Премини към съдържанието

    Препоръчан отговор


    Правя тази тема във връзка с този съвет -

    "Здравейте,
    до вчера нямах проблеми, но днес като включих Google Chrome и се опитах да вляза в профила ми в един посещаван от мен сайт, забелязах, че нямам достъп до него, в последствие разбрах, че профила е откраднат от друг човек.. По принцип съм предпазлив и за пръв път ми се случва този проблем.
    След това, забелязах че самия Google Chrome ми се струва някак променен и на мястото за линковете имам удивителна, става въпрос за това -
    .gp1XYf3.jpg
    ___
    BIn5YPe.jpg

    Доста различно ми се струва и при писането на линкове и подсетката им под полето и т.н.
    За щастие, както казах съм предпазлив и са успяли само този въпросен профил да откраднат, иначе видях, че са се опитали да "хакнат" и други мои профили, но не са успяли..


    Ако съм пуснал темата в грешния раздел, се извинявам и моля да бъдете преместена в правилния.

    Предварително благодаря за помощта."

    и 

    " Не въпроса не е там.. Нямам предвид самото предупреждение, ами че преди, да ми разберат паролата за профила, който ми откраднаха го нямаше и по-различен начин ми се изобразяваха примерно подсказките за линкове, под полето за въвеждане на линкове. Иначе профила в Google и други важни профили, не мисля че имат достъп до тях и не знаят паролите, тъй като на всеки профил във всеки сайт съм с различна парола и то паролите са ми СЛОЖНИ..

    Като цяло, публикувах тази тема, за да разбера дали имам някакъв остатъчен проблем, защото нещата ми изглеждат различни.. 
    Преинсталирах Chrome-а, трих историята и връщах настройките по Default, не си остава така, няма промяна. "

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
    Ran by Maria (administrator) on MARIA-PC (18-09-2016 11:08:00)
    Running from C:\Users\Maria\Downloads
    Loaded Profiles: Maria (Available Profiles: Maria)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Български (България)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Viber Media S.à r.l.) C:\Users\Maria\AppData\Local\Viber\Viber.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
    (Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
    (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    () C:\Program Files (x86)\watchmi\TvdTray.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\osk.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-05-02] (NVIDIA Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2011-12-12] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-12-12] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-12-12] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-12-12] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-05] (Wistron)
    HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-05] (Wistron Corp.)
    HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-12] (Wistron Corp.)
    HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-04-14] (CyberLink)
    HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [228448 2011-04-14] (CyberLink Corp.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\Run: [Viber] => C:\Users\Maria\AppData\Local\Viber\Viber.exe [72586832 2016-08-10] (Viber Media S.à r.l.)
    HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29544576 2016-08-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\MountPoints2: {36cbb134-6038-11e3-ab62-00262dcb26f7} - F:\SETUP.EXE
    HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\MountPoints2: {4339173f-600a-11e3-af29-00262dcb26f7} - F:\Start.exe
    HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\MountPoints2: {6968120d-d786-11dd-a6b3-00262dcb26f7} - I:\LGAutoRun.exe
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177952 2016-05-20] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-05-20] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2013-12-08]
    ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_STARTUP_F1540F35F9254DF584F2487D88448402.exe (Acresso Software Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{4BCFF095-6E1B-4083-8FB3-35C41610CAF9}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\dbbhtf5g.default
    FF Homepage: hxxp://www.google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-20] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-20] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-18] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-18] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2015-04-27]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2015-04-27]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2015-04-27]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-04-27]
    FF Extension: (Video DownloadHelper) - C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\dbbhtf5g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-12]
    FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

    Chrome: 
    =======
    CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default [2016-09-18]
    CHR Extension: (Google Презентации) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-17]
    CHR Extension: (Google Документи) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-17]
    CHR Extension: (Google Диск) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-17]
    CHR Extension: (YouTube) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-17]
    CHR Extension: (Електронни таблици от Google) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-17]
    CHR Extension: (Google Документи офлайн) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-17]
    CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-17]
    CHR Extension: (Gmail) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-17]
    CHR Extension: (Chrome Media Router) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-17]
    CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-09-18]
    CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-18]
    CHR Extension: (Chrome Media Router) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-18]
    CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-18] <==== ATTENTION
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
    R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2000-01-01] (Intel Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
    S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
    S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-05-10] (The OpenVPN Project)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2011-12-12] () [File not signed]
    S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-05] (Wistron Corp.)
    R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [158464 2013-12-08] (ITE                      )
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-17] (Malwarebytes)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
    R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2000-01-01] (Realtek Semiconductor Corp.)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-19] ()
    S3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2009-07-20] (Swisscom)
    S3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [384808 2009-07-20] (Swisscom)
    R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
    S1 ArcSec; system32\drivers\ArcSec.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

    ========================== Drivers MD5 =======================

    C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
    C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
    C:\Windows\System32\DRIVERS\AMPPAL.sys 9C385432C11AECC647E8D0BC7663AB48
    C:\Windows\System32\DRIVERS\amppal.sys 9C385432C11AECC647E8D0BC7663AB48
    C:\Windows\system32\drivers\appid.sys 52F8C264D3BF90D2726FDE6642A381D4
    C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
    C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
    C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
    C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
    C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
    C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
    C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
    C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
    C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
    C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
    C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
    C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
    C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
    C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
    C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
    C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
    C:\Windows\System32\DRIVERS\igdkmd64.sys 8C44E6B688790E2AD3846C97661C54F1
    C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\RTKVHD64.sys A5F7CEF8A939EBE270462EDEFD629F20
    C:\Windows\System32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
    C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
    C:\Windows\System32\Drivers\IT9135BDA.sys 00CB3B7A1B166B425F9A330CA51E3568
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys EB7BB4F58971F4FE099B3CE127346563
    C:\Windows\System32\Drivers\ksecpkg.sys 6EBBA531A455E8F1092FD530A8682A97
    C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\L1C62x64.sys 6DD5383C9413AAE3113FAF89E345663D
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
    C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
    C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
    C:\Windows\System32\DRIVERS\MpFilter.sys DA0FAEE45D6F03D7647851A20977A7D0
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
    C:\Windows\System32\DRIVERS\mrxsmb.sys 341C65D6D4E9AB705258AC83511F7ADD
    C:\Windows\System32\DRIVERS\mrxsmb10.sys F93EDDF0B69760456C6E0D73405AC078
    C:\Windows\System32\DRIVERS\mrxsmb20.sys A558D659B722FE5FB8C6E1BF288F7316
    C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
    C:\Windows\System32\DRIVERS\NETwsw00.sys 3184D1564F9970F4EC81AF0347AD42B7
    C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6D79C8CB73187FBEAAD1F680FADF98D3
    C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
    C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nvlddmkm.sys B67A5ECFA7043F3CE21CBA39B2682976
    C:\Windows\System32\DRIVERS\nvpciflt.sys BA2E0DDBBF6CE6F0A8587AF789134DA2
    C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
    C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys DEF76B479C3525952D0BD71E881E07B0
    C:\Windows\System32\drivers\nvvad64v.sys F37FE6B15A987AEEC08EEF531F2FAED7
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
    C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
    C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
    C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RTSUVSTOR.sys CE0A1D8A59410E698140821E4E69DA0D
    C:\Windows\System32\DRIVERS\rtcrfilt64.sys E6458C9289160F440AC40D62926B39A6
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F
    C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495
    C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225
    C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\SWDUMon.sys 9CFEFD62D86DABFAC12D1C5ED72BA6A4
    C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\SynTP.sys B3AD15FA10EBEAFC1275F34050E4E230
    C:\Windows\System32\DRIVERS\tap0901.sys D765F43CBEA72D14C04AF3D2B9C8E54B
    C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
    C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
    C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
    C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
    C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tihub3.sys DA632FAE7B5629032B2C24E1BE29168B
    C:\Windows\System32\DRIVERS\tixhci.sys 6AAD465F69632931B6D8D61B287E6DE9
    C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
    C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
    C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
    C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
    C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
    C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
    C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
    C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
    C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
    C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
    C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
    C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
    C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wsvd.sys 82E8F5AA03DF7DBDB8A33F700D5D8CDA
    C:\Windows\System32\DRIVERS\wtsmpadap.sys F7ADA10CF0F02435B1C9E5C6FD0EC3A4
    C:\Windows\System32\DRIVERS\wtsmpflt.sys 4B604168F293A6AD8CE56B528E4DAD14
    C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
    C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
    C:\Windows\System32\Drivers\x10hid.sys BAA813A76F5DB6CC3C2CEAB7D82B6972

