2011-03-11 08:33 - 001699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
        2017-09-02 22:17 - 2011-03-11 08:31 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
        2017-09-02 22:16 - 2016-07-07 17:57 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
        2017-09-02 22:16 - 2016-03-09 21:40 - 000316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
        2017-09-02 22:16 - 2016-03-09 21:34 - 000216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
        2017-09-02 22:16 - 2016-02-05 21:44 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
        2017-09-02 22:16 - 2016-02-05 20:33 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
        2017-09-02 22:16 - 2015-10-29 20:50 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
        2017-09-02 22:16 - 2015-10-29 20:49 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
        2017-09-02 22:16 - 2015-10-29 20:49 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
        2017-09-02 22:16 - 2015-10-29 20:49 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
        2017-09-02 22:16 - 2015-08-27 20:58 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
        2017-09-02 22:16 - 2015-08-27 20:51 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
        2017-09-02 22:16 - 2015-07-09 20:42 - 001372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
        2017-09-02 22:16 - 2015-07-09 20:42 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
        2017-09-02 22:16 - 2015-06-03 23:22 - 000355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
        2017-09-02 22:16 - 2015-01-29 06:02 - 002311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
        2017-09-02 22:16 - 2014-08-01 14:35 - 000793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
        2017-09-02 22:16 - 2014-02-04 05:07 - 000234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
        2017-09-02 22:16 - 2014-02-04 05:07 - 000149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
        2017-09-02 22:16 - 2014-02-04 05:07 - 000027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
        2017-09-02 22:16 - 2014-02-04 05:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
        2017-09-02 22:16 - 2014-01-28 05:07 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
        2017-09-02 22:16 - 2013-10-30 05:19 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
        2017-09-02 22:16 - 2013-10-04 04:58 - 000152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
        2017-09-02 22:16 - 2013-10-04 04:56 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
        2017-09-02 22:16 - 2013-05-10 06:20 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
        2017-09-02 22:16 - 2013-03-19 06:33 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
        2017-09-02 22:16 - 2013-01-24 07:47 - 000196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
        2017-09-02 22:16 - 2012-07-04 22:45 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
        2017-09-02 22:16 - 2011-02-18 08:39 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
        2017-09-02 22:15 - 2017-07-21 17:26 - 000518144 _____ C:\Windows\system32\msjetoledb40.dll
        2017-09-02 22:15 - 2017-07-21 17:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll
        2017-09-02 22:15 - 2017-07-15 20:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
        2017-09-02 22:15 - 2017-07-14 06:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
        2017-09-02 22:15 - 2017-07-14 06:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
        2017-09-02 22:15 - 2017-07-14 05:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2017-09-02 22:15 - 2017-07-14 05:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2017-09-02 22:15 - 2017-07-14 05:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
        2017-09-02 22:15 - 2017-07-14 05:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
        2017-09-02 22:15 - 2017-07-14 05:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
        2017-09-02 22:15 - 2017-07-14 05:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
        2017-09-02 22:15 - 2017-07-14 05:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2017-09-02 22:15 - 2017-07-14 05:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
        2017-09-02 22:15 - 2017-07-14 05:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
        2017-09-02 22:15 - 2017-07-14 05:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
        2017-09-02 22:15 - 2017-07-14 05:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2017-09-02 22:15 - 2017-07-14 05:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
        2017-09-02 22:15 - 2017-07-14 05:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
        2017-09-02 22:15 - 2017-07-14 05:38 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
        2017-09-02 22:15 - 2017-07-14 05:33 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
        2017-09-02 22:15 - 2017-07-14 05:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
        2017-09-02 22:15 - 2017-07-14 05:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
        2017-09-02 22:15 - 2017-07-14 05:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
        2017-09-02 22:15 - 2017-07-14 05:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
        2017-09-02 22:15 - 2017-07-14 05:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
        2017-09-02 22:15 - 2017-07-14 05:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
        2017-09-02 22:15 - 2017-07-14 05:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
        2017-09-02 22:15 - 2017-07-14 05:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
        2017-09-02 22:15 - 2017-07-14 05:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2017-09-02 22:15 - 2017-07-14 05:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
        2017-09-02 22:15 - 2017-07-14 05:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2017-09-02 22:15 - 2017-07-14 05:12 - 000689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
        2017-09-02 22:15 - 2017-07-14 05:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
        2017-09-02 22:15 - 2017-07-14 05:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
        2017-09-02 22:15 - 2017-07-14 05:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2017-09-02 22:15 - 2017-07-14 04:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2017-09-02 22:15 - 2017-07-14 04:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2017-09-02 22:15 - 2017-07-14 04:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2017-09-02 22:15 - 2017-07-01 16:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
        2017-09-02 22:15 - 2017-07-01 16:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll
        2017-09-02 22:15 - 2017-07-01 16:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
        2017-09-02 22:15 - 2017-07-01 16:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
        2017-09-02 22:15 - 2017-05-12 19:25 - 001251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
        2017-09-02 22:15 - 2017-05-12 19:25 - 000909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
        2017-09-02 22:15 - 2017-05-10 18:12 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
        2017-09-02 22:15 - 2017-05-10 18:12 - 002953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
        2017-09-02 22:15 - 2017-05-10 18:12 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
        2017-09-02 22:15 - 2017-05-10 18:10 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
        2017-09-02 22:15 - 2017-05-10 18:01 - 002092032 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
        2017-09-02 22:15 - 2017-05-10 18:00 - 000573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
        2017-09-02 22:15 - 2017-05-10 18:00 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
        2017-09-02 22:15 - 2017-05-10 18:00 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
        2017-09-02 22:15 - 2017-05-10 18:00 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
        2017-09-02 22:15 - 2017-01-18 18:35 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
        2017-09-02 22:15 - 2016-11-09 19:17 - 002365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
        2017-09-02 22:15 - 2016-09-15 17:51 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
        2017-09-02 22:15 - 2016-08-21 16:05 - 000935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
        2017-09-02 22:15 - 2016-08-12 19:47 - 011410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
        2017-09-02 22:15 - 2016-06-14 18:21 - 003209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
        2017-09-02 22:15 - 2016-06-14 18:21 - 000988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
        2017-09-02 22:15 - 2016-06-14 18:21 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
        2017-09-02 22:15 - 2016-01-21 03:51 - 000057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
        2017-09-02 22:15 - 2015-04-11 06:07 - 000054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
        2017-09-02 22:15 - 2014-10-30 04:45 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
        2017-09-02 22:15 - 2013-08-05 04:56 - 000133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
        2017-09-02 22:15 - 2012-01-04 11:58 - 000442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
        2017-09-02 22:15 - 2011-12-30 08:27 - 000478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
        2017-09-02 22:15 - 2011-06-16 07:33 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
        2017-09-02 22:14 - 2017-08-01 18:16 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
        2017-09-02 22:14 - 2017-07-29 17:50 - 000074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
        2017-09-02 22:14 - 2017-07-21 17:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll
        2017-09-02 22:14 - 2017-07-21 17:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
        2017-09-02 22:14 - 2017-07-14 18:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
        2017-09-02 22:14 - 2017-07-14 18:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
        2017-09-02 22:14 - 2017-07-14 17:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
        2017-09-02 22:14 - 2017-07-14 17:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
        2017-09-02 22:14 - 2017-07-14 17:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
        2017-09-02 22:14 - 2017-07-14 17:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
        2017-09-02 22:14 - 2017-07-08 18:19 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
        2017-09-02 22:14 - 2017-07-08 17:51 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2017-09-02 22:14 - 2017-07-07 18:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
        2017-09-02 22:14 - 2017-07-07 18:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2017-09-02 22:14 - 2017-07-07 18:15 - 000296680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
        2017-09-02 22:14 - 2017-07-07 18:15 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
        2017-09-02 22:14 - 2017-07-07 18:15 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
        2017-09-02 22:14 - 2017-07-07 18:13 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
        2017-09-02 22:14 - 2017-07-07 17:52 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
        2017-09-02 22:14 - 2017-07-07 17:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
        2017-09-02 22:14 - 2017-07-07 17:52 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
        2017-09-02 22:14 - 2017-07-07 17:52 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
        2017-09-02 22:14 - 2017-07-07 17:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
        2017-09-02 22:14 - 2017-07-07 17:50 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
        2017-09-02 22:14 - 2017-07-07 17:48 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
        2017-09-02 22:14 - 2017-07-07 17:48 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
        2017-09-02 22:14 - 2017-07-07 17:48 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
        2017-09-02 22:14 - 2017-07-07 17:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
        2017-09-02 22:14 - 2017-07-07 17:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
        2017-09-02 22:14 - 2017-07-07 17:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
        2017-09-02 22:14 - 2017-07-07 17:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll
        2017-09-02 22:14 - 2017-06-15 23:18 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
        2017-09-02 22:14 - 2017-06-13 01:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
        2017-09-02 22:14 - 2017-06-13 01:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
        2017-09-02 22:14 - 2017-06-13 01:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
        2017-09-02 22:14 - 2017-06-13 01:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
        2017-09-02 22:14 - 2017-06-13 01:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
        2017-09-02 22:14 - 2017-06-13 01:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
        2017-09-02 22:14 - 2017-06-13 01:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
