Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winvmx Client has infected my computer


  • This topic is locked This topic is locked
13 replies to this topic

#1 marksmith7

marksmith7

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 31 May 2018 - 03:03 PM

I can't get rid of it.  I've tried all the programs listed on this link

https://www.bleepingcomputer.com/virus-removal/remove-winvmx-client-and-vmxclient.exe-pup

none of them have worked.  I accidentally allowed this to be installed on my computer as an add on to a program I was trying to install.  I ran FRST, here are the files. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\cwrguoksvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Paperclip\sus.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
() C:\Program Files (x86)\Paperclip\sus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Ann2\AppData\Local\sedxaiv\sedxaiv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Ann2\AppData\Local\sedxaiv\cgmhrpn.exe
() C:\Users\Ann2\AppData\Local\sedxaiv\cgmhrpn.exe
() C:\Users\Ann2\AppData\Local\sedxaiv\cgmhrpn.exe
() C:\Users\Ann2\AppData\Local\sedxaiv\cgmhrpn.exe
() C:\Users\Ann2\AppData\Local\sedxaiv\cgmhrpn.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-29] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597016 2016-03-31] (Oracle Corporation)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-02] (Qualcomm®Atheros®)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2536185707-2510705283-2797590743-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKU\S-1-5-21-2536185707-2510705283-2797590743-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-2536185707-2510705283-2797590743-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [{91120000-0014-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-08-01]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6F9E917F-ADF5-4EA0-B2DA-DA5966BC9188}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E00F7EF9-FB49-4D49-9D02-2407B95D9A93}: [DhcpNameServer] 10.119.4.11 10.119.4.12 163.244.235.81

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2536185707-2510705283-2797590743-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2536185707-2510705283-2797590743-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2536185707-2510705283-2797590743-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2536185707-2510705283-2797590743-1000 -> DefaultScope {D5283731-15E6-417F-9EA8-60856E0619AD} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20150206&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2536185707-2510705283-2797590743-1000 -> {1A65FA68-94C1-4F8A-A9C9-EFB47EE9B56F} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2536185707-2510705283-2797590743-1000 -> {D5283731-15E6-417F-9EA8-60856E0619AD} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20150206&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2015-04-20] (Nuance Communications, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-06-14] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-02] (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-12-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-06-14] (Oracle Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2015-04-20] (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-11] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-11] (Oracle Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ann2\AppData\Roaming\Mozilla\Firefox\Profiles\ig66u2a2.default-1485622054292 [2018-05-31]
FF Extension: (Check4Change) - C:\Users\Ann2\AppData\Roaming\Mozilla\Firefox\Profiles\ig66u2a2.default-1485622054292\Extensions\check4change-owner@mozdev.org.xpi [2018-04-08]
FF Extension: (Dragon Web Extension) - C:\Users\Ann2\AppData\Roaming\Mozilla\Firefox\Profiles\ig66u2a2.default-1485622054292\Extensions\dgnria2@nuance.com.xpi [2017-09-12] [Legacy]
FF Extension: (Google NoTrack) - C:\Users\Ann2\AppData\Roaming\Mozilla\Firefox\Profiles\ig66u2a2.default-1485622054292\Extensions\googlenotrack@dirtylittlehelpers.com.xpi [2018-05-29]
FF Extension: (Adblock Plus) - C:\Users\Ann2\AppData\Roaming\Mozilla\Firefox\Profiles\ig66u2a2.default-1485622054292\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-17]
FF Extension: (Greasemonkey) - C:\Users\Ann2\AppData\Roaming\Mozilla\Firefox\Profiles\ig66u2a2.default-1485622054292\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-03-16]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Ann2\AppData\Roaming\Mozilla\Firefox\Profiles\ig66u2a2.default-1485622054292\features\{58a48546-7a0d-40dd-b0f4-291d516ced8a}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-05-24] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-06-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-06-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2015-04-20] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2015-04-20] (Nuance Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default [2018-05-31]
CHR Extension: (Slides) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-06]
CHR Extension: (YouTube) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-06]
CHR Extension: (uBlock Origin) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-26]
CHR Extension: (Tampermonkey) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-31]
CHR Extension: (Sheets) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Page Monitor) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogeebjpdeabhncjpfhgdibjajcajepgg [2017-08-17]
CHR Extension: (Gmail) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\Ann2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-31]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\smlaekw <==== ATTENTION (Rootkit!)
"iTranslatorSvc" => service could not be unlocked. <==== ATTENTION