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Three Months Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-18 11:08 - 2016-09-18 11:09 - 00037321 _____ C:\Users\Maria\Downloads\FRST.txt
    2016-09-18 11:07 - 2016-09-18 11:08 - 00000000 ____D C:\FRST
    2016-09-18 11:06 - 2016-09-18 11:06 - 02399232 _____ (Farbar) C:\Users\Maria\Downloads\FRST64.exe
    2016-09-18 09:36 - 2016-09-18 10:41 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-18 09:36 - 2016-09-18 09:41 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-09-18 09:36 - 2016-09-18 09:36 - 00003992 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-09-18 09:36 - 2016-09-18 09:36 - 00003740 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-09-18 09:36 - 2016-09-18 09:36 - 00002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-09-18 09:36 - 2016-09-18 09:36 - 00002253 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-09-18 09:36 - 2016-09-18 09:36 - 00000000 ____D C:\Program Files (x86)\Google
    2016-09-17 02:15 - 2016-09-17 02:20 - 00001456 _____ C:\Users\Maria\AppData\Local\Adobe Save for Web 13.0 Prefs
    2016-09-17 01:57 - 2016-09-17 01:57 - 00000000 ____D C:\Users\Maria\Documents\Adobe
    2016-09-16 10:11 - 2016-09-16 10:11 - 00017007 _____ C:\Users\Maria\Downloads\Fucking The Feds (22.04.2016) 1080p (Rachel Starr & Charles Dera & Keiran Lee).mp4.torrent
    2016-09-15 23:18 - 2016-09-15 23:18 - 00016731 _____ C:\Users\Maria\Downloads\Dead.Rising.Endgame.2016.WEBRip.x264.AAC-WAR.torrent
    2016-09-15 23:16 - 2016-09-15 23:16 - 00014898 _____ C:\Users\Maria\Downloads\Dead.Rising.Endgame.2016.HDRip.XviD.AC3-EVO.torrent
    2016-09-15 23:16 - 2016-09-15 23:16 - 00014898 _____ C:\Users\Maria\Downloads\Dead.Rising.Endgame.2016.HDRip.XviD.AC3-EVO (1).torrent
    2016-09-14 22:18 - 2016-09-01 22:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-09-14 22:18 - 2016-09-01 21:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-09-14 22:18 - 2016-09-01 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-09-14 22:18 - 2016-09-01 06:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-09-14 22:18 - 2016-09-01 05:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-09-14 22:18 - 2016-09-01 05:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-09-14 22:18 - 2016-09-01 05:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-09-14 22:18 - 2016-09-01 05:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-09-14 22:18 - 2016-09-01 05:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-09-14 22:18 - 2016-09-01 05:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-09-14 22:18 - 2016-09-01 05:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-09-14 22:18 - 2016-09-01 05:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-09-14 22:18 - 2016-09-01 05:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-09-14 22:18 - 2016-09-01 05:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-09-14 22:18 - 2016-09-01 05:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-09-14 22:18 - 2016-09-01 05:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-09-14 22:18 - 2016-09-01 05:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-09-14 22:18 - 2016-09-01 04:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-09-14 22:18 - 2016-09-01 04:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-09-14 22:18 - 2016-09-01 04:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-09-14 22:18 - 2016-09-01 04:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-09-14 22:18 - 2016-09-01 04:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-09-14 22:18 - 2016-09-01 04:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-09-14 22:18 - 2016-09-01 04:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-09-14 22:18 - 2016-09-01 04:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-09-14 22:18 - 2016-09-01 04:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-09-14 22:18 - 2016-09-01 04:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-09-14 22:18 - 2016-09-01 04:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-09-14 22:18 - 2016-09-01 04:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-09-14 22:18 - 2016-09-01 03:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-09-14 22:18 - 2016-09-01 03:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-09-14 22:18 - 2016-09-01 03:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-09-14 22:18 - 2016-09-01 03:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-09-14 22:18 - 2016-09-01 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-09-14 22:18 - 2016-09-01 03:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-09-14 22:18 - 2016-09-01 03:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-09-14 22:18 - 2016-09-01 03:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-09-14 22:18 - 2016-09-01 03:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-09-14 22:18 - 2016-09-01 03:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-09-14 22:18 - 2016-09-01 03:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-09-14 22:18 - 2016-09-01 03:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-09-14 22:18 - 2016-09-01 03:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-09-14 22:18 - 2016-09-01 03:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-09-14 22:18 - 2016-09-01 03:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-09-14 22:18 - 2016-09-01 03:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-09-14 22:18 - 2016-09-01 03:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-09-14 22:18 - 2016-09-01 03:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-09-14 22:18 - 2016-09-01 03:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-09-14 22:18 - 2016-09-01 03:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-09-14 22:18 - 2016-09-01 03:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-09-14 22:18 - 2016-09-01 02:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-09-14 22:18 - 2016-09-01 02:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-09-14 22:18 - 2016-09-01 02:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-09-14 22:18 - 2016-09-01 02:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-09-14 22:18 - 2016-09-01 02:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-09-14 22:18 - 2016-09-01 02:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-09-14 22:18 - 2016-09-01 02:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-09-14 22:18 - 2016-09-01 02:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-09-14 22:18 - 2016-09-01 02:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-09-14 22:18 - 2016-09-01 02:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-09-14 22:18 - 2016-09-01 02:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-09-14 22:18 - 2016-09-01 02:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-09-14 22:18 - 2016-09-01 02:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-09-14 22:18 - 2016-09-01 02:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-09-14 22:18 - 2016-09-01 01:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-09-14 22:18 - 2016-09-01 01:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-09-14 22:18 - 2016-08-16 20:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2016-09-14 22:18 - 2016-08-16 05:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2016-09-14 22:18 - 2016-08-16 05:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-09-14 22:18 - 2016-08-12 19:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2016-09-14 22:18 - 2016-08-12 19:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2016-09-14 22:18 - 2016-08-12 19:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2016-09-14 22:17 - 2016-09-02 18:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-09-14 22:17 - 2016-09-02 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-09-14 22:17 - 2016-09-02 18:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-09-14 22:17 - 2016-09-02 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-09-14 22:17 - 2016-09-02 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-09-14 22:17 - 2016-09-02 18:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-09-14 22:17 - 2016-09-02 18:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-09-14 22:17 - 2016-09-02 18:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-09-14 22:17 - 2016-09-02 18:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-09-14 22:17 - 2016-09-02 18:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-09-14 22:17 - 2016-09-02 18:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-09-14 22:17 - 2016-09-02 18:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-09-14 22:17 - 2016-09-02 18:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-09-14 22:17 - 2016-09-02 18:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-09-14 22:17 - 2016-09-02 18:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-09-14 22:17 - 2016-09-02 18:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-09-14 22:17 - 2016-09-02 18:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 18:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-09-14 22:17 - 2016-09-02 18:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-09-14 22:17 - 2016-09-02 18:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-09-14 22:17 - 2016-09-02 17:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-09-14 22:17 - 2016-09-02 17:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-09-14 22:17 - 2016-09-02 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-09-14 22:17 - 2016-09-02 17:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-09-14 22:17 - 2016-09-02 17:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-09-14 22:17 - 2016-09-02 17:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-09-14 22:17 - 2016-09-02 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-09-14 22:17 - 2016-09-02 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-09-14 22:17 - 2016-09-02 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-09-14 22:17 - 2016-09-02 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-09-14 22:17 - 2016-09-02 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-09-14 22:17 - 2016-09-02 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-09-14 22:17 - 2016-06-06 19:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2016-09-14 22:17 - 2016-06-06 19:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2016-09-14 22:17 - 2016-06-06 19:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2016-09-14 22:17 - 2016-06-06 19:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2016-09-14 22:17 - 2016-06-06 18:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2016-09-14 22:17 - 2016-06-06 18:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2016-09-14 22:17 - 2016-06-06 18:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2016-09-14 22:17 - 2016-06-06 18:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2016-09-14 22:17 - 2016-05-14 01:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-09-14 22:17 - 2016-05-14 01:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-09-14 22:17 - 2016-05-14 01:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-09-14 22:17 - 2016-05-14 01:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2016-09-14 22:17 - 2016-05-14 00:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-09-14 22:17 - 2016-05-14 00:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-09-14 22:17 - 2016-05-14 00:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-09-14 22:17 - 2016-05-14 00:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-09-14 22:17 - 2016-05-14 00:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2016-09-14 22:17 - 2016-05-14 00:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2016-09-14 22:17 - 2016-05-14 00:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2016-09-14 22:17 - 2016-05-14 00:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2016-09-14 22:17 - 2016-05-14 00:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2016-09-14 22:17 - 2016-05-14 00:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2016-09-14 22:17 - 2016-05-14 00:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2016-09-14 22:17 - 2016-05-14 00:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2016-09-14 22:17 - 2016-05-12 20:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2016-09-14 22:17 - 2016-05-12 18:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
    2016-09-14 22:17 - 2016-05-12 18:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2016-09-14 22:17 - 2016-05-04 20:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-09-14 22:17 - 2016-05-04 20:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-09-14 22:17 - 2016-05-04 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-09-14 22:17 - 2016-05-04 20:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-09-14 22:17 - 2016-05-04 20:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2016-09-14 22:17 - 2016-05-04 20:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-09-14 22:17 - 2016-05-04 20:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-09-14 22:17 - 2016-05-04 18:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2016-09-14 22:17 - 2016-05-04 17:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2016-09-14 22:16 - 2016-09-02 18:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-09-14 22:16 - 2016-09-02 18:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-09-14 22:16 - 2016-09-02 18:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-09-14 22:16 - 2016-09-02 18:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-09-14 22:16 - 2016-09-02 18:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-09-14 22:16 - 2016-09-02 18:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-09-14 22:16 - 2016-09-02 18:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-09-14 22:16 - 2016-09-02 18:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-09-14 22:16 - 2016-09-02 18:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-09-14 22:16 - 2016-09-02 18:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-09-14 22:16 - 2016-09-02 18:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-09-14 22:16 - 2016-09-02 18:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-09-14 22:16 - 2016-09-02 18:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-09-14 22:16 - 2016-09-02 18:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-09-14 22:16 - 2016-09-02 18:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-09-14 22:16 - 2016-09-02 18:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-09-14 22:16 - 2016-09-02 18:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-09-14 22:16 - 2016-09-02 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-09-14 22:16 - 2016-09-02 17:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-09-14 22:16 - 2016-09-02 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-09-14 22:16 - 2016-08-06 18:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2016-09-14 22:16 - 2016-08-06 18:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2016-09-14 22:16 - 2016-07-07 18:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2016-09-14 22:16 - 2016-07-07 18:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2016-09-14 22:16 - 2016-07-07 18:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2016-09-14 22:16 - 2016-07-07 18:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
    2016-09-14 22:16 - 2016-07-01 18:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-09-14 22:16 - 2016-07-01 18:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2016-09-14 22:16 - 2016-07-01 18:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-09-14 22:16 - 2016-07-01 18:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2016-09-14 22:16 - 2016-05-04 20:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2016-09-14 22:16 - 2016-05-04 20:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2016-09-14 22:16 - 2016-05-04 20:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2016-09-14 22:00 - 2016-09-14 22:00 - 00010936 _____ C:\Users\Maria\Downloads\Dead.Rising.Watchtowe.2015.576p.BRRip.x264.DUAL-SiSO.torrent
    2016-09-14 08:45 - 2016-09-14 08:45 - 00019535 _____ C:\Users\Maria\Downloads\[CFNMSecret] Dylan Daniels, Gabriella Ford, Liza Rowe, Jojo Kiss [Game of Cocks].torrent
    2016-09-13 21:10 - 2016-09-13 21:10 - 00655568 _____ C:\Users\Maria\Downloads\Warcraft.2016.1080p.BluRay.x264-SPARKS.torrent
    2016-09-12 09:41 - 2016-09-12 09:41 - 00015782 _____ C:\Users\Maria\Downloads\Marc Dorcel -  Novice Lawyer.torrent
    2016-09-12 09:40 - 2016-09-12 09:40 - 00011719 _____ C:\Users\Maria\Downloads\RealityJunkies - Trisha Parks - DP Touchdown.torrent
    2016-09-11 17:37 - 2016-09-12 16:49 - 00002499 _____ C:\Users\Maria\Desktop\vip extri d2.txt
    2016-09-11 13:22 - 2016-09-11 13:22 - 00016663 _____ C:\Users\Maria\Downloads\BrazzersExxtra - Elsa Jean, Riley Reid (Licking Locked Up).torrent
    2016-09-11 13:22 - 2016-09-11 13:22 - 00011603 _____ C:\Users\Maria\Downloads\BangBrosClips - Jillian Janson.torrent
    2016-09-10 21:42 - 2016-09-10 21:42 - 00011840 _____ C:\Users\Maria\Downloads\The.Haunting.In.Connecticut.2009.EXTENDED.720p.BRRip.XviD.AC3-ViSiON.torrent
    2016-09-10 21:38 - 2016-09-10 21:38 - 00034362 _____ C:\Users\Maria\Downloads\The.Pyramid.2014.1080p.BluRay.x264-GECKOS (1).torrent
    2016-09-10 21:37 - 2016-09-10 21:37 - 00034362 _____ C:\Users\Maria\Downloads\The.Pyramid.2014.1080p.BluRay.x264-GECKOS.torrent
    2016-09-09 11:23 - 2007-01-18 17:35 - 00000000 ____D C:\Program Files\cs1.6
    2016-09-08 22:20 - 2016-09-08 22:20 - 00014819 _____ C:\Users\Maria\Downloads\Poltergeist.SCR.x265-WARHD.torrent
    2016-09-08 21:42 - 2016-09-08 21:42 - 00013710 _____ C:\Users\Maria\Downloads\Poltergeist.2015.EXTENDED.720p.x265-WAR.torrent
    2016-09-08 21:41 - 2016-09-08 21:41 - 00014468 _____ C:\Users\Maria\Downloads\Poltergeist.2015.EXTENDED.BRRip.XViD.AC3-ETRG.torrent
    2016-09-08 21:40 - 2016-09-08 21:40 - 00013263 _____ C:\Users\Maria\Downloads\Poltergeist.2015.Extended.BDRip.XviD-WAR.torrent
    2016-09-06 21:21 - 2016-09-06 21:21 - 00021908 _____ C:\Users\Maria\Downloads\The.Darkness.2016.720p.BluRay.x264.DTS-WAR.torrent
    2016-09-06 20:06 - 2016-09-06 20:18 - 00000000 ____D C:\Users\Maria\Desktop\CHISTA Platforma ReHLDS
    2016-09-06 10:24 - 2016-09-06 10:24 - 00010478 _____ C:\Users\Maria\Downloads\Boxtrucksex - Lien Parker .torrent
    2016-09-06 10:22 - 2016-09-06 10:22 - 00011341 _____ C:\Users\Maria\Downloads\Boxtrucksex - Candee Licious.torrent
    2016-09-05 11:10 - 2016-09-05 11:10 - 00013071 _____ C:\Users\Maria\Downloads\All Asian.torrent
    2016-09-05 11:09 - 2016-09-05 11:09 - 00162552 _____ C:\Users\Maria\Downloads\Russian Institute 22 - Medical Exam.torrent
    2016-09-05 11:08 - 2016-09-05 11:08 - 00011209 _____ C:\Users\Maria\Downloads\xart.16.09.03.jillian.janson.and.blake.eden.the.pussy.cat.burglar.torrent
    2016-09-03 11:12 - 2016-09-03 11:12 - 00011752 _____ C:\Users\Maria\Downloads\ExxxtraSmall - Gabriella Ford - Gabriella Gets What She Wants.torrent
    2016-09-03 11:11 - 2016-09-03 11:11 - 00045660 _____ C:\Users\Maria\Downloads\DARE DORM - Raver Party - College Teen Sex Orgy.torrent
    2016-09-01 09:41 - 2016-09-01 09:41 - 00015477 _____ C:\Users\Maria\Downloads\[DoctorAdventures] Kelsi Monroe NEW 2016 XXX.torrent
    2016-09-01 09:41 - 2016-09-01 09:41 - 00010552 _____ C:\Users\Maria\Downloads\RKPrime.Nekane.Penis.Games.XXX.28.08.2016.MP4-xET.torrent
    2016-08-30 12:28 - 2016-08-30 12:28 - 00000290 _____ C:\Users\Maria\cancel_body.html
    2016-08-30 02:13 - 2016-08-30 02:13 - 00005520 _____ C:\Users\Maria\common.php
    2016-08-27 17:22 - 2016-09-10 22:34 - 00000000 ____D C:\Users\Maria\Desktop\stoicho  music NEW
    2016-08-27 03:11 - 2016-08-27 03:11 - 00000000 ___RD C:\Users\Maria\OneDrive
    2016-08-27 03:11 - 2016-08-27 03:11 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
    2016-08-27 03:09 - 2016-08-27 03:09 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
    2016-08-26 14:31 - 2016-08-26 14:32 - 06662856 _____ (Tim Kosse) C:\Users\Maria\Downloads\FileZilla_3.21.0_win64-setup.exe
    2016-08-24 02:09 - 2016-08-24 02:09 - 00000565 _____ C:\Users\Maria\admin_notify_duplicates.txt
    2016-08-23 16:07 - 2016-08-23 16:08 - 00000000 ____D C:\Users\Maria\AppData\Local\Viber
    2016-08-18 01:33 - 2016-09-10 00:59 - 00000865 _____ C:\Users\Maria\Desktop\cs1.6.lnk
    2016-08-18 01:29 - 2007-01-18 17:35 - 00000000 ____D C:\Program Files (x86)\cs1.6
    2016-08-17 22:34 - 2016-08-18 01:07 - 00000000 ____D C:\Program Files (x86)\VideoLAN
    2016-08-17 14:48 - 2016-08-17 14:48 - 00000908 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
    2016-08-17 14:45 - 2016-08-17 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
    2016-08-17 14:45 - 2016-08-17 14:48 - 00000000 ____D C:\Program Files\TAP-Windows
    2016-08-17 14:45 - 2016-08-17 14:48 - 00000000 ____D C:\Program Files\OpenVPN
    2016-08-17 14:45 - 2016-08-17 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
    2016-08-17 11:50 - 2016-07-08 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-08-17 11:50 - 2016-07-08 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-08-13 18:57 - 2016-08-13 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
    2016-08-05 10:36 - 2016-08-05 10:36 - 06647784 _____ (Tim Kosse) C:\Users\Maria\Downloads\FileZilla_3.20.1_win64-setup.exe
    2016-07-24 15:53 - 2016-09-17 22:47 - 00000000 ____D C:\Users\Maria\Documents\Outlook Files
    2016-07-20 00:23 - 2016-07-20 00:23 - 00000000 ____D C:\Windows\EOONotify
    2016-07-16 19:54 - 2016-08-10 14:22 - 00001858 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
    2016-07-14 18:05 - 2016-07-14 18:05 - 08156072 _____ (TeamViewer GmbH) C:\Users\Maria\Desktop\TeamViewer_Setup.exe
    2016-07-14 11:17 - 2016-06-26 03:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-07-14 11:17 - 2016-06-26 03:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-07-14 11:17 - 2016-06-26 03:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2016-07-14 11:17 - 2016-06-26 03:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2016-07-14 11:17 - 2016-06-26 03:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
    2016-07-14 11:17 - 2016-06-26 03:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
    2016-07-14 11:17 - 2016-06-26 03:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
    2016-07-14 11:17 - 2016-06-25 22:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2016-07-14 11:17 - 2016-06-25 22:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
    2016-07-14 11:17 - 2016-06-25 22:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
    2016-07-14 11:17 - 2016-06-25 22:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
    2016-07-14 11:17 - 2016-06-25 22:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
    2016-07-14 11:17 - 2016-06-22 16:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2016-07-14 11:17 - 2016-06-17 21:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-07-14 11:17 - 2016-06-17 21:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-07-14 11:17 - 2016-06-17 21:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-07-14 11:17 - 2016-06-17 21:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-07-14 11:17 - 2016-06-17 21:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-07-14 11:17 - 2016-06-17 21:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-07-04 23:17 - 2016-07-04 23:18 - 06569088 _____ (Tim Kosse) C:\Users\Maria\Downloads\FileZilla_3.19.0_win64-setup.exe
    2016-06-24 22:26 - 2016-06-24 22:26 - 17061922 _____ C:\Users\Maria\Downloads\fizioterapiq2015.2016.pdf
    2016-06-24 22:26 - 2016-06-24 22:26 - 05478111 _____ C:\Users\Maria\Downloads\oshte.fizioterapiq 2015.2016.pdf
    2016-06-24 17:45 - 2016-06-24 17:45 - 04977231 _____ C:\Users\Maria\Downloads\protokol IOS 2016.pdf