        2017-09-02 22:14 - 2017-06-10 18:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
        2017-09-02 22:14 - 2017-06-09 18:17 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
        2017-09-02 22:14 - 2017-06-06 18:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
        2017-09-02 22:14 - 2017-06-02 10:57 - 000497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
        2017-09-02 22:14 - 2017-05-30 07:39 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
        2017-09-02 22:14 - 2017-05-30 07:39 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
        2017-09-02 22:14 - 2017-05-30 07:39 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
        2017-09-02 22:14 - 2017-05-21 07:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
        2017-09-02 22:14 - 2017-05-16 18:16 - 000730856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
        2017-09-02 22:14 - 2017-05-16 18:16 - 000218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
        2017-09-02 22:14 - 2017-05-16 18:12 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
        2017-09-02 22:14 - 2017-05-12 21:07 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
        2017-09-02 22:14 - 2017-05-12 21:03 - 000629760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
        2017-09-02 22:14 - 2017-05-12 21:03 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
        2017-09-02 22:14 - 2017-05-12 21:03 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
        2017-09-02 22:14 - 2017-05-12 21:03 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
        2017-09-02 22:14 - 2017-05-12 21:03 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
        2017-09-02 22:14 - 2017-05-12 20:43 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
        2017-09-02 22:14 - 2017-05-10 18:16 - 000091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
        2017-09-02 22:14 - 2017-05-10 18:00 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
        2017-09-02 22:14 - 2017-05-10 18:00 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
        2017-09-02 22:14 - 2017-05-10 18:00 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
        2017-09-02 22:14 - 2017-05-09 18:11 - 000779776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
        2017-09-02 22:14 - 2017-05-09 18:01 - 000066048 _____ C:\Windows\system32\PrintBrmUi.exe
        2017-09-02 22:14 - 2017-05-07 18:14 - 000078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
        2017-09-02 22:14 - 2017-05-07 17:53 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
        2017-09-02 22:14 - 2017-04-21 18:15 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 17:54 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
        2017-09-02 22:14 - 2017-04-17 17:51 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
        2017-09-02 22:14 - 2017-04-17 17:48 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 17:48 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 17:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 17:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-12 18:26 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
        2017-09-02 22:14 - 2017-04-12 18:25 - 001176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
        2017-09-02 22:14 - 2017-04-12 18:25 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
        2017-09-02 22:14 - 2017-04-12 18:25 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
        2017-09-02 22:14 - 2017-04-05 18:00 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
        2017-09-02 22:14 - 2017-04-05 18:00 - 000311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
        2017-09-02 22:14 - 2017-04-05 18:00 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
        2017-09-02 22:14 - 2017-04-04 17:52 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
        2017-09-02 22:14 - 2017-03-30 17:58 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
        2017-09-02 22:14 - 2017-03-10 19:20 - 001508352 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
        2017-09-02 22:14 - 2017-03-10 19:20 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
        2017-09-02 22:14 - 2017-03-10 18:52 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
        2017-09-02 22:14 - 2017-03-10 18:51 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
        2017-09-02 22:14 - 2017-03-10 18:51 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
        2017-09-02 22:14 - 2017-03-07 19:17 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
        2017-09-02 22:14 - 2017-03-04 04:14 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
        2017-09-02 22:14 - 2017-03-04 04:14 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
        2017-09-02 22:14 - 2017-02-09 19:14 - 000575488 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
        2017-09-02 22:14 - 2017-02-09 19:14 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
        2017-09-02 22:14 - 2017-02-09 19:14 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
        2017-09-02 22:14 - 2017-02-09 19:14 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
        2017-09-02 22:14 - 2017-02-09 18:51 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
        2017-09-02 22:14 - 2017-01-13 20:45 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
        2017-09-02 22:14 - 2017-01-13 20:45 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
        2017-09-02 22:14 - 2017-01-11 20:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
        2017-09-02 22:14 - 2017-01-11 20:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
        2017-09-02 22:14 - 2016-11-20 19:19 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
        2017-09-02 22:14 - 2016-11-20 17:07 - 000373896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
        2017-09-02 22:14 - 2016-11-10 19:19 - 000811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
        2017-09-02 22:14 - 2016-11-09 19:24 - 000105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
        2017-09-02 22:14 - 2016-11-09 19:17 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
        2017-09-02 22:14 - 2016-11-09 19:17 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
        2017-09-02 22:14 - 2016-11-09 19:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
        2017-09-02 22:14 - 2016-11-09 19:17 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
        2017-09-02 22:14 - 2016-11-09 18:55 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
        2017-09-02 22:14 - 2016-10-11 18:18 - 001027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
        2017-09-02 22:14 - 2016-10-11 18:18 - 000829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
        2017-09-02 22:14 - 2016-10-11 18:18 - 000701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
        2017-09-02 22:14 - 2016-10-11 18:18 - 000430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
        2017-09-02 22:14 - 2016-10-11 18:18 - 000126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
        2017-09-02 22:14 - 2016-10-11 17:51 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
        2017-09-02 22:14 - 2016-10-11 16:33 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
        2017-09-02 22:14 - 2016-10-11 16:18 - 000419648 _____ C:\Windows\system32\locale.nls
        2017-09-02 22:14 - 2016-10-08 16:05 - 000534600 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
        2017-09-02 22:14 - 2016-10-07 18:12 - 002291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
        2017-09-02 22:14 - 2016-10-07 18:12 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
        2017-09-02 22:14 - 2016-10-05 17:50 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
        2017-09-02 22:14 - 2016-09-12 23:49 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
        2017-09-02 22:14 - 2016-09-08 23:34 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
        2017-09-02 22:14 - 2016-09-08 23:34 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
        2017-09-02 22:14 - 2016-09-08 17:49 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
        2017-09-02 22:14 - 2016-09-08 17:49 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
        2017-09-02 22:14 - 2016-08-12 19:47 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
        2017-09-02 22:14 - 2016-08-12 19:31 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
        2017-09-02 22:14 - 2016-08-12 19:31 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
        2017-09-02 22:14 - 2016-08-12 19:31 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
        2017-09-02 22:14 - 2016-08-12 19:21 - 000437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
        2017-09-02 22:14 - 2016-08-06 18:15 - 001178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
        2017-09-02 22:14 - 2016-08-06 18:15 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
        2017-09-02 22:14 - 2016-08-06 18:15 - 000214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
        2017-09-02 22:14 - 2016-08-06 18:15 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
        2017-09-02 22:14 - 2016-08-06 18:15 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
        2017-09-02 22:14 - 2016-08-06 17:53 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
        2017-09-02 22:14 - 2016-08-06 17:53 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
        2017-09-02 22:14 - 2016-08-06 17:53 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 001005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
        2017-09-02 22:14 - 2016-06-14 18:17 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
        2017-09-02 22:14 - 2016-06-14 18:05 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
        2017-09-02 22:14 - 2016-06-14 18:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
        2017-09-02 22:14 - 2016-06-14 18:05 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
        2017-09-02 22:14 - 2016-06-14 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
        2017-09-02 22:14 - 2016-06-14 17:55 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
        2017-09-02 22:14 - 2016-06-14 17:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
        2017-09-02 22:14 - 2016-05-12 16:04 - 000249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
        2017-09-02 22:14 - 2016-03-24 01:42 - 000409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
        2017-09-02 22:14 - 2016-03-24 01:39 - 000470704 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
        2017-09-02 22:13 - 2012-10-09 20:40 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
        2017-09-02 22:13 - 2012-10-09 20:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
        2017-09-02 22:01 - 2017-05-03 18:15 - 000081640 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
        2017-09-02 22:01 - 2017-05-03 18:10 - 000987648 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 001327616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000505856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000446464 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
        2017-09-02 22:01 - 2017-03-23 05:06 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
        2017-09-02 21:24 - 2013-12-04 05:03 - 000428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
        2017-09-02 21:24 - 2013-12-04 05:03 - 000423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
        2017-09-02 21:24 - 2013-12-04 05:03 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
        2017-09-02 21:24 - 2013-12-04 05:03 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
        2017-09-02 21:24 - 2013-12-04 05:02 - 000390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
        2017-09-02 21:24 - 2013-12-04 04:54 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
        2017-09-02 21:24 - 2013-12-04 04:54 - 000572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
        2017-09-02 21:24 - 2013-12-04 04:54 - 000510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
        2017-09-02 21:24 - 2013-12-04 04:54 - 000508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
        2017-09-02 18:47 - 2017-09-02 18:47 - 000386758 _____ C:\Users\BECKO\Downloads\XR_Interior1(yeni)(2).rar
        2017-09-02 18:41 - 2017-09-03 17:28 - 000000000 ____D C:\ProgramData\Adobe
        2017-09-02 18:40 - 2017-09-03 17:28 - 000000000 ____D C:\Program Files\Common Files\Adobe
        2017-09-02 18:37 - 2017-09-03 17:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe
        2017-09-02 18:36 - 2017-09-02 18:36 - 000814168 _____ (Adobe Systems Incorporated) C:\Users\BECKO\Downloads\CreativeCloudSet-Up.exe
        2017-09-02 18:34 - 2017-09-03 15:54 - 048763957 _____ C:\Users\BECKO\Downloads\XRT_Publicpack.psd
        2017-09-02 17:36 - 2013-11-26 11:16 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
        2017-09-02 10:43 - 2017-09-02 10:43 - 000001689 _____ C:\Users\BECKO\Desktop\jpg2dds - Пряк път.lnk
        2017-09-02 10:41 - 2017-09-02 10:41 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Easy2Convert
        2017-09-02 10:34 - 2017-09-02 10:34 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\WinRAR