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-08] (Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2015-04-20] (Nuance Communications, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-29] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-12] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-20] (Atheros) [File not signed]
R2 postgresql-8.4; "c:\postgreSQL\bin\pg_ctl.exe" runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-05-31] ()
S4 hitmanpro37duringboot; C:\Windows\System32\drivers\hitmanpro37.sys [55232 2018-05-31] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94328 2018-05-31] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-05-31] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-05-31] (Zemana Ltd.)
R3 eilorv; system32\drivers\lorvyb.sys [X]
U5 iTranslatorSvc;  <==== ATTENTION: Locked Service
R4 NetfilterSvc; \??\C:\Windows\iNetfilterSvc [X]
S4 phrkid; System32\drivers\avekplis.sys [X]
S3 wwzzzd; system32\drivers\qqtttw.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-31 15:51 - 2018-05-31 15:52 - 000024614 _____ C:\Users\Ann2\Downloads\FRST.txt
2018-05-31 15:51 - 2018-05-31 15:51 - 002413056 _____ (Farbar) C:\Users\Ann2\Downloads\FRST64.exe
2018-05-31 15:51 - 2018-05-31 15:51 - 000000000 ____D C:\FRST
2018-05-31 15:36 - 2018-05-31 15:36 - 000000000 ____D C:\Users\Ann2\AppData\Local\wdbkuvx
2018-05-31 15:35 - 2018-05-31 15:35 - 000000000 ___RD C:\Users\Ann2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2018-05-31 14:57 - 2018-05-31 14:57 - 000142672 ____N C:\Windows\system32\Drivers\atmybehl.sys
2018-05-31 14:26 - 2018-05-31 14:26 - 000000000 ____D C:\Users\Ann2\AppData\Local\wdeazck
2018-05-31 14:24 - 2018-05-31 14:24 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-05-31 14:20 - 2018-05-31 14:20 - 000002104 _____ C:\Windows\system32\.crusader
2018-05-31 14:08 - 2018-05-31 14:19 - 000000000 ____D C:\ProgramData\HitmanPro
2018-05-31 14:07 - 2018-05-31 14:08 - 011609024 _____ (SurfRight B.V.) C:\Users\Ann2\Downloads\HitmanPro_x64.exe
2018-05-31 14:01 - 2018-05-31 14:01 - 000000000 ____D C:\Users\Ann2\AppData\Local\msswxlg
2018-05-31 13:52 - 2018-05-31 13:57 - 000000000 ____D C:\AdwCleaner
2018-05-31 13:51 - 2018-05-31 13:51 - 007271632 _____ (Malwarebytes) C:\Users\Ann2\Downloads\AdwCleaner.exe
2018-05-31 13:16 - 2018-05-31 14:04 - 000000449 _____ C:\Users\Ann2\Desktop\boobs.bat
2018-05-31 12:58 - 2018-05-31 12:58 - 000000000 _____ C:\Users\Ann2\Desktop\New Text Document.txt
2018-05-31 12:49 - 2018-05-31 12:49 - 000000000 ____D C:\Users\Ann2\AppData\Local\serakoh
2018-05-31 12:48 - 2018-05-31 15:49 - 000000001 _____ C:\n7z77vlg0tndtoe
2018-05-31 11:27 - 2018-05-31 11:27 - 000000000 ____D C:\Users\Ann2\AppData\Local\wmcagent
2018-05-31 11:24 - 2018-05-31 11:24 - 000000000 ____D C:\Users\Ann2\AppData\Local\nikxosz
2018-05-31 10:52 - 2018-05-31 10:52 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-31 10:52 - 2018-05-31 10:52 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-05-31 10:52 - 2018-05-31 10:52 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-31 10:52 - 2018-05-31 10:52 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-31 10:52 - 2018-05-31 10:52 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-31 10:52 - 2018-05-31 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-31 10:52 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-31 10:50 - 2018-05-31 10:50 - 074288784 _____ (Malwarebytes ) C:\Users\Ann2\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2018-05-31 10:44 - 2018-05-31 10:44 - 000000000 ____D C:\Users\Ann2\AppData\Local\coapnvs