    ==================== Three Months Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-18 10:49 - 2013-12-08 20:23 - 00000000 ____D C:\Users\Maria\AppData\Roaming\Skype
    2016-09-18 10:42 - 2014-02-23 18:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-09-18 09:37 - 2009-07-14 07:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-09-18 09:37 - 2009-07-14 07:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-09-18 09:33 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
    2016-09-18 09:23 - 2015-08-24 01:28 - 00000000 ____D C:\Users\Maria\AppData\Roaming\ViberPC
    2016-09-18 09:21 - 2013-12-08 00:06 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-09-18 09:21 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-09-18 01:07 - 2013-12-08 22:22 - 00000000 ____D C:\Users\Maria\AppData\Local\Mirillis
    2016-09-17 23:46 - 2013-12-08 20:33 - 00000000 ____D C:\Users\Maria\AppData\Local\Google
    2016-09-17 22:42 - 2014-12-28 22:29 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-09-17 22:33 - 2014-05-15 19:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-09-17 19:20 - 2015-08-24 01:29 - 00000000 ____D C:\Users\Maria\Documents\ViberDownloads
    2016-09-17 13:27 - 2016-02-23 00:34 - 00000000 ____D C:\Users\Maria\AppData\Local\CrashDumps
    2016-09-17 13:27 - 2016-02-13 11:09 - 00000000 ____D C:\Users\Maria\AppData\Roaming\FileZilla
    2016-09-17 13:27 - 2013-12-08 22:24 - 00000000 ____D C:\Users\Maria\AppData\Roaming\uTorrent
    2016-09-17 13:27 - 2013-12-08 20:28 - 00000000 ____D C:\Users\Maria\AppData\Roaming\AIMP3
    2016-09-17 02:16 - 2015-02-10 19:50 - 00000132 _____ C:\Users\Maria\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2016-09-17 01:57 - 2013-12-08 06:58 - 00000000 ____D C:\Users\Maria\AppData\Roaming\Adobe
    2016-09-17 01:26 - 2014-02-24 17:56 - 00000132 _____ C:\Users\Maria\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2016-09-15 23:28 - 2016-02-13 16:56 - 00000000 ____D C:\Users\Maria\Desktop\stoicho
    2016-09-15 10:36 - 2009-07-14 08:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-09-15 10:29 - 2009-07-14 07:45 - 00422584 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-09-15 02:40 - 2014-01-19 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-09-15 02:39 - 2014-01-19 15:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-09-15 02:39 - 2014-01-19 15:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-09-15 02:37 - 2013-12-08 00:33 - 00000000 ____D C:\Windows\system32\MRT
    2016-09-15 02:29 - 2013-12-08 00:33 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-09-13 21:42 - 2014-02-23 18:42 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-09-13 21:42 - 2014-02-23 18:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-09-13 21:42 - 2014-02-23 18:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-09-13 21:42 - 2014-02-23 18:42 - 00000000 ____D C:\Windows\system32\Macromed
    2016-09-13 21:42 - 2014-02-18 20:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-09-13 21:27 - 2016-06-04 16:02 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2016-09-07 00:12 - 2014-12-02 22:27 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-09-07 00:12 - 2013-12-08 20:23 - 00000000 ____D C:\ProgramData\Skype
    2016-08-31 20:09 - 2016-03-06 22:21 - 00000000 ____D C:\ProgramData\YTD Video Downloader
    2016-08-30 21:20 - 2015-01-20 00:33 - 00000000 ____D C:\Users\Maria\Documents\Youcam
    2016-08-30 12:28 - 2013-12-07 21:19 - 00000000 ____D C:\Users\Maria

    ==================== Files in the root of some directories =======

    2015-01-14 22:16 - 2015-01-14 22:16 - 0000132 _____ () C:\Users\Maria\AppData\Roaming\Adobe BMP Format CS6 Prefs
    2015-02-10 19:50 - 2016-09-17 02:16 - 0000132 _____ () C:\Users\Maria\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2014-02-24 17:56 - 2016-09-17 01:26 - 0000132 _____ () C:\Users\Maria\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2016-09-17 02:15 - 2016-09-17 02:20 - 0001456 _____ () C:\Users\Maria\AppData\Local\Adobe Save for Web 13.0 Prefs
    2014-05-28 19:30 - 2014-05-28 19:30 - 0004608 _____ () C:\Users\Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-12-08 15:02 - 2013-12-08 15:02 - 0001716 _____ () C:\Users\Maria\AppData\Local\FastClean.20131208.140235.txt
    2013-12-08 15:43 - 2013-12-08 15:43 - 0000017 _____ () C:\Users\Maria\AppData\Local\resmon.resmoncfg
    2013-12-08 16:07 - 2013-12-08 16:07 - 0017408 _____ () C:\Users\Maria\AppData\Local\WebpageIcons.db
    2013-12-07 22:09 - 2013-12-07 22:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== BCD ================================

    Windows Boot Manager
    --------------------
    identifier              {bootmgr}
    device                  partition=\Device\HarddiskVolume1
    description             Windows Boot Manager
    locale                  en-US
    inherit                 {globalsettings}
    default                 {current}
    resumeobject            {1763d638-00d8-11e1-be2d-f67a1c702b8f}
    displayorder            {current}
    toolsdisplayorder       {memdiag}
    timeout                 30

    Windows Boot Loader
    -------------------
    identifier              {1763d636-00d8-11e1-be2d-f67a1c702b8f}
    device                  ramdisk=[C:]\Recovery\1763d636-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d637-00d8-11e1-be2d-f67a1c702b8f}
    path                    \windows\system32\winload.exe
    description             Windows Recovery Environment
    inherit                 {bootloadersettings}
    osdevice                ramdisk=[C:]\Recovery\1763d636-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d637-00d8-11e1-be2d-f67a1c702b8f}
    systemroot              \windows
    nx                      OptIn
    winpe                   Yes

    Windows Boot Loader
    -------------------
    identifier              {current}
    device                  partition=C:
    path                    \Windows\system32\winload.exe
    description             Windows 7
    locale                  en-US
    inherit                 {bootloadersettings}
    recoverysequence        {1763d63a-00d8-11e1-be2d-f67a1c702b8f}
    recoveryenabled         Yes
    osdevice                partition=C:
    systemroot              \Windows
    resumeobject            {1763d638-00d8-11e1-be2d-f67a1c702b8f}
    nx                      OptIn

    Windows Boot Loader
    -------------------
    identifier              {1763d63a-00d8-11e1-be2d-f67a1c702b8f}
    device                  ramdisk=[C:]\Recovery\1763d63a-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d63b-00d8-11e1-be2d-f67a1c702b8f}
    path                    \windows\system32\winload.exe
    description             Windows Recovery Environment
    inherit                 {bootloadersettings}
    osdevice                ramdisk=[C:]\Recovery\1763d63a-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d63b-00d8-11e1-be2d-f67a1c702b8f}
    systemroot              \windows
    nx                      OptIn
    winpe                   Yes

    Resume from Hibernate
    ---------------------
    identifier              {1763d638-00d8-11e1-be2d-f67a1c702b8f}
    device                  partition=C:
    path                    \Windows\system32\winresume.exe
    description             Windows Resume Application
    locale                  en-US
    inherit                 {resumeloadersettings}
    filedevice              partition=C:
    filepath                \hiberfil.sys
    debugoptionenabled      No

    Windows Memory Tester
    ---------------------
    identifier              {memdiag}
    device                  partition=\Device\HarddiskVolume1
    path                    \boot\memtest.exe
    description             Windows Memory Diagnostic
    locale                  en-US
    inherit                 {globalsettings}
    badmemoryaccess         Yes

    EMS Settings
    ------------
    identifier              {emssettings}
    bootems                 Yes

    Debugger Settings
    -----------------
    identifier              {dbgsettings}
    debugtype               Serial
    debugport               1
    baudrate                115200

    RAM Defects
    -----------
    identifier              {badmemory}

    Global Settings
    ---------------
    identifier              {globalsettings}
    inherit                 {dbgsettings}
                            {emssettings}
                            {badmemory}

    Boot Loader Settings
    --------------------
    identifier              {bootloadersettings}
    inherit                 {globalsettings}
                            {hypervisorsettings}

    Hypervisor Settings
    -------------------
    identifier              {hypervisorsettings}
    hypervisordebugtype     Serial
    hypervisordebugport     1
    hypervisorbaudrate      115200

    Resume Loader Settings
    ----------------------
    identifier              {resumeloadersettings}
    inherit                 {globalsettings}

    Device options
    --------------
    identifier              {1763d637-00d8-11e1-be2d-f67a1c702b8f}
    description             Ramdisk Options
    ramdisksdidevice        partition=C:
    ramdisksdipath          \Recovery\1763d636-00d8-11e1-be2d-f67a1c702b8f\boot.sdi

    Device options
    --------------
    identifier              {1763d63b-00d8-11e1-be2d-f67a1c702b8f}
    description             Ramdisk Options
    ramdisksdidevice        partition=C:
    ramdisksdipath          \Recovery\1763d63a-00d8-11e1-be2d-f67a1c702b8f\boot.sdi

    LastRegBack: 2016-09-15 13:40

    ==================== End of FRST.txt ============================

    Addition.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте.

    Стъпка 1

    • Деинсталирайте следния софтуер от контролния панел:
    Цитат

    YTD Video Downloader 5.7.2

    Google Chrome

    Забележка: При деинсталиране на браузъра Google Chrome, ще загубите отметките, паролите, историята на сърфирането, приставки, теми и други. 