        2017-09-02 10:34 - 2017-09-02 10:34 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-02 10:34 - 2017-09-02 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-02 10:32 - 2017-09-02 10:32 - 000933207 _____ C:\Users\BECKO\Downloads\Ford Sierra Cosworth Texturepack.rar
        2017-09-02 10:29 - 2016-04-14 16:49 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
        2017-09-02 10:29 - 2016-04-09 07:20 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
        2017-09-02 10:10 - 2015-07-30 20:57 - 001987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
        2017-09-02 10:07 - 2015-12-09 00:54 - 002285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
        2017-09-02 10:06 - 2015-02-04 05:54 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
        2017-09-02 09:50 - 2017-09-02 09:50 - 000280064 _____ () C:\Users\BECKO\AppData\Roaming\8b5a5cb069b1cfec65bffb9aafc26fad.exe
        2017-09-02 08:06 - 2017-09-02 08:06 - 000000032 ___SH C:\Windows\system32\build.conf
        2017-09-02 08:06 - 2017-09-02 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\WindowsLoader
        2017-09-02 08:04 - 2017-09-02 08:04 - 002883863 _____ C:\Users\BECKO\Downloads\Windows_7_Loader.zip
        2017-09-02 07:06 - 2017-09-02 07:06 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\monect
        2017-09-02 07:05 - 2017-09-25 10:00 - 000000000 ____D C:\ProgramData\Package Cache
        2017-09-02 07:04 - 2017-09-02 07:04 - 032690791 _____ C:\Users\BECKO\Downloads\PCRemoteReceiverSetup_5_6_0_1.zip
        2017-09-02 04:16 - 2014-07-01 01:14 - 000008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
        2017-09-02 04:16 - 2014-03-10 00:47 - 000099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
        2017-09-02 04:15 - 2014-06-06 09:16 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
        2017-09-02 04:15 - 2014-03-10 00:47 - 000619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
        2017-09-02 04:14 - 2012-03-01 08:46 - 000019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
        2017-09-02 04:14 - 2012-03-01 08:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
        2017-09-02 03:23 - 2017-09-02 03:23 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
        2017-09-02 03:23 - 2017-09-02 03:23 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
        2017-09-02 03:23 - 2017-09-02 03:23 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
        2017-09-02 03:23 - 2017-09-02 03:23 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
        2017-09-02 03:22 - 2017-09-02 03:23 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
        2017-09-02 03:22 - 2017-09-02 03:22 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
        2017-09-02 03:22 - 2017-09-02 03:22 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
        2017-09-02 03:22 - 2017-09-02 03:22 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
        2017-09-02 03:22 - 2017-09-02 03:22 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
        2017-09-02 03:22 - 2017-09-02 03:22 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
        2017-09-02 03:19 - 2017-09-02 03:19 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
        2017-09-02 03:14 - 2017-09-02 03:14 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
        2017-09-02 03:10 - 2017-09-02 03:10 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
        2017-09-02 03:07 - 2015-07-30 16:13 - 000103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
        2017-09-01 23:07 - 2016-05-11 18:19 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
        2017-09-01 23:07 - 2016-02-09 12:50 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
        2017-09-01 23:07 - 2016-02-03 20:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
        2017-09-01 23:07 - 2013-07-03 06:36 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
        2017-09-01 23:07 - 2013-07-03 06:36 - 000025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
        2017-09-01 23:07 - 2013-02-12 06:32 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
        2017-09-01 23:06 - 2016-06-25 22:53 - 000297472 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
        2017-09-01 23:06 - 2016-06-25 22:53 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
        2017-09-01 23:06 - 2016-06-25 22:42 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
        2017-09-01 23:06 - 2016-06-25 22:41 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
        2017-09-01 23:06 - 2016-06-25 22:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
        2017-09-01 23:06 - 2016-02-04 21:41 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
        2017-09-01 23:06 - 2015-11-11 21:39 - 001242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
        2017-09-01 23:06 - 2015-11-11 21:39 - 000487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
        2017-09-01 23:06 - 2015-08-05 20:41 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
        2017-09-01 23:06 - 2015-07-09 20:42 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
        2017-09-01 23:06 - 2015-07-09 20:42 - 000179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
        2017-09-01 23:06 - 2014-11-11 05:44 - 000186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
        2017-09-01 23:06 - 2012-11-02 08:11 - 000376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
        2017-09-01 23:06 - 2011-03-03 08:38 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
        2017-09-01 23:06 - 2011-03-03 08:38 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
        2017-09-01 23:06 - 2011-03-03 08:36 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
        2017-09-01 23:05 - 2016-05-12 18:18 - 000606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
        2017-09-01 23:05 - 2016-05-12 18:18 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
        2017-09-01 23:05 - 2016-05-12 18:18 - 000351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
        2017-09-01 23:05 - 2016-05-12 18:18 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
        2017-09-01 23:05 - 2016-05-12 18:18 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
        2017-09-01 23:05 - 2016-05-12 18:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
        2017-09-01 23:05 - 2016-05-12 18:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
        2017-09-01 23:05 - 2016-05-12 17:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
        2017-09-01 23:05 - 2016-05-12 17:57 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
        2017-09-01 23:05 - 2015-07-15 20:55 - 001159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
        2017-09-01 23:05 - 2013-10-19 04:36 - 000159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
        2017-09-01 23:05 - 2013-10-12 05:04 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
        2017-09-01 23:05 - 2013-10-12 05:03 - 000163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
        2017-09-01 23:05 - 2013-10-12 04:15 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
        2017-09-01 23:05 - 2013-10-12 04:15 - 000126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
        2017-09-01 23:05 - 2011-08-17 07:24 - 000465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
        2017-09-01 23:05 - 2011-08-17 07:19 - 000075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
        2017-09-01 23:03 - 2015-10-13 07:50 - 000712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
        2017-09-01 23:03 - 2014-09-04 08:04 - 000372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
        2017-09-01 23:02 - 2016-07-22 17:51 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
        2017-09-01 23:02 - 2016-01-22 09:04 - 000642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
        2017-09-01 23:02 - 2016-01-22 09:04 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
        2017-09-01 23:02 - 2015-11-03 21:55 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
        2017-09-01 23:02 - 2015-04-18 05:56 - 000342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
        2017-09-01 23:02 - 2015-03-04 07:10 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
        2017-09-01 23:02 - 2014-06-18 04:51 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
        2017-09-01 23:02 - 2013-05-13 06:08 - 000903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
        2017-09-01 23:02 - 2013-05-13 06:08 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
        2017-09-01 23:02 - 2012-07-05 00:16 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
        2017-09-01 23:02 - 2012-07-05 00:14 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
        2017-09-01 23:02 - 2012-07-05 00:14 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
        2017-09-01 23:01 - 2015-12-09 00:53 - 000509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
        2017-09-01 23:01 - 2015-04-13 06:19 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
        2017-09-01 23:01 - 2014-06-19 01:23 - 001131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
        2017-09-01 23:01 - 2014-06-19 01:23 - 000156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
        2017-09-01 23:01 - 2014-06-19 01:23 - 000081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
        2017-09-01 23:01 - 2011-08-27 07:26 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
        2017-09-01 23:01 - 2011-05-24 13:44 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
        2017-09-01 23:01 - 2011-02-12 08:35 - 000191488 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
        2017-09-01 23:01 - 2010-12-23 08:54 - 000850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
        2017-09-01 23:01 - 2010-12-23 08:50 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
        2017-09-01 23:00 - 2015-11-14 01:50 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
        2017-09-01 23:00 - 2015-11-14 01:50 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
        2017-09-01 23:00 - 2015-11-14 01:49 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
        2017-09-01 23:00 - 2015-11-05 22:02 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
        2017-09-01 23:00 - 2015-11-05 12:48 - 000117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
        2017-09-01 23:00 - 2015-07-15 05:55 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
        2017-09-01 23:00 - 2015-02-03 06:12 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
        2017-09-01 23:00 - 2014-12-19 05:43 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
        2017-09-01 23:00 - 2014-10-25 04:32 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
        2017-09-01 23:00 - 2014-07-17 04:40 - 000157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
        2017-09-01 23:00 - 2014-07-17 04:39 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
        2017-09-01 23:00 - 2014-07-17 04:39 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
        2017-09-01 23:00 - 2014-07-17 04:03 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
        2017-09-01 23:00 - 2013-10-12 05:03 - 000656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
        2017-09-01 23:00 - 2013-10-12 05:01 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
        2017-09-01 23:00 - 2013-10-12 05:01 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
        2017-09-01 23:00 - 2013-07-26 04:55 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
        2017-09-01 23:00 - 2013-07-12 13:07 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
        2017-09-01 23:00 - 2012-09-26 01:47 - 000078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
        2017-09-01 23:00 - 2012-04-26 07:45 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
        2017-09-01 23:00 - 2012-04-26 07:41 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
        2017-09-01 23:00 - 2012-03-17 10:27 - 000056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
        2017-09-01 23:00 - 2011-12-16 10:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
        2017-09-01 23:00 - 2011-06-15 11:55 - 000319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
        2017-09-01 23:00 - 2011-06-15 11:55 - 000163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
        2017-09-01 23:00 - 2011-06-15 11:55 - 000122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
        2017-09-01 23:00 - 2011-06-15 11:55 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
        2017-09-01 23:00 - 2011-06-15 11:55 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
        2017-09-01 22:59 - 2016-05-11 18:19 - 000351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
        2017-09-01 22:59 - 2016-05-11 18:19 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
        2017-09-01 22:59 - 2016-05-11 18:19 - 000206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
        2017-09-01 22:59 - 2016-05-11 18:01 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
        2017-09-01 22:59 - 2016-05-11 17:52 - 000188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
        2017-09-01 22:59 - 2015-12-09 00:54 - 001620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 001568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 001325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