2018-05-31 10:14 - 2018-05-31 10:14 - 000000000 ____D C:\ProgramData\dbg
2018-05-31 10:13 - 2018-05-31 10:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-05-31 10:12 - 2018-05-31 15:52 - 000159091 _____ C:\Windows\ZAM.krnl.trace
2018-05-31 10:12 - 2018-05-31 15:52 - 000061049 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-05-31 10:12 - 2018-05-31 10:42 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-05-31 10:12 - 2018-05-31 10:13 - 000001078 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-05-31 10:12 - 2018-05-31 10:12 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-05-31 10:12 - 2018-05-31 10:12 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-05-31 10:11 - 2018-05-31 10:11 - 000000000 ____D C:\Users\Ann2\AppData\Local\Zemana
2018-05-31 10:09 - 2018-05-31 10:09 - 005766464 _____ (Zemana Ltd. ) C:\Users\Ann2\Downloads\eXplorer.exe
2018-05-31 09:53 - 2018-05-31 09:55 - 000002132 _____ C:\Users\Ann2\Desktop\Rkill.txt
2018-05-31 09:38 - 2018-05-31 09:38 - 000000000 ____D C:\Users\Ann2\AppData\Local\wddksvl
2018-05-31 00:48 - 2018-05-31 00:48 - 000000000 ____D C:\Users\Ann2\AppData\Local\nvaizbh
2018-05-31 00:00 - 2018-05-31 10:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-31 00:00 - 2018-05-31 00:00 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2566D7D4.sys
2018-05-30 23:59 - 2018-05-31 00:44 - 000000000 ____D C:\Users\Ann2\Desktop\mbar
2018-05-30 23:59 - 2018-05-31 00:44 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-05-30 23:59 - 2018-05-30 23:59 - 014161479 _____ C:\Users\Ann2\Downloads\mbar-1.10.3.1001-nr.exe
2018-05-30 23:48 - 2018-05-30 23:48 - 000000000 ____D C:\Users\Ann2\AppData\Local\wekbcsv
2018-05-30 23:41 - 2018-05-30 23:41 - 046525608 _____ (Safer-Networking Ltd. ) C:\Users\Ann2\Downloads\spybot-2-4.exe
2018-05-30 23:33 - 2018-05-30 23:33 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ann2\Downloads\avg_antivirus_free_setup.exe
2018-05-30 23:19 - 2018-05-30 23:31 - 000000000 ____D C:\Users\Ann2\Downloads\Bitdefender Total Security 2017 v21.0.25.92 Final + Trial Reset
2018-05-30 21:16 - 2018-05-30 21:16 - 000000000 ____D C:\Users\Ann2\Downloads\tampermonkey-backup-chrome-2018-05-31T01-13-46.787Z
2018-05-30 21:13 - 2018-05-30 21:13 - 001911711 _____ C:\Users\Ann2\Downloads\tampermonkey-backup-chrome-2018-05-31T01-13-46.787Z.zip
2018-05-30 19:07 - 2018-05-30 19:08 - 075629776 _____ (Malwarebytes ) C:\Users\Ann2\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5188.exe
2018-05-30 17:33 - 2018-05-30 17:33 - 000000000 ____D C:\Users\Ann2\AppData\Local\rahospi
2018-05-30 16:38 - 2018-05-30 16:38 - 000000000 ____D C:\Users\Ann2\AppData\Local\cwdkvhr
2018-05-30 16:35 - 2010-11-20 23:23 - 000383786 __RSH C:\bootmgr
2018-05-30 15:57 - 2018-05-30 15:57 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-30 15:57 - 2018-05-30 15:57 - 000002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-30 15:56 - 2018-05-30 15:56 - 001130840 _____ (Google Inc.) C:\Users\Ann2\Downloads\ChromeSetup(1).exe