    Стъпка 2

    Изтеглете: 8864097u.png ADWCleaner.

    • Затворете всички браузъри и стартирайте AdwCleaner.exe.
    • Натиснете бутона SCAN.
    • След като приключи проверката натиснете бутона CLEAN.
    • Програмата ще затвори излишния софтуер и ще започне почистването.
    • След като приключи почистването ADWCleaner ще поиска рестарт. Съгласете се.
    • След зареждането на системата отидете до: C:\AdwCleaner и потърсете лог файл с името AdwCleaner[C1].txt.
    • Публикувайте съдържанието на "AdwCleaner[C0]" в следващия Ви коментар.

     

    Стъпка 3

    Изтеглете: 8864098w.png JRT.

    • Запазете файла на вашия десктоп.
    • Затворете всички браузъри.
    • Стартирайте JRT.exe.
    • След като се появи съобщението "Press any key to continue . . .". Натиснете което и да е копче от клавиатурата.
    • Програмата ще започне почистването. Не прекъсвайте работата и, и не използвайте системата докато протича почистването.
    • След като приключи почистването ще се отвори лог файл, който се намира на десктопа с име JRT.txt.
    • Копирайте съдържанието му и го поставете към следващия Ви коментар.

     

    Стъпка 4

    • Направете нови логове с FRST и ги прикачете към следващия ви коментар.
    • Харесва ми 4

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте! :)

    Файл "AdwCleaner[C1]" няма. Има следните файлове "AdwCleaner[C0]" и "AdwCleaner[S0]".
    Съдържанието на AdwCleaner[C0] е следното:

    # AdwCleaner v6.020 - Дневникът е създаден 18/09/2016 в 13:06:44
    # Обновен на 14/09/2016 от ToolsLib
    # База данни : 2016-09-17.1 [Сървърна]
    # Операционна Система : Windows 7 Home Premium Service Pack 1 (X64)
    # Потребителско име : Maria - MARIA-PC
    # Изпълнява се от : C:\Users\Maria\Desktop\adwcleaner_6.020.exe
    # Режим: Почистване
    # Поддръжка : https://toolslib.net/forum

     

    ***** [ Услуги ] *****

    [-] Услугата беше изтрита: swdumon


    ***** [ Папки ] *****

    [-] Папката е изтрита: C:\Users\Maria\AppData\Local\slimware utilities inc
    [-] Папката е изтрита: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
    [-] Папката е изтрита: C:\Users\Public\Documents\Downloaded Installers
    [-] Папката е изтрита: C:\Program Files (x86)\DAEMON Tools Toolbar
    [-] Папката е изтрита: C:\Program Files (x86)\GreenTree Applications
    [-] Папката е изтрита: C:\Program Files (x86)\SlimDrivers


    ***** [ Файлове ] *****

    [-] Файлът е изтрит: C:\Windows\SysNative\drivers\swdumon.sys
    [#] Файлът е изтрит: C:\Windows\SysNative\drivers\SWDUMon.sys
    [-] Файлът е изтрит: C:\Users\Public\Desktop\SlimDrivers.lnk


    ***** [ DLL ] *****

     

    ***** [ WMI ] *****

     

    ***** [ Преки пътища ] *****

     

    ***** [ Планирани Задачи ] *****

     

    ***** [ Регистър ] *****

    [-] Ключът беше изтрит: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
    [-] Ключът беше изтрит: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
    [-] Ключът беше изтрит: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\APN PIP
    [-] Ключът беше изтрит: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\SlimWare Utilities Inc
    [-] Ключът беше изтрит: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\WIN
    [#] Ключът беше изтрит по време на рестартиране: HKCU\Software\APN PIP
    [#] Ключът беше изтрит по време на рестартиране: HKCU\Software\SlimWare Utilities Inc
    [#] Ключът беше изтрит по време на рестартиране: HKCU\Software\WIN
    [-] Ключът беше изтрит: HKLM\SOFTWARE\SlimWare Utilities Inc
    [#] Ключът беше изтрит по време на рестартиране: [x64] HKCU\Software\APN PIP
    [#] Ключът беше изтрит по време на рестартиране: [x64] HKCU\Software\SlimWare Utilities Inc
    [#] Ключът беше изтрит по време на рестартиране: [x64] HKCU\Software\WIN


    ***** [ Интернет Браузъри ] *****

     

    *************************

    :: "Tracing" ключовете бяха изтрити
    :: Winsock настройките бяха изчистени

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [3220 Байта] - [18/09/2016 13:06:44]
    C:\AdwCleaner\AdwCleaner[S0].txt - [3342 Байта] - [18/09/2016 13:02:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3376 Байта] ##########


    Съдържанието на AdwCleaner[S0] е следното:

    # AdwCleaner v6.020 - Дневникът е създаден 18/09/2016 в 13:02:43
    # Обновен на 14/09/2016 от ToolsLib
    # База данни : 2016-09-17.1 [Сървърна]
    # Операционна Система : Windows 7 Home Premium Service Pack 1 (X64)
    # Потребителско име : Maria - MARIA-PC
    # Изпълнява се от : C:\Users\Maria\Desktop\adwcleaner_6.020.exe
    # Режим: Сканиране
    # Поддръжка : https://toolslib.net/forum

     

    ***** [ Услуги ] *****

    Открита е услуга: swdumon


    ***** [ Папки ] *****

    Открита е папка: C:\Users\Maria\AppData\Local\slimware utilities inc
    Открита е папка: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
    Открита е папка: C:\Users\Public\Documents\Downloaded Installers
    Открита е папка: C:\Program Files (x86)\DAEMON Tools Toolbar
    Открита е папка: C:\Program Files (x86)\GreenTree Applications
    Открита е папка: C:\Program Files (x86)\SlimDrivers


    ***** [ Файлове ] *****

    Открит е файл: C:\Windows\SysNative\drivers\swdumon.sys
    Открит е файл: C:\Windows\SysNative\drivers\SWDUMon.sys
    Открит е файл: C:\Users\Public\Desktop\SlimDrivers.lnk


    ***** [ DLL ] *****

    Зловредни DLL библиотеки не бяха намерени.


    ***** [ WMI ] *****

    Зловредни ключове в регистъра не бяха намерени.


    ***** [ Преки пътища ] *****

    Не бяха намерени инфектирани преки пътища.


    ***** [ Планирани Задачи ] *****

    Не бяха намерени злонамерени планирани задачи.


    ***** [ Регистър ] *****

    Открит е ключ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Открит е ключ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Открит е ключ: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\APN PIP
    Открит е ключ: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\SlimWare Utilities Inc
    Открит е ключ: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\WIN
    Открит е ключ: HKCU\Software\APN PIP
    Открит е ключ: HKCU\Software\SlimWare Utilities Inc
    Открит е ключ: HKCU\Software\WIN
    Открит е ключ: HKLM\SOFTWARE\SlimWare Utilities Inc
    Открит е ключ: [x64] HKCU\Software\APN PIP
    Открит е ключ: [x64] HKCU\Software\SlimWare Utilities Inc
    Открит е ключ: [x64] HKCU\Software\WIN


    ***** [ Интернет браузъри ] *****

    Зловредни настройки във всички Firefox базирани интернет браузъри не бяха намерени.
    Зловредни настройки във всички Chrome базирани интернет браузъри не бяха намерени.

    *************************

    C:\AdwCleaner\AdwCleaner[S0].txt - [3168 Байта] - [18/09/2016 13:02:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3246 Байта] #########


    JRT log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 7 Home Premium x64
    Ran by Maria (Administrator) on ­Ґ¤ 18.09.2016 Ј. at 13:16:07,00
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     


    File System: 16

    Failed to delete: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CH3JT17 (Temporary Internet Files Folder)
    Failed to delete: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPE3WCGQ (Temporary Internet Files Folder)
    Failed to delete: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ST1O0FSB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCF8LMAW (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CH3JT17 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPE3WCGQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ST1O0FSB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCF8LMAW (Temporary Internet Files Folder)

     

    Registry: 0

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on ­Ґ¤ 18.09.2016 Ј. at 13:19:40,12
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Addition.txt

    FRST.txt

    Редактирано от Stoicho.k7 (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Прикачете следните файлове за сканиране във https://www.virustotal.com/bg/ и дайте линк към сканирането.

    Цитат

    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

    C:\Program Files (x86)\Launch Manager\WisLMSvc.exe

    C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe

    C:\Windows\System32\DRIVERS\wtsmpadap.sys

    C:\Windows\System32\DRIVERS\wtsmpflt.sys

    Забележка: Някои от файловете може да са скрити!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    преди 39 минути, Stoicho.k7 написа:

    Тези са скрити, как мога да ги видя и кача за сканиране?:

    C:\Windows\System32\DRIVERS\wtsmpadap.sys
    C:\Windows\System32\DRIVERS\wtsmpflt.sys

    Сега ми показва скритите файлове и папки, но тези 2 файла, ги няма, не мога да ги видя/намеря..

     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Стъпка 1

    Изтеглете файла fixlist и го запазете на вашия десктоп.

    • Стартирайте FRST.exe и натиснете бутона FIX веднъж!
    • Почистването ще започне, не използвайте системата!
    • След като приключи, ако ви поиска рестартиране, съгласете се.
    • След като зареди системата публикувайте лог файла с име fixlog.txt, който се намира на десктопа Ви.

    Забележка: Текущия фикс да не се използва на други системи!

     

    Стъпка 2

    Изтеглете: 8864095R.jpg Malwarebytes Anti-Malware.

    • Стартирайте инсталационния файл и следвайте съветника за инсталация.
    • Преди края на инсталацията премахнете отметката от: "Enable free trial of Malwarebytes Anti-Malware Premium" и се уверете че има отметка пред "Launch Malwarebytes Anti-Malware".
    • Отидете до табът Settings => Detection and Protection => сложете отметка на "Scan for rootkits".
    • Отидете до табът Dashboard => натиснете бутона "SCAN NOW".
    • Програмата автоматично ще провери за актуализации и ще започне сканирането.

    Забележка: Ако видите съобщението "Could not load DDA driver" натиснете бутона "YES". След което разрешете на системата да се рестартира.

    • След като проверката приключи натиснете бутона "Apply Actions".
    • Системата ще поиска рестарт, съгласете се.
    • След като системата зареди MBAB ще зареди.
    • Отидете до табът History => Applications Logs.
    • Потърсете лог с име "SCAN LOG" с последната дата и час и натиснете върху него.
    • Натиснете бутона EXPORT => Copy to Clipboard.
    • Поставете съдържанието на лога с клавишната комбинация CTRL+V към следващия Ви коментар.

     

    Стъпка 3

    Изтеглете: 8864024K.jpgEmsissoft Emergency Kit

    • Стартирайте файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
    • Стартирайте файла Start Emsisoft Emergency Kit от десктопа за да стартирате програмата.
    • Натиснете бутона "Yes", когато бъдете подканени да обновите дефинициите на програмата.
    • След като обновяването на дефинициите приключи натиснете бутона "Scan".
    • Програмата ще Ви попита дали искате да включите засичането на Potentially Unwanted Applications,  натиснете бутона "Yes".
    • Натиснете бутона "Custom Scan". Премахнете от списъка оставете само дял C:\.
    • Натиснете "Next" за да започне проверката.
    • Когато проверката приключи натиснете бутона "View Report".
    • Копирайте съдържанието на лог файла в следващия Ви коментар.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Emsisoft Emergency Kit
     

    Emsisoft Emergency Kit - Version 11.9
    Last update: 19.9.2016 г. 11:32:20
    User account: Maria-PC\Maria
    Computer name: MARIA-PC
    OS version: Windows 7x64 Service Pack 1
    
    Scan settings:
    
    Scan type: Custom Scan
    Objects: Rootkits, Memory, Traces, C:\
    
    Detect PUPs: On
    Scan archives: On
    ADS Scan: On
    File extension filter: Off
    Advanced caching: On
    Direct disk access: Off
    
    Scan start:    19.9.2016 г. 11:34:22
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP     detected: Application.Win32.InstallAd (A)
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP     detected: Application.Win32.InstallAd (A)
    C:\Program Files (x86)\Photoshop\Check.exe     detected: Gen:Variant.Graftor.7067 (B)
    C:\Program Files (x86)\Photoshop\x64\Check.exe     detected: Gen:Variant.Graftor.7067 (B)
    
    Scanned    409208
    Found    4
    
    Scan end:    19.9.2016 г. 13:51:10
    Scan time:    2:16:48
    

     

    Fixlog.txt

    logmalwar.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Изтеглете и инсталирайте Google Chrome от тук.

    Към него(Chrome) е препоръчително да инсталирате следните добавки:

    И пишете какво е положението до тук.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ми няма разлика, но днес видях, че и на компютъра в офиса е същото.. Явно е може би след някакъв UPDATE, който е станал горе-долу по едно и също време с открадването на профила и аз съм си помислил, че има нещо общо.