        2017-09-01 22:59 - 2015-12-09 00:54 - 000739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
        2017-09-01 22:59 - 2015-12-09 00:53 - 000829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
        2017-09-01 22:59 - 2015-12-09 00:53 - 000609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
        2017-09-01 22:59 - 2015-12-09 00:53 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
        2017-09-01 22:59 - 2015-12-09 00:53 - 000153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
        2017-09-01 22:59 - 2015-12-09 00:53 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
        2017-09-01 22:59 - 2015-12-09 00:53 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
        2017-09-01 22:59 - 2015-12-09 00:43 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
        2017-09-01 22:59 - 2015-12-09 00:11 - 000177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
        2017-09-01 22:59 - 2015-12-09 00:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
        2017-09-01 22:59 - 2015-06-02 02:47 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
        2017-09-01 22:59 - 2015-04-24 20:56 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
        2017-09-01 22:59 - 2014-12-08 05:46 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
        2017-09-01 22:59 - 2014-12-06 06:50 - 000242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
        2017-09-01 22:59 - 2014-10-14 04:50 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
        2017-09-01 22:59 - 2013-06-26 01:56 - 000527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
        2017-09-01 22:59 - 2012-11-29 01:57 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
        2017-09-01 22:59 - 2012-11-29 01:57 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
        2017-09-01 22:59 - 2012-11-29 01:57 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
        2017-09-01 22:59 - 2012-10-03 19:42 - 000156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
        2017-09-01 22:59 - 2012-10-03 19:42 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
        2017-09-01 22:59 - 2011-03-11 08:33 - 001164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
        2017-09-01 22:59 - 2011-03-11 08:33 - 001137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
        2017-09-01 22:16 - 2012-02-17 08:34 - 000826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
        2017-09-01 22:16 - 2012-02-17 07:13 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
        2017-09-01 20:37 - 2017-09-01 20:37 - 000000000 ____D C:\Program Files\Analog Devices
        2017-09-01 20:36 - 2017-09-01 20:36 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
        2017-09-01 20:36 - 2009-05-18 13:32 - 000381440 _____ (Analog Devices, Inc.) C:\Windows\system32\Drivers\ADIHdAud.sys
        2017-09-01 20:36 - 2009-05-18 13:27 - 000032768 _____ (Analog Devices) C:\Windows\system32\adidrm.dll
        2017-09-01 20:36 - 2009-01-27 16:08 - 000139264 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIAPO.dll
        2017-09-01 20:36 - 2008-07-15 13:09 - 000090112 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
        2017-09-01 20:36 - 2008-02-28 16:17 - 000034304 _____ (Analog Devices, Inc.) C:\Windows\system32\SmaxCo.dll
        2017-09-01 20:36 - 2007-12-05 07:56 - 000364544 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIExt.dll
        2017-09-01 20:36 - 2007-01-10 14:40 - 000050176 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIAPR.dll
        2017-09-01 20:35 - 2017-09-01 20:35 - 004695672 _____ (Lenovo Group Limited ) C:\Users\BECKO\Downloads\7ka216ww.exe
        2017-09-01 20:29 - 2017-09-01 20:30 - 000000000 ____D C:\ProgramData\dllescort
        2017-09-01 20:18 - 2017-09-01 20:18 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google
        2017-09-01 20:15 - 2017-09-01 20:15 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-09-01 20:15 - 2017-09-01 20:15 - 000002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
        2017-09-01 20:14 - 2017-09-03 07:24 - 000058016 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT
        2017-09-01 20:14 - 2017-09-01 20:38 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google
        2017-09-01 20:14 - 2017-09-01 20:15 - 000000000 ____D C:\Program Files\Google
        2017-09-01 20:14 - 2017-09-01 20:14 - 000000000 ____D C:\Users\BECKO\AppData\Local\Deployment
        2017-09-01 20:14 - 2017-09-01 20:14 - 000000000 ____D C:\Users\BECKO\AppData\Local\Apps\2.0
        2017-09-01 20:11 - 2017-09-03 17:27 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe
        2017-09-01 20:11 - 2017-09-01 20:11 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia
        2017-09-01 20:10 - 2017-09-01 20:10 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
        2017-09-01 20:10 - 2017-09-01 20:10 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
        2017-09-01 20:09 - 2017-09-01 20:10 - 000000000 ____D C:\Windows\system32\Macromed
        2017-09-01 19:51 - 2017-09-01 19:18 - 000000000 ____D C:\Windows\Panther
        2017-09-01 19:37 - 2017-09-01 19:37 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
        2017-09-01 19:19 - 2017-09-01 19:19 - 000001393 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
        2017-09-01 19:18 - 2017-09-24 12:45 - 000000000 ____D C:\Users\BECKO
        2017-09-01 19:18 - 2017-09-20 11:03 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore
        2017-09-01 19:18 - 2017-09-01 19:18 - 000000020 ___SH C:\Users\BECKO\ntuser.ini
        2017-09-01 19:18 - 2011-04-12 04:36 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs
        2017-09-01 18:59 - 2017-09-01 18:59 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
        2017-09-01 18:58 - 2017-09-01 18:58 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
        2017-09-01 18:57 - 2017-09-01 18:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
        2017-08-30 17:29 - 2017-08-31 17:45 - 000000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z...ZZZ...Z.ZZ
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-25 09:55 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
        2017-09-25 03:28 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-09-25 03:28 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-09-24 18:44 - 2017-08-01 08:22 - 000000000 ____D C:\Program Files\Cheat Engine 6.7
        2017-09-24 12:21 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
        2017-09-24 12:17 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\MSBuild
        2017-09-22 13:27 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-22 09:46 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF
        2017-09-18 18:22 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\Downloaded Program Files
        2017-09-05 19:48 - 2016-09-16 12:58 - 000000000 ____D C:\Intel
        2017-09-05 18:17 - 2010-11-21 00:01 - 000765700 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-04 23:26 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
        2017-09-04 03:39 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\AppCompat
        2017-09-03 17:33 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
        2017-09-03 03:34 - 2009-07-14 07:33 - 000267016 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-09-03 03:30 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker
        2017-09-03 03:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\tracing
        2017-09-03 03:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz
        2017-09-03 03:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\Dism
        2017-09-03 03:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
        2017-09-02 09:42 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System
        2017-09-02 09:41 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender
        2017-09-01 19:56 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries
        2017-09-01 19:51 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
        2017-09-01 18:58 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
        2017-09-01 18:58 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep
        2017-09-01 18:53 - 2011-04-12 04:37 - 000000000 ____D C:\Windows\CSC
        ==================== Files in the root of some directories =======
        2017-09-02 09:50 - 2017-09-02 09:50 - 000280064 _____ () C:\Users\BECKO\AppData\Roaming\8b5a5cb069b1cfec65bffb9aafc26fad.exe
        Some files in TEMP:
        ====================
        2017-09-20 15:53 - 2017-09-20 15:54 - 006087840 _____ (Innovative Solutions                                        ) C:\Users\BECKO\AppData\Local\Temp\tmp-drivermax9399034.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-20 03:59
        ==================== End of FRST.txt ============================
         
        Addition_25-09-2017 12.25.58.txt
      • от CaptainJord
        Здравейте, реших да си направя профилактика на компютъра ми, нямам съмнение, но просто ей така да пробвам. Бях си свалил програмата ,,RegRun Reanimator ', която я има в сайта, откри някакви злонамерени файлове и ги изчистих. За по-сигурно реших да проверя и по този ,,по-дълбок'' начин. Надявам се да съм постъпил правилно.
        FRST - log
        Addition - log
         
      • от RudeBoy
        Здравейте,
        Направих една голяма глупост - изтеглих и опитах да отворя кийген за една програма. Явно е бил фалшив, защото компютърът ми се напълни с какво ли не. Сканирах с Panda, премахна много неща, но има още. Като браузвам в нета, постоянно ми се отварят рекламни страници, при кликване на всеки линк. Отварят се дори и от само себе си, при затворен браузър. Имам системен диск, в краен случай съм готов да преинсталирам, но ако мога да се справя с ваша помощ, ще е чудесно  .
        Прикачвам логовете:
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2017
        Ran by mcpph (administrator) on DESKTOP-P7903MO (17-09-2017 12:39:55)
        Running from C:\Users\mcpph\Desktop
        Loaded Profiles: mcpph (Available Profiles: mcpph)
        Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Opera)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
        (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
        (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
        () C:\ProgramData\WinSxA.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
        (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
        HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [144520 2017-07-19] (Panda Security, S.L.)
        HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
        HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
        HKU\S-1-5-21-3410296404-4140097037-1986194597-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
        HKU\S-1-5-21-3410296404-4140097037-1986194597-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ENDLES~1.SCR [5133824 2015-12-01] (Extreme Internet Software)
        BootExecute: 
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
        Tcpip\..\Interfaces\{399be296-21bc-4c44-b88b-015636c079a7}: [DhcpNameServer] 192.168.100.1
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
        FireFox:
        ========
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        Opera: 
        =======
        OPR Extension: (Adguard AdBlocker) - C:\Users\mcpph\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-09-04]
        OPR Extension: (Quick Searcher) - C:\Users\mcpph\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-09-17]
        StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
        S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-03-18] (Intel Corporation)
        S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
        S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
        R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-07-19] (Panda Security, S.L.)
        R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
        R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2017-07-19] (Panda Security, S.L.)
        R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
        R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
        R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
        S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
        R2 WinSxA; C:\ProgramData\WinSxA.exe [423080 2017-09-17] ()
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
        S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [33448 2016-12-07] ()
        S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
        S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
        S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
        R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
        S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-09-17] (Malwarebytes)
        S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
        R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [106976 2017-04-07] (Panda Security, S.L.)
        R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [211936 2017-04-07] (Panda Security, S.L.)
        R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [121312 2017-04-07] (Panda Security, S.L.)
        R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [125920 2017-04-07] (Panda Security, S.L.)
        R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [89960 2017-03-17] (Panda Security, S.L.)
        R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [118240 2017-04-07] (Panda Security, S.L.)
        R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [91104 2017-04-07] (Panda Security, S.L.)
        R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [135648 2017-04-07] (Panda Security, S.L.)
        R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [336352 2017-04-07] (Panda Security, S.L.)
        R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [226272 2017-04-07] (Panda Security, S.L.)
        R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [123360 2017-04-07] (Panda Security, S.L.)
        R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [280032 2017-04-07] (Panda Security, S.L.)
        R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [125408 2017-04-07] (Panda Security, S.L.)
        R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [179168 2017-07-19] (Panda Security, S.L.)
        R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [140256 2017-07-19] (Panda Security, S.L.)
        R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207328 2017-07-19] (Panda Security, S.L.)
        R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133600 2017-07-19] (Panda Security, S.L.)
        R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [146912 2017-07-19] (Panda Security, S.L.)
        R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117216 2017-07-19] (Panda Security, S.L.)
        U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security, S.L.)
        R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
        S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
        S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-17 12:39 - 2017-09-17 12:40 - 000010125 _____ C:\Users\mcpph\Desktop\FRST.txt
        2017-09-17 12:39 - 2017-09-17 12:39 - 002398720 _____ (Farbar) C:\Users\mcpph\Desktop\FRST64.exe
        2017-09-17 12:39 - 2017-09-17 12:39 - 000000000 ____D C:\FRST
        2017-09-17 12:08 - 2017-09-17 12:13 - 000001024 _____ C:\Windows\system32\Drivers\etc\hosts.bak
        2017-09-17 12:04 - 2017-09-17 12:05 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Zara
        2017-09-17 12:04 - 2017-09-17 12:04 - 000423080 _____ C:\ProgramData\WinSxA.exe
        2017-09-17 12:04 - 2017-09-17 12:04 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\spbggb0is40
        2017-09-17 12:04 - 2017-09-17 12:04 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\0sziqug0wpx
        2017-09-17 12:03 - 2017-09-17 12:07 - 000001654 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа Вrоwsеr.lnk
        2017-09-16 08:28 - 2017-09-16 21:13 - 000000000 ____D C:\Users\mcpph\AppData\Local\Samsung
        2017-09-16 08:28 - 2017-09-16 08:28 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
        2017-09-16 08:28 - 2017-09-16 08:28 - 000000000 ____D C:\Users\mcpph\Documents\samsung
        2017-09-16 08:27 - 2017-09-16 08:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
        2017-09-15 21:10 - 2017-09-16 21:13 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Samsung
        2017-09-15 21:10 - 2016-07-22 10:21 - 000164992 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
        2017-09-15 21:10 - 2016-07-22 10:21 - 000130688 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
        2017-09-15 21:09 - 2017-09-16 21:13 - 000000000 ____D C:\ProgramData\Samsung
        2017-09-15 21:09 - 2017-09-15 21:10 - 000000000 ____D C:\Program Files (x86)\Samsung
        2017-09-15 21:09 - 2016-05-18 14:49 - 004659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
        2017-09-15 21:09 - 2016-05-18 14:49 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
        2017-09-15 21:08 - 2017-09-15 21:08 - 000000000 ____D C:\Users\mcpph\AppData\Local\Downloaded Installations
        2017-09-12 15:13 - 2017-09-12 15:13 - 000000911 _____ C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ExifPro 2.1.lnk
        2017-09-12 09:35 - 2017-09-17 12:07 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\ProgramData\Malwarebytes
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
        2017-09-12 09:35 - 2015-10-05 09:50 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
        2017-09-12 09:35 - 2015-10-05 09:50 - 000064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
        2017-09-12 09:35 - 2015-10-05 09:50 - 000025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files\Reference Assemblies
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files\MSBuild
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
        2017-09-05 23:33 - 2017-02-10 11:26 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:26 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:26 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
        2017-09-05 23:33 - 2017-02-10 11:21 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:21 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:21 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
        2017-09-05 23:27 - 2017-09-05 23:27 - 000000000 ____D C:\Users\mcpph\AppData\Local\ElevatedDiagnostics
        2017-09-05 23:24 - 2017-09-05 23:24 - 000000000 ____D C:\Windows\SysWOW64\directx
        2017-09-05 23:21 - 2017-09-05 23:21 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\WinRAR
        2017-09-04 22:44 - 2017-09-04 22:45 - 000000000 _____ C:\Recovery.txt
        2017-09-04 19:29 - 2017-09-04 08:51 - 000000000 ____D C:\Windows\Panther
        2017-09-04 18:30 - 2017-09-04 18:30 - 000000000 _SHDL C:\Documents and Settings
        2017-09-04 18:29 - 2017-09-17 12:36 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-04 18:29 - 2017-09-17 09:31 - 000000000 ____D C:\Windows\system32\SleepStudy
        2017-09-04 18:29 - 2017-09-04 18:29 - 000000000 ____D C:\Windows\ServiceProfiles
        2017-09-04 18:29 - 2017-09-04 09:56 - 000267480 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-09-04 17:53 - 2017-09-04 17:54 - 000000000 ____D C:\Users\mcpph\AppData\Local\Easy CD-DA Extractor
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\TEMP
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 16
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\Easy CD-DA Extractor
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\Program Files\Easy CD-DA Extractor 16
        2017-09-04 17:50 - 2017-09-04 17:50 - 000000000 ____D C:\Users\mcpph\AppData\Local\Kolor
        2017-09-04 17:50 - 2017-09-04 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolor
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\IObit
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\LocalLow\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Turbo.net
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\CrashDumps
        2017-09-04 14:36 - 2017-09-04 17:50 - 000000000 ____D C:\Program Files\Kolor
        2017-09-04 11:30 - 2017-09-04 11:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Yamicsoft
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamicsoft
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Local\DBG
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Program Files\Yamicsoft
        2017-09-04 10:15 - 2017-09-04 10:15 - 000000000 ____D C:\Users\mcpph\Documents\Adobe
        2017-09-04 10:13 - 2017-09-04 10:13 - 000000000 ____D C:\Program Files\Common Files\Adobe
        2017-09-04 10:08 - 2017-09-04 10:13 - 000000000 ____D C:\Program Files\Adobe
        2017-09-04 10:08 - 2017-09-04 10:08 - 000001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
        2017-09-04 10:08 - 2017-09-04 10:08 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
        2017-09-04 10:07 - 2017-09-04 10:13 - 000000000 ____D C:\ProgramData\Adobe
        2017-09-04 10:07 - 2017-09-04 10:07 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Macromedia
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\Users\mcpph\AppData\Local\4kdownload.com
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\Program Files (x86)\4KDownload
        2017-09-04 09:58 - 2017-09-04 09:58 - 000001531 ____H C:\Windows\EPMBatch.ept
        2017-09-04 09:55 - 2017-09-16 21:13 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ___HD C:\Program Files (x86)\Temp
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Program Files\Realtek
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Program Files (x86)\Realtek
        2017-09-04 09:55 - 2015-06-18 18:45 - 004496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
        2017-09-04 09:55 - 2015-06-18 17:59 - 002862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
        2017-09-04 09:55 - 2015-06-17 19:47 - 002930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
        2017-09-04 09:55 - 2015-06-17 14:45 - 003234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
        2017-09-04 09:55 - 2015-06-15 17:39 - 001748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
        2017-09-04 09:55 - 2015-05-27 17:38 - 002825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
        2017-09-04 09:55 - 2015-05-26 11:59 - 000166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
        2017-09-04 09:55 - 2015-05-25 15:18 - 003195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
        2017-09-04 09:55 - 2015-05-18 14:47 - 002702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
        2017-09-04 09:55 - 2015-05-15 19:27 - 002918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
        2017-09-04 09:55 - 2015-05-15 16:32 - 001316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
        2017-09-04 09:55 - 2014-11-11 13:44 - 000631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
        2017-09-04 09:55 - 2014-06-09 10:59 - 000560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
        2017-09-04 09:55 - 2014-04-10 12:19 - 002041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
        2017-09-04 09:55 - 2014-01-08 15:25 - 000397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
        2017-09-04 09:55 - 2013-10-11 12:47 - 000113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
        2017-09-04 09:55 - 2012-06-08 16:21 - 000897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
        2017-09-04 09:55 - 2012-06-08 16:21 - 000753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
        2017-09-04 09:55 - 2012-03-08 11:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
        2017-09-04 09:55 - 2011-12-20 15:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
        2017-09-04 09:55 - 2011-12-16 14:57 - 000065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
        2017-09-04 09:55 - 2011-11-22 16:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
        2017-09-04 09:55 - 2010-09-27 09:34 - 000318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
        2017-09-04 09:55 - 2009-11-18 07:13 - 000060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