    Както и да е.
    Ще сканираме/поправяме ли нещо още? Чист ли е лаптопа вече?
    :)

    Редактирано от Stoicho.k7 (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Чист е.

    За да премахнем инструментите, с които почиствахме системата:

    Изтеглете: 8864064T.png Delfix.

    • Стартирайте Delfix.exе.
    • По подразбиране трябва да има 2 отметки на "Remove disinfection tools" и "Purge system restore ". Ако липсват, ги сложете.
    • Натиснете бутона "Run". 
    • Инструмента ще се самоизтрие след като приключи своята задача.
    • Изтрийте лог файла от Delfix.
    • Ако има останали програми, които сме използвали и не са се изтрили, ги изтрийте ръчно.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Горещи теми в момента

    • Подобни теми

      • от tany
        От известно време 3-4 пъти месечно "Актуализация" ми иска съгласието да го инсталирам.Аз отказвам но след 6-7 дни пак опит 
        и така вече няколко месеца.Нямам представа дали е вирус,нямам проблеми с компютъра,няма забивания или забавяне.
        Ето за това става въпрос
         
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017
        Ran by Стоянчо (administrator) on DESKTOP-HV76MO6 (24-09-2017 23:11:02)
        Running from C:\Users\Стоянчо\Downloads
        Loaded Profiles: Стоянчо (Available Profiles: Стоянчо)
        Platform: Windows 10 Pro Version 1703 (X64) Language: Български (България)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
        (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
        (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
        (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
        () C:\Program Files\Gramblr\gramblr.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
        (Intel Corporation) C:\Windows\System32\igfxEM.exe
        (Intel Corporation) C:\Windows\System32\igfxHK.exe
        () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
        (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
        (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
        () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
        HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
        Winlogon\Notify\igfxcui: igfxdev.dll [X]
        HKU\S-1-5-21-3274723310-3931731729-1199849900-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
        HKU\S-1-5-21-3274723310-3931731729-1199849900-1001\...\Run: [GoogleChromeAutoLaunch_7AC76D272A3C9865EEE36FF327D0728E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.)
        Startup: C:\Users\Стоянчо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-12-26]
        ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Стоянчо\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Hosts: 127.0.0.1    localhost
        Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
        Tcpip\..\Interfaces\{2b43ead3-416b-49fc-acb0-4ea078b43530}: [DhcpNameServer] 192.168.42.129
        Tcpip\..\Interfaces\{9146b479-0d48-411c-83c0-18542761f0fe}: [DhcpNameServer] 95.87.194.4 192.168.0.1
        Tcpip\..\Interfaces\{a5340c57-e453-40ab-bfb5-c36cda227066}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
        BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
        BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        FireFox:
        ========
        FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
        FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-19] (Microsoft Corporation)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-19] (Microsoft Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
        Chrome: 
        =======
        CHR DefaultProfile: Default
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default [2017-09-24]
        CHR Extension: (Google Презентации) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-11]
        CHR Extension: (Google Документи) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-11]
        CHR Extension: (Google Диск) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-11]
        CHR Extension: (YouTube) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-11]
        CHR Extension: (Video Downloader professional) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-04]
        CHR Extension: (Електронни таблици от Google) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-11]
        CHR Extension: (Farmville 2 Beacon) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkkmnngogaccacpomdhdiahljbjihoc [2017-05-08]
        CHR Extension: (Google Документи офлайн) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-11]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
        CHR Extension: (Gmail) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-11]
        CHR Extension: (Chrome Media Router) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
        CHR Extension: (JobBoxPro) - C:\Users\Стоянчо\Downloads\Нова папка (6)\jobboxpro [2017-01-25]
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-14]
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-11]
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
        R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
        R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [11867216 2017-09-23] () [File not signed]
        R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
        S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
        S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-05-04] (Enigma Software Group USA, LLC.)
        R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255584 2017-08-19] (Synaptics Incorporated)
        R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-30] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
        S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2016-05-04] ()
        R1 MpKsl1045740a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1018B7D-39B5-48CE-97D7-3CAF92792300}\MpKsl1045740a.sys [44928 2017-09-24] (Microsoft Corporation)
        R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
        R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895224 2016-02-17] (Realtek )
        R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-09-13] (Ralink Technology, Corp.)
        S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
        S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-03-18] (Microsoft Corporation)
        S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-24 23:11 - 2017-09-24 23:12 - 000012716 _____ C:\Users\Стоянчо\Downloads\FRST.txt
        2017-09-24 23:10 - 2017-09-24 23:11 - 000000000 ____D C:\FRST
        2017-09-24 23:10 - 2017-09-24 23:10 - 002399744 _____ (Farbar) C:\Users\Стоянчо\Downloads\FRST64.exe
        2017-09-20 22:41 - 2017-09-20 22:43 - 000000000 ____D C:\Users\Стоянчо\Desktop\други
        2017-09-15 23:41 - 2017-09-15 23:41 - 017675071 _____ C:\Users\Стоянчо\Downloads\Milk and Honey- Didi(DVD Quality).mp4
        2017-09-13 07:05 - 2017-09-05 08:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
        2017-09-13 07:05 - 2017-09-05 08:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
        2017-09-13 07:05 - 2017-09-05 08:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
        2017-09-13 07:05 - 2017-09-05 08:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
        2017-09-13 07:05 - 2017-09-05 08:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
        2017-09-13 07:05 - 2017-09-05 08:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
        2017-09-13 07:05 - 2017-09-05 07:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
        2017-09-13 07:05 - 2017-09-05 07:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
        2017-09-13 07:05 - 2017-09-05 07:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
        2017-09-13 07:05 - 2017-09-05 07:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
        2017-09-13 07:05 - 2017-09-05 07:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
        2017-09-13 07:05 - 2017-09-05 07:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
        2017-09-13 07:05 - 2017-09-05 07:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
        2017-09-13 07:05 - 2017-09-05 07:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
        2017-09-13 07:05 - 2017-09-05 07:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
        2017-09-13 07:05 - 2017-09-05 07:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
        2017-09-13 07:05 - 2017-09-05 07:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
        2017-09-13 07:05 - 2017-09-05 07:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
        2017-09-13 07:05 - 2017-09-05 07:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
        2017-09-13 07:05 - 2017-09-05 07:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
        2017-09-13 07:05 - 2017-09-05 07:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
        2017-09-13 07:05 - 2017-09-05 07:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
        2017-09-13 07:05 - 2017-09-05 07:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
        2017-09-13 07:05 - 2017-09-05 07:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
        2017-09-13 07:05 - 2017-09-05 07:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
        2017-09-13 07:05 - 2017-09-05 07:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
        2017-09-13 07:05 - 2017-09-05 07:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
        2017-09-13 07:05 - 2017-09-05 07:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
        2017-09-13 07:05 - 2017-09-05 07:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
        2017-09-13 07:05 - 2017-09-05 07:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
        2017-09-13 07:05 - 2017-09-05 07:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
        2017-09-13 07:05 - 2017-09-05 07:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
        2017-09-13 07:05 - 2017-09-05 07:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
        2017-09-13 07:05 - 2017-09-05 07:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
        2017-09-13 07:05 - 2017-09-05 07:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
        2017-09-13 07:05 - 2017-09-05 07:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
        2017-09-13 07:05 - 2017-09-05 07:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
        2017-09-13 07:05 - 2017-09-05 07:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
        2017-09-13 07:05 - 2017-09-05 07:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
        2017-09-13 07:05 - 2017-09-05 07:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
        2017-09-13 07:04 - 2017-09-05 08:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
        2017-09-13 07:04 - 2017-09-05 08:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
        2017-09-13 07:04 - 2017-09-05 08:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
        2017-09-13 07:04 - 2017-09-05 08:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
        2017-09-13 07:04 - 2017-09-05 08:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
        2017-09-13 07:04 - 2017-09-05 08:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
        2017-09-13 07:04 - 2017-09-05 08:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
        2017-09-13 07:04 - 2017-09-05 08:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
        2017-09-13 07:04 - 2017-09-05 08:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
        2017-09-13 07:04 - 2017-09-05 08:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
        2017-09-13 07:04 - 2017-09-05 08:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
        2017-09-13 07:04 - 2017-09-05 08:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
        2017-09-13 07:04 - 2017-09-05 08:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
        2017-09-13 07:04 - 2017-09-05 08:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
        2017-09-13 07:04 - 2017-09-05 08:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
        2017-09-13 07:04 - 2017-09-05 07:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
        2017-09-13 07:04 - 2017-09-05 07:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
        2017-09-13 07:04 - 2017-09-05 07:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
        2017-09-13 07:04 - 2017-09-05 07:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
        2017-09-13 07:04 - 2017-09-05 07:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
        2017-09-13 07:04 - 2017-09-05 07:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
        2017-09-13 07:04 - 2017-09-05 07:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
        2017-09-13 07:04 - 2017-09-05 07:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
        2017-09-13 07:04 - 2017-09-05 07:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
        2017-09-13 07:04 - 2017-09-05 07:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
        2017-09-13 07:04 - 2017-09-05 07:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
        2017-09-13 07:04 - 2017-09-05 07:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
        2017-09-13 07:04 - 2017-09-05 07:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
        2017-09-13 07:04 - 2017-09-05 07:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
        2017-09-13 07:04 - 2017-09-05 07:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
        2017-09-13 07:04 - 2017-09-05 07:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
        2017-09-13 07:04 - 2017-09-05 07:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
        2017-09-13 07:04 - 2017-09-05 07:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
        2017-09-13 07:04 - 2017-09-05 07:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
        2017-09-13 07:04 - 2017-09-05 07:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
        2017-09-13 07:04 - 2017-09-05 07:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
        2017-09-13 07:04 - 2017-09-05 07:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
        2017-09-13 07:04 - 2017-09-05 07:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
        2017-09-13 07:04 - 2017-09-05 07:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
        2017-09-13 07:04 - 2017-09-05 07:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
        2017-09-13 07:03 - 2017-09-05 08:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
        2017-09-13 07:03 - 2017-09-05 08:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
        2017-09-13 07:03 - 2017-09-05 08:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
        2017-09-13 07:03 - 2017-09-05 08:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
        2017-09-13 07:03 - 2017-09-05 08:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
        2017-09-13 07:03 - 2017-09-05 08:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
        2017-09-13 07:03 - 2017-09-05 08:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
        2017-09-13 07:03 - 2017-09-05 08:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
        2017-09-13 07:03 - 2017-09-05 08:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
        2017-09-13 07:03 - 2017-09-05 08:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
        2017-09-13 07:03 - 2017-09-05 08:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
        2017-09-13 07:03 - 2017-09-05 08:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
        2017-09-13 07:03 - 2017-09-05 08:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
        2017-09-13 07:03 - 2017-09-05 08:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
        2017-09-13 07:03 - 2017-09-05 08:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
        2017-09-13 07:03 - 2017-09-05 08:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
        2017-09-13 07:03 - 2017-09-05 08:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
        2017-09-13 07:03 - 2017-09-05 08:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
        2017-09-13 07:03 - 2017-09-05 07:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
        2017-09-13 07:03 - 2017-09-05 07:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
        2017-09-13 07:03 - 2017-09-05 07:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
        2017-09-13 07:03 - 2017-09-05 07:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
        2017-09-13 07:03 - 2017-09-05 07:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
        2017-09-13 07:03 - 2017-09-05 07:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
        2017-09-13 07:03 - 2017-09-05 07:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
        2017-09-13 07:03 - 2017-09-05 07:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
        2017-09-13 07:03 - 2017-09-05 07:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
        2017-09-13 07:03 - 2017-09-05 07:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
        2017-09-13 07:03 - 2017-09-05 07:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
        2017-09-13 07:03 - 2017-09-05 07:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
        2017-09-13 07:03 - 2017-09-05 07:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
        2017-09-13 07:03 - 2017-09-05 07:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
        2017-09-13 07:03 - 2017-09-05 07:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
        2017-09-13 07:03 - 2017-09-05 07:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
        2017-09-13 07:03 - 2017-09-05 07:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
        2017-09-13 07:03 - 2017-09-05 07:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
        2017-09-13 07:03 - 2017-09-05 07:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
        2017-09-13 07:03 - 2017-09-05 07:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
        2017-09-13 07:03 - 2017-09-05 07:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
        2017-09-13 07:03 - 2017-09-01 08:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
        2017-08-25 23:36 - 2017-09-13 21:06 - 000000000 ____D C:\Users\Стоянчо\Desktop\red
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-24 23:13 - 2017-02-05 23:56 - 000000000 ____D C:\ProgramData\Gramblr
        2017-09-24 22:54 - 2017-06-18 07:23 - 000000000 ____D C:\Users\Стоянчо\Desktop\яяь
        2017-09-24 20:10 - 2017-06-30 01:05 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{33349A0F-B0C0-4DB3-AFE6-0F51132F45D5}
        2017-09-24 19:38 - 2017-06-30 00:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
        2017-09-24 17:36 - 2017-06-30 01:05 - 000004276 _____ C:\WINDOWS\System32\Tasks\Software Updater
        2017-09-24 13:12 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\AppReadiness
        2017-09-24 13:06 - 2015-09-13 15:31 - 000000000 __SHD C:\Users\Стоянчо\IntelGraphicsProfiles
        2017-09-23 19:06 - 2015-09-13 15:01 - 000000000 ____D C:\Users\Стоянчо\AppData\Local\Packages
        2017-09-23 19:04 - 2015-09-25 17:35 - 000000000 ____D C:\Users\Стоянчо\AppData\Roaming\uTorrent
        2017-09-23 18:02 - 2017-07-18 10:48 - 000001085 _____ C:\Users\Стоянчо\Desktop\Нов текстов документ.txt
        2017-09-23 15:14 - 2017-02-05 23:57 - 000000000 ____D C:\Program Files\Gramblr
        2017-09-23 13:05 - 2017-06-30 01:03 - 002547028 _____ C:\WINDOWS\system32\PerfStringBackup.INI
        2017-09-23 13:05 - 2015-12-04 21:09 - 001132696 _____ C:\WINDOWS\system32\perfh002.dat
        2017-09-23 13:05 - 2015-12-04 21:09 - 000334978 _____ C:\WINDOWS\system32\perfc002.dat
        2017-09-23 13:00 - 2017-06-30 01:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-09-23 13:00 - 2017-03-18 14:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
        2017-09-23 07:37 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-09-22 07:46 - 2017-06-30 00:48 - 000000000 ____D C:\Users\Стоянчо
        2017-09-22 06:18 - 2017-07-27 20:57 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3274723310-3931731729-1199849900-1001
        2017-09-22 06:17 - 2015-09-13 15:03 - 000002401 _____ C:\Users\Стоянчо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
        2017-09-22 06:17 - 2015-09-13 15:03 - 000000000 ___RD C:\Users\Стоянчо\OneDrive
        2017-09-19 06:55 - 2015-10-09 22:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
        2017-09-18 21:49 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
        2017-09-14 02:24 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\rescache
        2017-09-14 02:16 - 2017-03-19 00:01 - 000000000 ____D C:\WINDOWS\INF
        2017-09-13 18:18 - 2015-09-13 15:01 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-09-13 18:15 - 2017-06-30 00:42 - 000381448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
        2017-09-13 07:44 - 2017-03-20 06:21 - 000000000 ____D C:\WINDOWS\system32\bg
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ___SD C:\WINDOWS\system32\F12
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\setup
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
        2017-09-13 07:20 - 2015-09-13 17:14 - 000000000 ____D C:\WINDOWS\system32\MRT
        2017-09-13 07:16 - 2017-03-18 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp
        2017-09-13 07:16 - 2015-09-13 17:14 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
        2017-09-02 18:15 - 2017-03-19 00:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
        2017-09-02 18:15 - 2017-03-19 00:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
        2017-08-29 06:58 - 2016-09-11 19:33 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-08-26 15:34 - 2017-08-05 17:48 - 000000000 ____D C:\Users\Стоянчо\Desktop\;[;.[plpl
        2017-08-25 07:37 - 2017-07-28 23:11 - 000000000 ____D C:\Users\Стоянчо\Desktop\dfere
        ==================== Files in the root of some directories =======
        2016-01-17 08:06 - 2017-07-17 07:19 - 000009216 _____ () C:\Users\Стоянчо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2016-07-17 20:30 - 2016-07-17 20:30 - 000000036 _____ () C:\Users\Стоянчо\AppData\Local\housecall.guid.cache
        2015-09-13 15:16 - 2015-09-13 15:16 - 000000003 _____ () C:\Users\Стоянчо\AppData\Local\updater.log
        2015-09-13 15:16 - 2017-05-06 19:17 - 000000425 _____ () C:\Users\Стоянчо\AppData\Local\UserProducts.xml
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\wininit.exe => File is digitally signed
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-19 19:38
        ==================== End of FRST.txt ============================
         