        2017-09-04 09:54 - 2017-09-13 19:40 - 000000000 ____D C:\Program Files\Recuva
        2017-09-04 09:54 - 2017-09-04 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
        2017-09-04 09:51 - 2017-09-17 12:32 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\vlc
        2017-09-04 09:51 - 2017-09-04 09:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
        2017-09-04 09:51 - 2017-09-04 09:51 - 000000000 ____D C:\Program Files (x86)\VideoLAN
        2017-09-04 09:50 - 2017-09-04 09:50 - 000000000 ____D C:\Users\mcpph\AppData\Local\Foxit Reader
        2017-09-04 09:49 - 2017-09-04 09:50 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Users\Public\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Foxit AgentInformation
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Program Files (x86)\Foxit Software
        2017-09-04 09:48 - 2017-09-04 09:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Viber
        2017-09-04 09:47 - 2017-09-16 12:23 - 000000000 ____D C:\Users\mcpph\Documents\ViberDownloads
        2017-09-04 09:45 - 2017-09-16 12:22 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\ViberPC
        2017-09-04 09:45 - 2017-09-04 09:45 - 000001033 _____ C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Local\Viber Media S.à r.l
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Local\Package Cache
        2017-09-04 09:41 - 2017-09-04 09:41 - 000000691 _____ C:\Users\mcpph\Desktop\VIDEO.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000716 _____ C:\Users\mcpph\Desktop\DOWNLOAD.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000691 _____ C:\Users\mcpph\Desktop\AUDIO.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000000 ____D C:\ProgramData\ShellIcons
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.5
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\Program Files\Speccy
        2017-09-04 09:38 - 2017-09-04 09:38 - 000000000 ____D C:\Program Files (x86)\EaseUS
        2017-09-04 09:38 - 2017-08-08 17:49 - 004027072 _____ C:\Windows\system32\BootMan.exe
        2017-09-04 09:38 - 2017-08-08 17:49 - 003037376 _____ C:\Windows\SysWOW64\BootMan.exe
        2017-09-04 09:38 - 2016-12-07 13:26 - 000033448 _____ C:\Windows\system32\epmntdrv.sys
        2017-09-04 09:38 - 2016-07-11 10:01 - 000101984 _____ C:\Windows\system32\setupempdrvx64.exe
        2017-09-04 09:38 - 2016-07-11 10:01 - 000088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
        2017-09-04 09:38 - 2016-07-11 10:01 - 000010848 _____ C:\Windows\system32\EuGdiDrv.sys
        2017-09-04 09:38 - 2016-07-11 10:01 - 000010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
        2017-09-04 09:38 - 2016-07-08 15:28 - 000248832 _____ C:\Windows\SysWOW64\epmntdrv.pdb
        2017-09-04 09:38 - 2016-01-14 10:05 - 000021496 _____ C:\Windows\SysWOW64\epmntdrv.sys
        2017-09-04 09:38 - 2014-11-18 14:46 - 000021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
        2017-09-04 09:38 - 2014-11-18 14:46 - 000017504 _____ C:\Windows\system32\EuEpmGdi.dll
        2017-09-04 09:37 - 2017-09-04 09:37 - 000000000 ____D C:\Users\mcpph\AppData\Local\FastStone
        2017-09-04 09:37 - 2017-09-04 09:37 - 000000000 ____D C:\ProgramData\FastStone
        2017-09-04 09:36 - 2017-09-04 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
        2017-09-04 09:36 - 2017-09-04 09:38 - 000000000 ____D C:\Program Files (x86)\FastStone Capture
        2017-09-04 09:31 - 2017-09-12 22:12 - 000004650 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
        2017-09-04 09:31 - 2017-09-12 21:38 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
        2017-09-04 09:30 - 2017-09-12 22:12 - 000000000 ____D C:\Users\mcpph\AppData\Local\Adobe
        2017-09-04 09:27 - 2017-09-04 09:37 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\FastStone
        2017-09-04 09:26 - 2017-09-04 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
        2017-09-04 09:26 - 2017-09-04 09:26 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
        2017-09-04 09:14 - 2017-09-09 17:38 - 000000000 ____D C:\Program Files\Opera
        2017-09-04 09:14 - 2017-09-09 07:08 - 000003958 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1504505679
        2017-09-04 09:14 - 2017-09-04 09:14 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Opera Software
        2017-09-04 09:14 - 2017-09-04 09:14 - 000000000 ____D C:\Users\mcpph\AppData\Local\Opera Software
        2017-09-04 09:12 - 2017-09-04 10:04 - 000003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
        2017-09-04 09:12 - 2017-09-04 09:12 - 000003604 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
        2017-09-04 09:12 - 2017-09-04 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
        2017-09-04 09:12 - 2017-09-04 09:12 - 000000000 ____D C:\ProgramData\Intel(R) Update Manager
        2017-09-04 09:11 - 2017-09-06 10:25 - 000000000 ____D C:\Users\mcpph\AppData\Local\Share Link
        2017-09-04 09:11 - 2017-09-04 10:04 - 000000000 ____D C:\ProgramData\Intel
        2017-09-04 09:11 - 2017-09-04 09:11 - 000003394 _____ C:\Windows\System32\Tasks\IntelBootstrapCCDashExe
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Connect Center
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files (x86)\ASUS
        2017-09-04 09:09 - 2017-09-12 15:13 - 000000000 ____D C:\Program Files\ExifPro 2.1
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\MiK
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\Users\mcpph\AppData\Local\MicrosoftEdge
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\ProgramData\MiK
        2017-09-04 09:06 - 2017-09-04 09:25 - 000000551 _____ C:\Users\mcpph\Desktop\PHOTOS.lnk
        2017-09-04 09:06 - 2017-09-04 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Endless Slideshow Screensaver
        2017-09-04 09:06 - 2017-09-04 09:06 - 000000000 ____D C:\Program Files (x86)\Endless Slideshow Screensaver
        2017-09-04 09:06 - 2015-12-01 16:11 - 005133824 _____ (Extreme Internet Software) C:\Windows\Endless-Slideshow.scr
        2017-09-04 09:06 - 2013-02-06 18:30 - 000337408 _____ (www.imageen.com) C:\Windows\dcrawlib.dll
        2017-09-04 09:06 - 2012-05-21 13:43 - 001274880 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\libeay32.dll
        2017-09-04 09:06 - 2012-05-21 13:43 - 000330752 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\ssleay32.dll
        2017-09-04 09:06 - 2007-06-23 08:29 - 000084992 _____ C:\Windows\jbiglib.dll
        2017-09-04 09:06 - 2005-08-30 07:00 - 003919872 _____ C:\Windows\imagemagick.dll
        2017-09-04 08:59 - 2017-09-04 14:36 - 000000000 ____D C:\ProgramData\Package Cache
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\Users\mcpph\Tracing
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\ProgramData\Skype
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
        2017-09-04 08:49 - 2017-09-04 08:49 - 000002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
        2017-09-04 08:49 - 2017-09-04 08:49 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection.lnk
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Panda Security
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Program Files\CCleaner
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Program Files (x86)\Panda Security
        2017-09-04 08:49 - 2017-07-19 05:31 - 000207328 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000179168 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000146912 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000140256 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000133600 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000117216 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys
        2017-09-04 08:49 - 2017-05-22 08:01 - 000072648 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
        2017-09-04 08:48 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Panda Security
        2017-09-04 08:43 - 2017-09-04 08:43 - 000000716 _____ C:\Users\mcpph\Desktop\SOFTWARE.lnk
        2017-09-04 08:40 - 2017-09-09 18:51 - 000000000 ____D C:\Wallpaper
        2017-09-04 08:37 - 2017-09-04 08:37 - 000004608 _____ C:\Windows\SECOH-QAD.exe
        2017-09-04 08:37 - 2017-09-04 08:37 - 000003584 _____ C:\Windows\SECOH-QAD.dll
        2017-09-04 08:37 - 2017-09-04 08:37 - 000003476 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
        2017-09-04 08:37 - 2017-09-04 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
        2017-09-04 08:37 - 2017-09-04 08:37 - 000000000 ____D C:\Program Files\KMSpico
        2017-09-04 08:37 - 2010-12-06 05:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
        2017-09-04 08:36 - 2017-09-17 12:39 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Skype
        2017-09-04 08:36 - 2017-09-17 12:20 - 001259196 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-04 08:36 - 2017-09-04 08:51 - 000000000 ___RD C:\Users\mcpph\OneDrive
        2017-09-04 08:36 - 2017-09-04 08:36 - 000000000 ____D C:\Users\mcpph\AppData\Local\Comms
        2017-09-04 08:35 - 2017-09-04 09:12 - 000000000 ____D C:\Program Files (x86)\Intel
        2017-09-04 08:35 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files\Intel
        2017-09-04 08:35 - 2017-09-04 08:36 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 ____D C:\Intel
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
        2017-09-04 08:35 - 2017-09-04 08:23 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
        2017-09-04 08:35 - 2017-09-04 08:23 - 000000000 __SHD C:\Users\mcpph\IntelGraphicsProfiles
        2017-09-04 08:35 - 2017-03-18 08:35 - 000095216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
        2017-09-04 08:35 - 2017-03-18 08:35 - 000091120 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
        2017-09-04 08:34 - 2017-09-04 17:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Adobe
        2017-09-04 08:34 - 2017-09-04 17:47 - 000000000 ____D C:\Users\mcpph\AppData\Local\Packages
        2017-09-04 08:34 - 2017-09-04 08:35 - 000000000 ____D C:\Users\mcpph\AppData\Local\ConnectedDevicesPlatform
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\VirtualStore
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\TileDataLayer
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\Publishers
        2017-09-04 08:33 - 2017-09-13 19:41 - 000000000 ____D C:\Users\mcpph
        2017-09-04 08:33 - 2017-09-04 08:33 - 000000020 ___SH C:\Users\mcpph\ntuser.ini
        2017-09-04 08:33 - 2017-09-04 08:33 - 000000000 ____D C:\ProgramData\USOShared
        2017-09-04 08:32 - 2017-07-12 07:39 - 000942592 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
        2017-09-04 08:32 - 2017-03-18 23:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
        2017-09-04 08:32 - 2017-03-18 07:59 - 004164608 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0002.dll
        2017-09-04 08:32 - 2017-03-18 07:55 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0002.dll
        2017-09-04 08:32 - 2017-03-18 07:54 - 001914368 _____ (Microsoft Corporation) C:\Windows\system32\MLS2.dll
        2017-09-04 08:32 - 2017-03-18 07:43 - 004164608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0002.dll
        2017-09-04 08:32 - 2017-03-18 07:40 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData0002.dll
        2017-09-04 08:32 - 2017-03-18 07:39 - 001868288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MLS2.dll
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-17 12:36 - 2017-03-18 14:40 - 000524288 _____ C:\Windows\system32\config\BBI
        2017-09-17 12:22 - 2017-03-19 00:01 - 000000000 ____D C:\Windows\INF
        2017-09-12 22:12 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
        2017-09-12 22:12 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\Macromed
        2017-09-05 23:33 - 2017-03-18 23:51 - 000000000 ____D C:\Windows\CbsTemp
        2017-09-05 08:03 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\appcompat
        2017-09-04 19:28 - 2017-03-19 00:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template
        2017-09-04 18:30 - 2017-03-18 14:40 - 000000000 ____D C:\Windows\system32\Sysprep
        2017-09-04 18:29 - 2017-03-19 05:31 - 000000000 ____D C:\Windows\HoloShell
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\PrintDialog
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\MiracastView
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
        2017-09-04 18:29 - 2017-03-18 14:40 - 000032768 _____ C:\Windows\system32\config\ELAM
        2017-09-04 17:47 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\AppReadiness
        2017-09-04 11:34 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-09-04 10:07 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
        2017-09-04 08:49 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
        2017-09-04 08:49 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\GroupPolicy
        2017-09-04 08:47 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\Cursors
        2017-09-04 08:33 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase
        2017-09-04 08:33 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\USOPrivate
        2017-09-04 08:32 - 2017-03-19 05:30 - 000000000 ____D C:\Windows\OCR
        2017-09-04 08:32 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\spool
        2017-09-04 08:32 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\FxsTmp
        2017-09-04 08:31 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\rescache
        2017-09-04 08:31 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
        ==================== Files in the root of some directories =======
        2017-09-17 12:04 - 2017-09-17 12:04 - 000423080 _____ () C:\ProgramData\WinSxA.exe
        Files to move or delete:
        ====================
        C:\ProgramData\WinSxA.exe

        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-04 18:29
        ==================== End of FRST.txt ============================
        Addition.txt
        Panda_report.txt
      • от pesho66
        Привет Имам проблем с дяловете на хард дисковете , вероятно става въпрос за някои вирус .Темата е пренасочена от Инфо за проблема
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
        Ran by BigUser (administrator) on BIGUSER-PC (03-09-2017 11:52:48)
        Running from C:\Users\BigUser\Downloads
        Loaded Profiles: BigUser (Available Profiles: BigUser)
        Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
        Internet Explorer Version 8 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (AMD) C:\Windows\System32\atiesrxx.exe
        (AMD) C:\Windows\System32\atieclxx.exe
        (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (Transaction Software, D 81737 Munich) C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\Run: [Viber] => C:\Users\BigUser\AppData\Local\Viber\Viber.exe [30896208 2017-08-22] (Viber Media S.à r.l.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17420464 2012-07-13] (Skype Technologies S.A.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\MountPoints2: G - G:\setup.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{0C599813-3678-49A7-B4FE-517D8BC490A4}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=260&clid=2255931
        SearchScopes: HKU\S-1-5-21-2627889718-3068437435-1976458178-1000 -> DefaultScope d2356acc-c842-11e6-bdf2-00262d527177 URL = hxxps://yandex.ru/search/?win=260&clid=2255932&text={searchTerms}
        SearchScopes: HKU\S-1-5-21-2627889718-3068437435-1976458178-1000 -> d2356acc-c842-11e6-bdf2-00262d527177 URL = hxxps://yandex.ru/search/?win=260&clid=2255932&text={searchTerms}
        BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
        BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
        BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
        BHO-x32: Instair -> {0D778FDC-FAD7-4B1D-AB88-7A76A562D65C} -> C:\Program Files\Instair\Instair.dll [2016-12-23] ()
        BHO-x32: QuickStores-Toolbar -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
        BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
        Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
        Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
        Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
        FireFox:
        ========
        FF ProfilePath: C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-09-03]
        FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
        FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Яндекс
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Яндекс
        FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
        FF Extension: (AdBlocker Ultimate) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-12-28]
        FF Extension: (Instair) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\contact@instair.net [2016-12-23] [not signed]
        FF Extension: (Nimbus Screen Capture - editable screenshots.) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2016-12-23]
        FF Extension: (Speed Dial [FVD] - New Tab Page, Sync...) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\pavel.sherbakov@gmail.com [2017-09-02]
        FF Extension: (Save as PDF) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2016-12-23]
        FF Extension: (Google Translator for Firefox) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\translator@zoli.bod.xpi [2017-02-12]
        FF Extension: (Google  Image Search) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2016-12-23]
        FF Extension: (DownThemAll!) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-12-23]
        FF SearchPlugin: C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-143319.xml [2016-12-22]
        FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-06-17] (VideoLAN)
        FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin-x32: @mobilityflow.com/tvp,version=1.0.1 -> C:\Program Files (x86)\Mobilityflow\Torrent Video Player\npvlc.dll [2012-11-19] (VideoLAN)
        FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2007-05-10] (Adobe Systems Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR HomePage: Default -> yandex.ru/?__PARAM__from=chromehp
        CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT2481034&SearchSource=48","hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={6189A548-5277-11E2-A19C-005056C00008}","hxxp://www.delta-search.com/?affID=119292&babsrc=HP_ss&mntrId=6ada26500000000000002eeee680fd43","hxxp://www.yandex.ru/?win=125&clid=2041421","hxxp://isearch.omiga-plus.com/?type=hp&ts=1405529599&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V","hxxp://isearch.omiga-plus.com/?type=hp&ts=1405530061&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V","hxxp://www.mystartsearch.com/?type=hp&ts=1418069766&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V"
        CHR DefaultSearchURL: Default -> hxxps://yandex.ru/search/?__PARAM__from=chromesearch&text={searchTerms}
        CHR DefaultSearchKeyword: Default -> yandex.ru
        CHR DefaultSuggestURL: Default -> hxxps://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms}
        CHR Session Restore: Default -> is enabled.
        CHR Profile: C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default [2017-01-11]
        CHR Extension: (Google Презентации) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-22]
        CHR Extension: (Google Диск) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-22]
        CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-12-22]
        CHR Extension: (YouTube) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-22]
        CHR Extension: (Adblock Plus) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-22]
        CHR Extension: (Google Търсене) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-12-22]
        CHR Extension: (Електронни таблици от Google) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-22]
        CHR Extension: (Google Документи офлайн) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
        CHR Extension: (AdBlock) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-07]
        CHR Extension: (Запазване в Google Диск) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-12-22]
        CHR Extension: (Numerics Calculator & Converter) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2016-12-22]
        CHR Extension: (Google Карти) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-12-22]
        CHR Extension: (Save to Pocket) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-12-22]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-22]
        CHR Extension: (Gmail) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-22]
        CHR Extension: (Chrome Media Router) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-22]
        CHR HKLM-x32\...\Chrome\Extension: [geidjeefddhgefeplhdlegoldlgiodon] - hxxp://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [lgdnilodcpljomelbbnpgdogdbmclbni] - hxxp://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [pjfkgjlnocfakoheoapicnknoglipapd] - hxxp://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
        S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
        S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
        R2 Transbase; C:\BMWgroup\ETKLokal\transbase\tbmux32.exe [385024 2004-08-05] (Transaction Software, D 81737 Munich) [File not signed]
        S2 Transbase TECDOC CD 1_2015 Service; F:\TECDOC_CD\1_2015\db\tbmux32.exe [360448 2014-05-08] (Transaction Software, D 81829 Munich) [File not signed]
        R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
        R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
        S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 esgiguard; F:\My Programs\Антиспам-програми Firewalls\SpyHunter\esgiguard.sys [15920 2016-08-25] (Enigma Software Group USA, LLC.)