        Addition.txt
         
        Благодаря предварително.
      • от doktorkartar
        Здравейте, мина доста време от както ползвах услугите ви и съм изключително доволен от това. Проблема е че възстанових един стар backup (от преди години) на системата и загубих защитата си. Като цяло системата ми работи добре и не мисля че има кой знае какво притеснително в нея но за всеки случай да я проверим.
        Не съм сигурен но мисля че тук ми дадохте един файл (по скоро съдържание на host) в който бяха добавени много сайтове който да се блокирват при опит за посещение.
        Примерно: 0.0.0.0 www.google.com
         
        Другото за което също не съм сигурен е дали вие ми дадохте филтър на adblock за Мозила . От него също бях много доволен.
        И последното което ме притеснява проблем със самата Мозила. Не знам дали е от вирус или от самата програма. Проблема се изразява в това че като натисна на падащото меню в адресната лента то не се отваря. Всъщност се отваря но не се вижда абсолютно нищо. Цялото е чисто бяло и не се виждат сайтовете. Същото е при всички падащи менюта от Мозила: Падащото меню за търсачките (какво сме търсили) както и падащото меню на запазените регистрации.
         
        Общо взето това са ми притесненията а останалото те първа ще излезе на яве след сканиранията
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01 Ran by eclips (administrator) on ECLIPS-PC (19-10-2017 21:33:45) Running from C:\Users\eclips\Desktop Loaded Profiles: eclips (Available Profiles: eclips & Guest) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe () C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe () D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe () D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Transaction Software, D 81829 Munich) H:\TECDOC_CD\1_2014\db\tbmux32.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{1E0F611B-DAE1-48B6-8208-5A38B3F56DB9}: [DhcpNameServer] 62.221.132.211 85.130.60.11 Tcpip\..\Interfaces\{5A334197-46EE-4622-AD06-D1F2AE57959E}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaie HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1144684173-3877916052-1330907298-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10181_1360_171019__yaie&p={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-17] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-17] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated) BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.11.9.dll [2010-11-09] (BitComet) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-17] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-17] (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2017-10-14] (Kaspersky Lab ZAO) FireFox: ======== FF DefaultProfile: 7lwtatk8.default-1507842258539 FF ProfilePath: C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 [2017-10-19] FF NewTab: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaff FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> Yahoo® FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> Yahoo® FF Homepage: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaff FF Extension: (Search Shield Study) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\@unified-urlbar-shield-study-opt-out-new-users.xpi [2017-10-13] FF Extension: (AdBlock) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-10-14] FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-13] FF Extension: (Adblock Plus) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-19] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: (Anti-Banner) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: (Safe Money) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2017-10-14] [not signed] FF HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-18] () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2013-12-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-17] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2010-08-24] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013-04-09] (Nullsoft, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17] CHR crx: C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\default_apps\search.crx [2014-03-15] CHR crx: C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\default_apps\search.crx [2014-02-20] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2017-10-14] (Kaspersky Lab ZAO) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) S4 CyberLink PowerDVD 13 Media Server Monitor Service; D:\PROGRAMKI\Power DVD\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-05-03] (CyberLink) S4 CyberLink PowerDVD 13 Media Server Service; D:\PROGRAMKI\Power DVD\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-05-03] (CyberLink) R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S4 Samsung Link Service; D:\- MOI NE6TA\Samsung Link\Samsung Link.exe [604512 2014-05-19] (Copyright 2013 SAMSUNG) R2 Serviio; D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe [413696 2016-10-17] () [File not signed] S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed] R2 Transbase TECDOC CD 1_2014 Service; H:\TECDOC_CD\1_2014\db\tbmux32.exe [360448 2013-02-25] (Transaction Software, D 81829 Munich) [File not signed] R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-16] (Microsoft Corporation) S2 Hamachi2Svc; H:\Programki\Hamachi\hamachi-2.exe -s [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2012-11-06] (Advanced Micro Devices) [File not signed] R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-11-20] (DT Soft Ltd) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-19] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2017-10-14] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2017-10-14] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2017-10-14] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2017-10-14] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2017-10-14] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2017-10-14] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2017-10-14] (Kaspersky Lab ZAO) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-19] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-10-19] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45504 2017-10-19] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-19] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-10-19] (Malwarebytes) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [60416 2013-10-16] (Microsoft Corporation) R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; D:\PROGRAMKI\Power DVD\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-05-03] (CyberLink Corp.) S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 21:33 - 2017-10-19 21:34 - 000021252 _____ C:\Users\eclips\Desktop\FRST.txt 2017-10-19 21:30 - 2017-10-19 21:30 - 002402816 _____ (Farbar) C:\Users\eclips\Desktop\FRST64.exe 2017-10-19 21:25 - 2017-10-19 21:25 - 019012622 _____ C:\Users\eclips\Desktop\unhackme.zip 2017-10-19 20:51 - 2017-10-19 20:51 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-10-19 20:51 - 2017-10-19 20:51 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2017-10-19 20:51 - 2017-10-19 20:51 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-10-19 20:50 - 2017-10-19 20:50 - 000045504 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-10-19 20:07 - 2017-10-19 20:51 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-10-19 20:07 - 2017-10-19 20:50 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-10-19 20:07 - 2017-10-19 20:07 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-10-19 20:07 - 2017-10-19 20:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-10-19 20:05 - 2017-10-19 20:05 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP 2017-10-19 16:27 - 2017-10-19 20:41 - 000000000 ____D C:\Users\eclips\Desktop\bsplayer_pro271.1081 2017-10-19 16:20 - 2017-10-19 16:20 - 000003164 _____ C:\Windows\System32\Tasks\klcp_update 2017-10-19 16:20 - 2017-10-19 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-10-19 16:20 - 2017-10-19 16:20 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-10-19 16:20 - 2017-07-30 13:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll 2017-10-19 16:20 - 2017-07-30 13:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000755200 _____ C:\Windows\system32\xvidcore.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000309248 _____ C:\Windows\system32\xvidvfw.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000282112 _____ C:\Windows\SysWOW64\xvidvfw.dll 2017-10-19 16:20 - 2015-10-24 19:00 - 000126976 _____ C:\Windows\system32\ff_vfw.dll 2017-10-19 16:20 - 2015-10-24 19:00 - 000112128 _____ C:\Windows\SysWOW64\ff_vfw.dll 2017-10-19 16:20 - 2012-07-21 13:55 - 000180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm 2017-10-19 16:20 - 2012-07-21 13:54 - 000122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm 2017-10-19 16:20 - 2011-12-07 20:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll 2017-10-19 16:20 - 2011-12-07 20:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll 2017-10-19 16:16 - 2017-10-19 16:18 - 052381992 _____ (KLCP ) C:\Users\eclips\Desktop\K-Lite_Codec_Pack_1359_Mega.exe 2017-10-19 15:58 - 2017-10-19 15:58 - 010563576 _____ C:\Users\eclips\Desktop\bsplayer271.setup.exe 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\Program Files (x86)\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:54 - 000000000 ____D C:\Users\eclips\AppData\Local\Lavasoft 2017-10-19 15:53 - 2017-10-19 15:58 - 000000000 ____D C:\ProgramData\Lavasoft 2017-10-19 15:44 - 2017-10-19 16:29 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk 2017-10-19 15:44 - 2017-10-19 16:29 - 000001147 _____ C:\Users\Public\Desktop\BS.Player PRO.lnk 2017-10-19 15:44 - 2017-10-19 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh 2017-10-19 15:37 - 2017-10-19 15:39 - 053285758 _____ (KLCP ) C:\Users\eclips\Desktop\K-Lite_Codec_Pack_1360_Mega.exe 2017-10-19 14:57 - 2017-10-19 14:57 - 000091280 _____ C:\Users\eclips\Desktop\WAR_2017.(subs.sab.bz).rar 2017-10-17 23:41 - 2013-12-10 14:50 - 000955888 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2017-10-17 23:41 - 2013-12-10 14:50 - 000839152 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2017-10-17 23:40 - 2017-10-17 23:40 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2017-10-17 23:39 - 2017-10-17 23:39 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Sun 2017-10-17 23:38 - 2017-10-17 23:38 - 000000000 ____D C:\Users\eclips\AppData\LocalLow\Oracle 2017-10-14 20:33 - 2017-10-14 20:33 - 000032774 _____ C:\Users\eclips\Desktop\IT_2017_NEW_HD_TS_60FPS_x264_HQ_CPG.(subs.sab.bz).rar 2017-10-14 19:44 - 2017-10-17 23:33 - 000000000 ____D C:\Program Files\Common Files\AV 2017-10-14 19:44 - 2017-10-14 19:44 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-10-14 19:16 - 2017-10-14 19:16 - 008250832 _____ (Malwarebytes) C:\Users\eclips\Downloads\adwcleaner_7.0.3.1.exe 2017-10-14 19:12 - 2017-10-17 23:33 - 000002334 _____ C:\Users\eclips\Desktop\Safe Money.lnk 2017-10-14 19:12 - 2017-10-14 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2017-10-14 19:12 - 2017-10-14 19:11 - 000001124 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2017-10-14 19:11 - 2017-10-14 19:43 - 000625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2017-10-14 19:11 - 2017-10-14 19:43 - 000115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2017-10-14 19:11 - 2017-10-14 19:11 - 000000000 ____D C:\Windows\ELAMBKUP 2017-10-14 19:11 - 2017-10-14 19:11 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2017-10-14 19:11 - 2013-05-06 09:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2017-10-14 16:17 - 2017-10-19 20:41 - 000000000 ____D C:\ProgramData\NVIDIA 2017-10-14 16:17 - 2017-10-14 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-10-14 16:16 - 2009-07-10 07:01 - 000539168 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE 2017-10-14 16:15 - 2009-12-03 18:43 - 000000000 ____D C:\Users\eclips\Downloads\VGA_Win7-64(190.38)e 2017-10-14 16:15 - 2009-07-14 11:54 - 015005696 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 011327776 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2017-10-14 16:15 - 2009-07-14 11:54 - 010854400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 009375232 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 007565824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002617856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002258976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002169376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001983488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001723424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001706528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001291776 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001044992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000930272 _____ (Microsoft Corporation) C:\Windows\system32\dpinst.exe 2017-10-14 16:15 - 2009-07-14 11:54 - 000539168 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe 2017-10-14 16:15 - 2009-07-14 11:54 - 000167936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod157.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000167936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000011168 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd 2017-10-14 16:15 - 2009-07-14 11:54 - 000010161 _____ C:\Windows\system32\nvdisp.nvu 2017-10-14 16:14 - 2017-10-14 16:15 - 153992488 _____ C:\Users\eclips\Downloads\VGA_Win7-64(190.38)e.zip 2017-10-14 16:13 - 2017-10-19 21:13 - 000000000 ____D C:\Users\eclips\AppData\LocalLow\Mozilla 2017-10-13 22:03 - 2017-10-13 22:03 - 000033952 _____ C:\Users\eclips\Downloads\the.flash.2014.s04e01.hdtv.x264(subsunacs.net).rar 2017-10-13 01:17 - 2017-10-13 01:17 - 000000000 ____D C:\ProgramData\MB2Migration 2017-10-13 01:17 - 2017-10-13 01:17 - 000000000 ____D C:\Program Files\Malwarebytes 2017-10-13 01:12 - 2017-10-14 15:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-13 00:34 - 2017-10-18 00:30 - 005818880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2017-10-13 00:04 - 2017-10-13 00:04 - 000000000 ____D C:\Users\eclips\Desktop\Стари данни Firefox 2017-10-13 00:01 - 2017-10-13 01:17 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-10-12 23:30 - 2017-10-13 00:35 - 000000000 ____D C:\Users\eclips\AppData\Local\Dropbox 2017-10-12 23:30 - 2017-10-12 23:30 - 000000000 ____D C:\ProgramData\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 21:33 - 2014-07-01 19:48 - 000000000 ____D C:\FRST 2017-10-19 21:15 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\tracing 2017-10-19 20:49 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-10-19 20:49 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-10-19 20:43 - 2014-02-12 12:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-10-19 20:41 - 2013-11-19 23:28 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2017-10-19 20:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-19 20:40 - 2013-11-19 19:37 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BitComet 2017-10-19 20:06 - 2013-12-07 21:43 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-10-19 19:14 - 2014-05-28 13:04 - 000000000 ____D C:\AdwCleaner 2017-10-19 16:28 - 2013-11-19 23:49 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BSplayer Pro 2017-10-19 16:27 - 2013-11-19 23:49 - 000000000 ____D C:\Program Files (x86)\Webteh 2017-10-19 16:23 - 2013-11-19 23:49 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BSplayer 2017-10-18 19:40 - 2014-02-13 20:08 - 000000000 ____D C:\ADCDA2 2017-10-18 11:24 - 2013-12-18 22:51 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Skype 2017-10-18 00:30 - 2013-12-10 11:19 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-18 00:30 - 2013-11-20 11:44 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-18 00:30 - 2013-11-20 11:44 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-18 00:30 - 2013-11-20 11:44 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-18 00:30 - 2013-11-20 11:44 - 000000000 ____D C:\Windows\system32\Macromed 2017-10-17 23:42 - 2014-01-21 17:33 - 000000000 ____D C:\Program Files (x86)\Java 2017-10-17 23:41 - 2014-01-21 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-10-17 23:41 - 2013-12-10 14:50 - 000000000 ____D C:\Program Files\Java 2017-10-17 23:40 - 2013-12-10 14:50 - 000319552 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2017-10-17 23:40 - 2013-12-10 14:50 - 000206912 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2017-10-17 23:40 - 2013-12-10 14:50 - 000206912 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2017-10-17 23:39 - 2014-09-01 14:38 - 000270912 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2017-10-17 23:39 - 2014-09-01 14:38 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-10-17 23:39 - 2014-01-21 17:34 - 000000000 ____D C:\ProgramData\Oracle 2017-10-14 21:22 - 2013-12-04 16:02 - 000000000 ____D C:\Users\eclips\AppData\Roaming\vlc 2017-10-14 19:43 - 2013-06-10 12:27 - 000029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys 2017-10-14 19:43 - 2013-06-06 17:38 - 000178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2017-10-14 19:43 - 2013-05-06 09:22 - 000458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2017-10-14 19:43 - 2013-05-05 22:42 - 000029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys 2017-10-14 19:43 - 2013-05-05 22:42 - 000029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2017-10-14 19:28 - 2013-11-20 17:22 - 000000000 ____D C:\Windows\pss 2017-10-14 19:11 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf 2017-10-14 18:40 - 2014-01-05 21:34 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Dropbox 2017-10-14 16:24 - 2009-07-14 08:13 - 000785366 _____ C:\Windows\system32\PerfStringBackup.INI 2017-10-14 16:17 - 2014-05-12 23:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-10-14 16:17 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\Help 2017-10-14 15:37 - 2013-12-10 11:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-13 22:40 - 2013-11-19 23:41 - 000000000 ____D C:\ProgramData\AMD 2017-10-13 00:01 - 2013-12-07 21:44 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Malwarebytes 2017-10-13 00:01 - 2013-12-07 21:43 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2017-10-13 00:00 - 2013-11-19 21:24 - 000000000 ____D C:\ProgramData\TuneUp Software ==================== Files in the root of some directories ======= 2014-01-04 21:14 - 2014-01-04 21:14 - 001615904 ____R () C:\Users\eclips\AppData\Local\ASbs.ac 2014-05-12 11:02 - 2014-05-12 11:02 - 000585728 _____ () C:\Users\eclips\AppData\Local\file__0.localstorage 2013-11-19 22:07 - 2013-11-19 22:07 - 000000017 ____R () C:\Users\eclips\AppData\Local\resmon.resmoncfg 2014-09-14 20:59 - 2014-09-15 21:08 - 010807116 _____ () C:\ProgramData\OfflineCatalogue_1_2014_TECDOC_CD.log 2014-09-14 21:05 - 2014-09-14 21:05 - 000006106 _____ () C:\ProgramData\UninstallOfflineCatalogue.log Some files in TEMP: ==================== 2014-09-15 19:44 - 2011-02-11 18:36 - 023454528 ____N ( ) C:\Users\eclips\AppData\Local\Temp\AdbeRdr_en_US.exe 2014-09-07 14:19 - 2014-09-07 14:19 - 007850088 _____ (Microsoft Corporation) C:\Users\eclips\AppData\Local\Temp\BingBarSetup-Partner.exe 2017-10-13 22:07 - 2017-10-13 22:07 - 016739360 _____ () C:\Users\eclips\AppData\Local\Temp\BitBEFB.tmp.exe 2017-10-14 18:40 - 2017-10-14 18:40 - 000043008 _____ () C:\Users\eclips\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprkbc9q.dll 2014-01-31 06:29 - 2014-01-31 06:29 - 000341120 _____ (Gretech Corporation) C:\Users\eclips\AppData\Local\Temp\ExPromo.exe 2014-07-01 12:48 - 2014-09-29 20:15 - 000035224 _____ () C:\Users\eclips\AppData\Local\Temp\i4jdel0.exe 2014-07-28 08:15 - 2014-07-28 08:15 - 000918440 _____ (Oracle Corporation) C:\Users\eclips\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe 2017-09-08 19:04 - 2017-09-08 19:04 - 001856576 _____ (Oracle Corporation) C:\Users\eclips\AppData\Local\Temp\jre-8u151-windows-au.exe 2014-07-29 18:48 - 2014-07-29 18:48 - 000021888 _____ () C:\Users\eclips\AppData\Local\Temp\ochelper.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-18 20:24 ==================== End of FRST.txt ============================  
        Addition.txt
      • от Rada Beliata
        Здравейте, тази сутрин, отваряйки си компа установих, че се е самонастанила непоискана от мен търсачка Bing мястото на стандартния ми Google. Не зная да не би проблема да е по-голям и за това не пробвам да я чистя , а директно пускам тук файловете от сканирането:
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
        Ran by User (administrator) on USER-PC (06-11-2017 14:32:42)
        Running from C:\Users\User\Desktop
        Loaded Profiles: User (Available Profiles: User & Guest)
        Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
        (AMD) C:\Windows\System32\atiesrxx.exe
        (AMD) C:\Windows\System32\atieclxx.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
        (Microsoft Corporation) C:\Windows\System32\wlanext.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
        (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
        () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
        (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
        (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
        (Viber Media S.à r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
        (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        () C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Bose Corporation) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
        HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
        HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
        HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
        HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)
        HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.)
        HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
        HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
        HKLM-x32\...\Run: [SoundTouchHelper] => C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe [952832 2017-09-18] ()
        HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.lnk [2172 2017-09-26] ()
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [googletalk] => C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-30] (Google Inc.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [38871120 2017-10-24] (Viber Media S.à r.l.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Policies\Explorer: [] 
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\MountPoints2: {b89e904f-c580-11e0-ae91-806e6f6e6963} - E:\setup.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
        Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{61285D62-0825-4C6A-8F7B-F187EF6B7C4E}: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{BEC2B3B5-8A62-4C8D-947B-942060F59681}: [NameServer] 10.250.238.3 10.250.238.4
        Tcpip\..\Interfaces\{E2C5FBF5-BC9E-4F83-8514-C9EC7DB41090}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
        SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_en
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> {01331362-9AB4-4EF8-B80F-17A753AABA26} URL = hxxps://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_en
        BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
        BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
        BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-19] (Oracle Corporation)
        Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
        DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://e-fibank.bg/EBank/CAPICOM/capicom.cab
        DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
        FireFox:
        ========
        FF DefaultProfile: 0nh7i0xu.default-1396792165575
        FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 [2017-10-19]
        FF DefaultSearchEngine: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF Homepage: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us
        hxxps://www.malwarebytes.org/restorebrowser//?u=10b253f49536d7c82625e2601c9d32eb&c=1000_2&src=hp&inst=1471229042
        FF Keyword.URL: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
        FF Extension: (Bing Search) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\Extensions\bingsearch.full@microsoft.com.xpi [2017-09-10]
        FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\searchplugins\bing-.xml [2017-09-10]
        FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\searchplugins\google-.xml [2016-05-02]
        FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
        FF Plugin-x32: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-19] (Oracle Corporation)
        FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\new_plugin\npjp2.dll [No File]
        FF Plugin-x32: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-19] (Oracle Corporation)
        FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
        FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
        FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
        Chrome: 
        =======
        CHR DefaultProfile: Profile 1
        CHR HomePage: Profile 1 -> msn.com
        CHR StartupUrls: Profile 1 -> "hxxp://www.google.com"
        CHR NewTab: Profile 1 ->  Active:"chrome-extension://fcfenmboojpjinhpgggodefccipikbpd/newTab.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html"
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]
        CHR Extension: (Google Translate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-20]
        CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
        CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
        CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
        CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-07]
        CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
        CHR Extension: (Dropbox for Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-01-31]
        CHR Extension: (Email Game) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbobaphhmjpchjknfpcnlhcbkjbclge [2015-07-19]
        CHR Extension: (Gmail Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-07-19]
        CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
        CHR Extension: (Dnevnik.bg) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgpgbimpbapjogkgkgmdkcdimopnnljb [2015-07-19]
        CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
        CHR Extension: (Pin It Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
        CHR Extension: (Facebook Invite All) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2016-01-31]
        CHR Extension: (Download Master) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2016-01-31]
        CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
        CHR Extension: (MultiHighlighter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifbglmlbpgpbflnkfpclkmckoollbn [2015-09-04]
        CHR Extension: (OokiCookie) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjmnhgnkikbajikhhbplekfmljhdhjm [2015-07-19]
        CHR Extension: (word highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooabkmkhabkahcjbgpiajffckeibpdoa [2015-07-19]
        CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-03]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-06]
        CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
        CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
        CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02]
        CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
        CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
        CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-26]
        CHR Extension: (Bing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-06]
        CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
        CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
        CHR Extension: (FromDocToPDF) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-11-05]
        CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
        CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
        CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-29]
        CHR Extension: (10b253f49536d7c82625e2601c9d32eb_2) - C:\Program Files (x86)\Google\Chrome\Application\10b253f49536d7c82625e2601c9d32eb_2 [2016-08-18]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-03]
        CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
        CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
        S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-04-12] (Macrovision Europe Ltd.) [File not signed]
        R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
        R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
        R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
        R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
        R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
        S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
        R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [File not signed]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-08-20] ()
        R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
        R1 MpKsl1dabfb16; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B742210-A60B-40E6-8C1C-30273624352C}\MpKsl1dabfb16.sys [58120 2017-11-06] (Microsoft Corporation)
        R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
        S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
        S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
        S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
        S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
        S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
        S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
        S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
        S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
        S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-11-06 14:32 - 2017-11-06 14:36 - 000022793 _____ C:\Users\User\Desktop\FRST.txt
        2017-11-06 14:32 - 2017-11-06 14:32 - 000000000 ____D C:\FRST
        2017-11-06 14:31 - 2017-11-06 14:31 - 002403328 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
        2017-10-29 13:08 - 2017-10-29 13:09 - 000000000 ____D C:\Users\User\AppData\Local\Viber
        2017-10-26 21:08 - 2017-10-26 21:08 - 000182233 _____ C:\Users\User\Desktop\Гръбначните изкривявания - Част VI_ Загуба на шийна лордоза (Forward Head Posture syndrome) _ Любомир Иванов.html