        S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
        S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-07-23] (Windows (R) Win 7 DDK provider)
        U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
        S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-04-19] (Western Digital Technologies)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-03 11:52 - 2017-09-03 11:53 - 000015913 _____ C:\Users\BigUser\Downloads\FRST.txt
        2017-09-03 11:52 - 2017-09-03 11:52 - 000000000 ____D C:\FRST
        2017-09-03 11:50 - 2017-09-03 11:50 - 002395648 _____ (Farbar) C:\Users\BigUser\Downloads\FRST64.exe
        2017-09-03 11:45 - 2017-09-03 11:46 - 000008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
        2017-09-02 21:11 - 2017-09-02 21:11 - 000002515 _____ C:\Users\Public\Desktop\Skype.lnk
        2017-09-02 21:11 - 2017-09-02 21:11 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-09-02 21:11 - 2017-09-02 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
        2017-09-02 21:08 - 2017-09-02 21:08 - 000000000 ____D C:\Windows\system32\appmgmt
        2017-09-02 20:54 - 2017-09-02 21:07 - 000000000 ____D C:\Users\BigUser\Desktop\b
        2017-09-02 16:04 - 2017-09-02 16:05 - 000000000 ____D C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Pro
        2017-09-02 16:04 - 2017-09-02 16:04 - 000002007 _____ C:\Users\BigUser\AppData\Roaming\Microsoft\Windows\Start Menu\ScreenHunter 5.1 Pro.lnk
        2017-09-02 16:04 - 2017-09-02 16:04 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro
        2017-09-02 16:04 - 2017-09-02 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro
        2017-09-01 13:25 - 2017-09-01 13:25 - 000000000 ____D C:\Users\BigUser\AppData\Local\Viber Media S.à r.l
        2017-09-01 13:24 - 2017-09-01 13:25 - 000000000 ____D C:\Users\BigUser\AppData\Local\Viber
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-03 11:52 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-09-03 11:52 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-09-03 11:48 - 2009-07-14 08:13 - 000781782 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-03 11:48 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
        2017-09-03 11:45 - 2016-12-22 15:11 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\ViberPC
        2017-09-03 11:44 - 2016-12-22 15:11 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Skype
        2017-09-03 11:44 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-03 10:59 - 2016-12-22 14:56 - 000000000 ____D C:\Program Files (x86)\Steam
        2017-09-03 10:24 - 2016-12-23 21:46 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Nitro PDF
        2017-09-03 10:06 - 2017-03-05 01:31 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\vlc
        2017-09-02 21:20 - 2016-12-22 14:40 - 000000000 ____D C:\Users\BigUser\Documents\ViberDownloads
        2017-09-02 21:11 - 2016-12-22 15:11 - 000000000 ____D C:\ProgramData\Skype
        2017-09-02 20:54 - 2016-12-22 14:25 - 000000000 ____D C:\Users\BigUser
        2017-09-02 11:19 - 2016-12-26 23:20 - 000000000 ____D C:\BMWScan140
        2017-09-01 17:37 - 2017-02-26 23:56 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\uTorrent
        2017-09-01 17:37 - 2017-02-26 23:56 - 000000000 ____D C:\Users\BigUser\AppData\LocalLow\uTorrent
        2017-09-01 13:20 - 2016-12-22 14:50 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-09-01 13:20 - 2016-12-22 14:50 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
        2017-09-01 13:13 - 2016-12-22 14:50 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2017-09-01 13:13 - 2016-12-22 14:50 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        ==================== Files in the root of some directories =======
        2016-12-22 15:25 - 2014-04-29 18:36 - 000000036 _____ () C:\Users\BigUser\AppData\Local\installLang.ini
        2016-12-25 21:14 - 2016-12-26 20:40 - 012390794 _____ () C:\ProgramData\OfflineCatalogue_1_2015_TECDOC_CD.log
        Some files in TEMP:
        ====================
        2010-11-18 23:27 - 2010-11-18 23:27 - 000587776 _____ (Igor Pavlov) C:\Users\BigUser\AppData\Local\Temp\7za.exe
        2016-12-26 18:35 - 2013-09-04 16:01 - 023454528 ____N (                                   ) C:\Users\BigUser\AppData\Local\Temp\AdbeRdr_en_US.exe
        2016-12-22 15:29 - 2016-12-22 15:29 - 000059904 _____ () C:\Users\BigUser\AppData\Local\Temp\bitool.dll
        2013-07-29 01:22 - 2013-07-29 01:22 - 000107520 _____ () C:\Users\BigUser\AppData\Local\Temp\KEYGEN-FFF.exe
        2016-12-22 15:27 - 2013-10-16 23:55 - 000036864 _____ (noOrg) C:\Users\BigUser\AppData\Local\Temp\lanbox.exe
        2015-07-31 07:06 - 2015-07-31 07:06 - 000242864 ____R (Microsoft Corporation) C:\Users\BigUser\AppData\Local\Temp\ose00000.exe
        2014-11-08 11:33 - 2015-01-08 00:48 - 000601088 _____ () C:\Users\BigUser\AppData\Local\Temp\Quarantine.exe
        2010-03-31 22:17 - 2010-03-31 22:17 - 000435544 _____ (AB-Tools.com                                                ) C:\Users\BigUser\AppData\Local\Temp\QuickStores_Unlocker.exe
        2012-11-02 12:08 - 2012-11-02 12:08 - 000118784 _____ () C:\Users\BigUser\AppData\Local\Temp\xmlUpdater.exe
        2016-12-22 15:33 - 2016-09-08 18:01 - 000237920 _____ () C:\Users\BigUser\AppData\Local\Temp\YandexWorking.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-04-04 01:52
        ==================== End of FRST.txt ============================
         
         
         
        Addition.txt
      • от Филипов
        Не е мой. Поради това мога да се забавя с реакцията. Нещо иска да поправя компютъра / упдейтва драйвери.
        Едното го премахмах от Add/Remove Programs и се замени от друг подобен боклук.
        Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
        Ran by User 1 (administrator) on HOME-5D870EAA9B (01-09-2017 21:38:43)
        Running from C:\Documents and Settings\User 1\Desktop
        Loaded Profiles: User 1 & UpdatusUser (Available Profiles: User 1 & UpdatusUser)
        Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
        Internet Explorer Version 8 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
        (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
        (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
        () C:\Documents and Settings\User 1\Application Data\System Monitor\sm.exe
        (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
        (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
        (Jawego) C:\Program Files\PC Protector Plus\PCProtectorPlus.exe
        (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
        (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [AudioDeck] => C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [528384 2007-08-09] (VIA Technologies, Inc.)
        HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
        HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
        HKLM\...\Run: [PC Protector Plus_startup] => C:\Program Files\PC Protector Plus\PCProtectorPlus.exe [6239680 2016-09-26] (Jawego)
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [25479680 2017-03-20] (Skype Technologies S.A.)
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [SMReminder] => C:\Documents and Settings\User 1\Application Data\System Monitor\sm.exe [2959312 2017-08-30] ()
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [securedriverupdaterDUReminder] => C:\Program Files\Secure Driver Updater\SDU.exe -rem
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\MountPoints2: {350a9c3e-b665-11e6-a11e-0008c7399231} - D:\LGAutoRun.exe
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\MountPoints2: {c9e26fc6-0281-11e3-9c1b-000b6a1cfcf7} - CMD /C START SysConfig.{645FF040-5081-101B-9F08-00AA002F954E}\sysconfig-x932851.dat
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
        Tcpip\..\Interfaces\{ED529269-1461-4DBF-ADAD-F0E66CE70B2A}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://gbg.bg/
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
        URLSearchHook: [S-1-5-21-1757981266-1275210071-1644491937-1004] ATTENTION => Default URLSearchHook is missing
        BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
        DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
        Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
        FireFox:
        ========
        FF ProfilePath: C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750 [2017-09-01]
        FF Session Restore: C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750 -> is enabled.
        FF Extension: (Enhancer for YouTube™) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-06-19]
        FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-06-20]
        FF Extension: (Low Quality Flash) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\low_quality_flash@pie2k.com [2017-06-19]
        FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
        FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18] [not signed]
        FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-01] ()
        FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
        FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
        FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
        CHR HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-01] (Adobe Systems Incorporated) [File not signed]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
        S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2013-08-17] (Phoenix Technologies) [File not signed]
        S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
        R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
        R3 N100; C:\WINDOWS\System32\DRIVERS\n100325.sys [128000 2001-08-17] (Compaq Computer Corporation)
        S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
        S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc)
        R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
        R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-01 21:38 - 2017-09-01 21:39 - 000008769 _____ C:\Documents and Settings\User 1\Desktop\FRST.txt
        2017-09-01 21:38 - 2017-09-01 21:38 - 000000000 ____D C:\FRST
        2017-09-01 21:32 - 2017-09-01 21:32 - 001792512 _____ (Farbar) C:\Documents and Settings\User 1\Desktop\FRST.exe
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000780 _____ C:\Documents and Settings\All Users\Desktop\PC Protector Plus.lnk
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000326 _____ C:\WINDOWS\Tasks\PC Protector Plus_runnag.job
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Program Files\PC Protector Plus
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Local Settings\Application Data\Jawego
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\PCPRJ
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\Jawego
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PC Protector Plus
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Jawego
        2017-09-01 20:57 - 2016-09-26 17:26 - 000022464 _____ C:\WINDOWS\system32\pcplusnative32.exe
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-01 21:39 - 2013-08-11 14:47 - 000000000 ____D C:\Documents and Settings\User 1\Local Settings\Temp
        2017-09-01 21:37 - 2013-08-11 16:29 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\Skype
        2017-09-01 21:23 - 2013-08-11 15:11 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
        2017-09-01 21:15 - 2015-01-05 17:01 - 000000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
        2017-09-01 20:57 - 2017-06-20 16:22 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\System Monitor
        2017-09-01 20:53 - 2014-02-16 19:52 - 000003564 _____ C:\WINDOWS\wincmd.ini
        2017-09-01 20:52 - 2016-12-17 02:04 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d257f0bb9fdf30.job
        2017-09-01 20:52 - 2015-01-05 17:01 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
        2017-09-01 20:52 - 2014-06-19 14:26 - 000000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
        2017-09-01 20:52 - 2013-08-11 14:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-09-01 20:52 - 2008-04-14 12:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
        2017-09-01 20:51 - 2013-08-11 14:47 - 000000178 ___SH C:\Documents and Settings\User 1\ntuser.ini
        2017-09-01 20:51 - 2013-08-11 14:43 - 000032540 _____ C:\WINDOWS\SchedLgU.Txt
        2017-09-01 16:23 - 2017-08-01 10:23 - 005763072 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
        2017-09-01 16:23 - 2013-08-11 15:11 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
        2017-09-01 16:23 - 2013-08-11 15:11 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
        2017-09-01 16:23 - 2013-08-11 14:34 - 000000000 ____D C:\WINDOWS\system32\Macromed
        2017-08-08 15:00 - 2014-06-19 14:26 - 000000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
        ==================== Files in the root of some directories =======
        2014-12-11 13:44 - 2014-12-11 13:44 - 000031611 ____C () C:\Program Files\third-party_attributions.txt
        2015-09-20 04:55 - 2017-05-03 22:21 - 000009728 _____ () C:\Documents and Settings\User 1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        ==================== End of FRST.txt ============================
        Addition.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.