        2017-10-26 21:08 - 2017-10-26 21:08 - 000000000 ____D C:\Users\User\Desktop\Гръбначните изкривявания - Част VI_ Загуба на шийна лордоза (Forward Head Posture syndrome) _ Любомир Иванов_files
        2017-10-17 10:55 - 2017-10-17 10:55 - 000136163 _____ C:\Users\User\Desktop\Актуална цена за присъединяване.pdf
        2017-10-12 20:26 - 2017-10-12 20:26 - 000056320 _____ C:\Users\User\Desktop\Таксуване (1).xls
        2017-10-12 19:09 - 2017-10-12 19:09 - 000056320 _____ C:\Users\User\Desktop\Таксуване.xls
        2017-10-11 21:32 - 2017-09-13 17:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
        2017-10-11 21:32 - 2017-09-13 17:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2017-10-11 21:32 - 2017-09-13 17:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
        2017-10-11 21:32 - 2017-09-13 17:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
        2017-10-11 21:32 - 2017-09-13 17:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
        2017-10-11 21:32 - 2017-09-13 17:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
        2017-10-11 21:32 - 2017-09-13 17:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
        2017-10-11 21:32 - 2017-09-13 17:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
        2017-10-11 21:32 - 2017-09-13 17:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
        2017-10-11 21:32 - 2017-09-13 17:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
        2017-10-11 21:32 - 2017-09-13 17:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
        2017-10-11 21:32 - 2017-09-13 17:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
        2017-10-11 21:32 - 2017-09-13 16:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
        2017-10-11 21:32 - 2017-09-13 16:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
        2017-10-11 21:32 - 2017-09-13 16:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
        2017-10-11 21:32 - 2017-09-13 16:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
        2017-10-11 21:32 - 2017-09-13 16:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
        2017-10-11 21:32 - 2017-09-13 16:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
        2017-10-11 21:32 - 2017-09-13 16:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
        2017-10-11 21:32 - 2017-09-13 16:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
        2017-10-11 21:32 - 2017-09-13 16:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
        2017-10-11 21:32 - 2017-09-13 16:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
        2017-10-11 21:32 - 2017-09-13 16:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
        2017-10-11 21:32 - 2017-09-09 02:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
        2017-10-11 21:32 - 2017-09-09 01:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
        2017-10-11 21:32 - 2017-09-08 17:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
        2017-10-11 21:32 - 2017-09-08 17:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
        2017-10-11 21:32 - 2017-09-08 17:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
        2017-10-11 21:32 - 2017-09-08 17:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
        2017-10-11 21:32 - 2017-09-08 17:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
        2017-10-11 21:32 - 2017-09-08 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
        2017-10-11 21:32 - 2017-09-08 17:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2017-10-11 21:32 - 2017-09-08 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
        2017-10-11 21:32 - 2017-09-08 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
        2017-10-11 21:32 - 2017-09-08 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
        2017-10-11 21:32 - 2017-09-08 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
        2017-10-11 21:32 - 2017-09-07 23:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
        2017-10-11 21:32 - 2017-09-07 23:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
        2017-10-11 21:32 - 2017-09-07 23:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
        2017-10-11 21:32 - 2017-09-07 23:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
        2017-10-11 21:32 - 2017-09-07 23:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
        2017-10-11 21:32 - 2017-09-07 23:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2017-10-11 21:32 - 2017-09-07 23:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
        2017-10-11 21:32 - 2017-09-07 23:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2017-10-11 21:32 - 2017-09-07 23:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2017-10-11 21:32 - 2017-09-07 23:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
        2017-10-11 21:32 - 2017-09-07 23:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
        2017-10-11 21:32 - 2017-09-07 23:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
        2017-10-11 21:32 - 2017-09-07 23:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
        2017-10-11 21:32 - 2017-09-07 23:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
        2017-10-11 21:32 - 2017-09-07 23:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
        2017-10-11 21:32 - 2017-09-07 23:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2017-10-11 21:32 - 2017-09-07 22:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
        2017-10-11 21:32 - 2017-09-07 22:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
        2017-10-11 21:32 - 2017-09-07 22:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2017-10-11 21:32 - 2017-09-07 22:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
        2017-10-11 21:32 - 2017-09-07 22:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
        2017-10-11 21:32 - 2017-09-07 22:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
        2017-10-11 21:32 - 2017-09-07 22:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
        2017-10-11 21:32 - 2017-09-07 22:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
        2017-10-11 21:32 - 2017-09-07 22:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
        2017-10-11 21:32 - 2017-09-07 22:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
        2017-10-11 21:32 - 2017-09-07 22:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
        2017-10-11 21:32 - 2017-09-07 22:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2017-10-11 21:32 - 2017-09-07 22:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
        2017-10-11 21:32 - 2017-09-07 22:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
        2017-10-11 21:32 - 2017-09-07 22:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
        2017-10-11 21:32 - 2017-09-07 21:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2017-10-11 21:32 - 2017-09-07 21:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2017-10-11 21:32 - 2017-09-07 21:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
        2017-10-11 21:32 - 2017-09-07 21:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2017-10-11 21:32 - 2017-09-07 21:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2017-10-11 21:32 - 2017-09-07 21:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
        2017-10-11 21:32 - 2017-09-07 21:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
        2017-10-11 21:32 - 2017-09-07 21:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
        2017-10-11 21:32 - 2017-09-07 21:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
        2017-10-11 21:32 - 2017-09-07 21:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
        2017-10-11 21:32 - 2017-09-07 21:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
        2017-10-11 21:32 - 2017-09-07 21:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
        2017-10-11 21:32 - 2017-09-07 21:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
        2017-10-11 21:32 - 2017-09-07 21:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
        2017-10-11 21:32 - 2017-09-07 20:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
        2017-10-11 21:32 - 2017-09-07 20:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
        2017-10-11 21:32 - 2017-09-07 20:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
        2017-10-11 21:32 - 2017-09-07 20:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
        2017-10-11 21:32 - 2017-09-07 20:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
        2017-10-11 21:32 - 2017-09-07 20:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
        2017-10-11 21:32 - 2017-09-07 20:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
        2017-10-11 21:32 - 2017-09-07 20:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
        2017-10-11 21:32 - 2017-09-07 20:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
        2017-10-11 21:32 - 2017-09-07 20:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
        2017-10-11 21:32 - 2017-09-07 20:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
        2017-10-11 21:32 - 2017-09-07 20:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
        2017-10-11 21:32 - 2017-09-07 20:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
        2017-10-11 21:32 - 2017-09-07 20:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
        2017-10-11 21:32 - 2017-09-07 20:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
        2017-10-11 21:32 - 2017-09-07 20:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
        2017-10-11 21:32 - 2017-09-07 19:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
        2017-10-11 21:32 - 2017-09-07 19:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
        2017-10-11 21:32 - 2017-09-07 17:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
        2017-10-11 21:32 - 2017-09-07 17:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
        2017-10-11 21:32 - 2017-09-07 16:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
        2017-10-11 21:32 - 2017-09-07 16:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
        2017-10-11 21:32 - 2017-09-07 16:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
        2017-10-11 21:32 - 2017-08-19 17:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
        2017-10-11 21:32 - 2017-08-19 17:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
        2017-10-11 21:32 - 2017-08-19 17:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
        2017-10-11 21:32 - 2017-08-19 17:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
        2017-10-11 21:32 - 2017-08-19 17:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
        2017-10-11 21:32 - 2017-08-19 16:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
        2017-10-11 21:32 - 2017-08-19 16:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
        2017-10-11 21:32 - 2017-08-14 19:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
        2017-10-11 21:32 - 2017-08-14 19:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
        2017-10-11 21:32 - 2017-08-14 19:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
        2017-10-11 21:32 - 2017-08-13 23:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-11-06 14:26 - 2015-06-24 14:51 - 000000000 ____D C:\Users\User\Documents\ViberDownloads
        2017-11-06 14:26 - 2011-04-12 10:47 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
        2017-11-06 14:17 - 2011-05-26 17:50 - 000001004 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108872990-2365937994-3429966836-1000UA.job
        2017-11-06 13:32 - 2009-07-14 06:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-11-06 13:32 - 2009-07-14 06:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-11-06 13:22 - 2009-07-14 07:13 - 000785786 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-11-06 13:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
        2017-11-06 13:20 - 2016-04-14 22:13 - 000000000 ____D C:\Users\User\AppData\Roaming\ViberPC
        2017-11-06 13:17 - 2016-03-27 23:35 - 000065536 _____ C:\Windows\system32\Ikeext.etl
        2017-11-06 13:17 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-11-05 18:17 - 2011-05-26 17:50 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108872990-2365937994-3429966836-1000Core.job
        2017-11-05 10:53 - 2017-04-13 22:27 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-11-05 10:53 - 2011-04-12 10:46 - 000000000 ____D C:\ProgramData\Skype
        2017-11-05 10:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
        2017-10-31 11:15 - 2011-04-12 20:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
        2017-10-26 19:48 - 2017-07-25 10:39 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
        2017-10-25 19:32 - 2017-07-22 20:42 - 000000000 ____D C:\Users\User\AppData\Roaming\SoundTouch
        2017-10-25 19:32 - 2017-07-22 20:41 - 000000000 ____D C:\Program Files (x86)\SoundTouch
        2017-10-24 15:23 - 2013-01-16 17:48 - 000000000 ____D C:\ProgramData\CanonIJPLM
        2017-10-19 09:39 - 2016-12-19 08:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
        2017-10-19 09:39 - 2016-12-05 20:28 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
        2017-10-12 17:12 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
        2017-10-12 16:22 - 2009-07-14 06:45 - 002338848 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-10-11 22:02 - 2011-04-12 11:16 - 000762140 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
        ==================== Files in the root of some directories =======
        2011-07-27 22:59 - 2011-07-27 22:59 - 000000000 ____H () C:\Users\User\AppData\Local\BIT7DB1.tmp
        2011-11-10 16:05 - 2011-11-10 16:05 - 000004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm
        2011-07-27 22:59 - 2011-07-27 22:59 - 000000000 _____ () C:\Users\User\AppData\Local\{BE08E1F6-7B92-4E51-B565-F383E741847C}
        2011-07-28 14:34 - 2011-07-28 14:35 - 000000000 _____ () C:\Users\User\AppData\Local\{D390E0A7-E0A7-4120-9348-F90CD935A202}
        2011-04-12 12:27 - 2011-04-12 12:27 - 000000056 ____H () C:\ProgramData\ezsidmv.dat
        2016-03-12 22:11 - 2016-03-12 22:11 - 000000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
        Some files in TEMP:
        ====================
        2017-09-10 14:36 - 2017-09-10 14:36 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcProcessor.exe
        2017-09-10 14:36 - 2017-09-10 14:36 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcUpdater.exe
        2017-08-05 17:18 - 2017-10-06 16:51 - 058881488 _____ (Skype Technologies S.A.) C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-10-31 11:55
        ==================== End of FRST.txt ============================
         
        Благодаря предваротелно за съдействието
         
        Addition.txt
      • от N1K17Y
        Теглих съмнителни торенти и мисля, че системата ми е заразена 
         
        Addition.txt
      • от Wrath
        Добър ден ! Днес забелязах, че имам чужди опити за логини във всичките си абв акаунти. От Нидерландия, Алжир, Оман и така нататък. Верятно да е фалшвиш ип адрес, но винаги има все пак.  Опитите за влизане са несполучливи понеже няма как да ми улучат паролата , но все пак се притесних. Ще съм супер благодарен за малко помощ ! 
        Addition.txt
        FRST.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.