2018-05-30 15:56 - 2018-05-30 15:56 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-30 15:56 - 2018-05-30 15:56 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-30 15:50 - 2018-05-30 15:50 - 000000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-30 15:50 - 2018-05-30 15:50 - 000000926 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-05-30 15:50 - 2018-05-30 15:50 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-30 15:49 - 2018-05-30 15:50 - 000313584 _____ (Mozilla) C:\Users\Ann2\Downloads\Firefox Installer.exe
2018-05-30 13:53 - 2018-05-30 13:53 - 000000000 ____D C:\Users\Ann2\AppData\Local\racdslk
2018-05-30 13:17 - 2018-05-31 10:52 - 000094328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-05-30 13:16 - 2018-05-30 13:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-30 13:07 - 2018-05-30 13:07 - 000000000 ____D C:\Users\Ann2\AppData\Local\weakusm
2018-05-30 12:57 - 2018-05-30 12:57 - 000020988 _____ C:\Users\Ann2\Desktop\ajj 530.txt
2018-05-30 12:56 - 2018-05-30 12:56 - 000040828 _____ C:\Users\Ann2\Desktop\may 30 cen.txt
2018-05-30 12:53 - 2018-05-31 15:52 - 000000000 ____D C:\Users\Ann2\AppData\Local\wdotluk
2018-05-30 12:53 - 2018-05-30 12:53 - 000000000 ____D C:\Users\Ann2\AppData\Local\mskhutr
2018-05-29 21:56 - 2018-05-31 15:51 - 000000000 ____D C:\Users\Ann2\AppData\Local\sedxaiv
2018-05-29 21:56 - 2018-05-31 15:33 - 000188928 _____ C:\Windows\system32\iTranslator.dll
2018-05-29 21:56 - 2018-05-30 12:58 - 000000000 ____D C:\Windows\SSL
2018-05-29 21:56 - 2018-05-29 21:56 - 000000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\iTranslator.lnk
2018-05-29 21:56 - 2018-05-29 21:56 - 000000000 ____D C:\Windows\nss
2018-05-29 21:56 - 2018-05-29 21:56 - 000000000 ____D C:\Users\Ann2\AppData\Local\tielkvp
2018-05-29 21:55 - 2018-05-31 15:33 - 002888704 _____ (TOSHIBA CORPORATION) C:\Windows\system32\cwrguoksvc.exe
2018-05-29 21:55 - 2018-05-30 13:45 - 000000000 ____D C:\ProgramData\itranslator
2018-05-29 21:55 - 2018-05-29 21:55 - 003922440 _____ C:\Windows\iTranslator
2018-05-29 21:55 - 2018-05-29 21:55 - 000000000 ____D C:\Windows\SysWOW64\mbbtcos
2018-05-29 21:55 - 2018-05-29 21:55 - 000000000 ____D C:\Windows\system32\mbbtcos
2018-05-29 21:54 - 2018-05-29 21:54 - 000000000 ____D C:\Users\Ann2\AppData\Roaming\et
2018-05-29 21:53 - 2018-05-29 21:53 - 000003724 _____ C:\Windows\System32\Tasks\fallout
2018-05-29 21:52 - 2018-05-30 13:51 - 000000000 ___HD C:\Program Files (x86)\Sacks
2018-05-29 21:52 - 2018-05-30 13:51 - 000000000 ___HD C:\Program Files (x86)\bicker
2018-05-29 21:52 - 2018-05-30 13:51 - 000000000 ____D C:\Program Files (x86)\edit
2018-05-29 21:52 - 2018-05-30 13:51 - 000000000 ____D C:\Program Files (x86)\Bergin
2018-05-29 21:52 - 2018-05-30 13:51 - 000000000 ____D C:\Program Files (x86)\arranged
2018-05-29 21:52 - 2018-05-29 21:52 - 000003556 _____ C:\Windows\System32\Tasks\falloutfallout
2018-05-29 21:52 - 2018-05-29 21:52 - 000000012 _____ C:\Windows\b23800226
2018-05-29 21:52 - 2018-05-29 21:52 - 000000000 ____D C:\Users\Ann2\Documents\Chameleon files
2018-05-29 21:52 - 2018-05-29 21:52 - 000000000 ____D C:\ProgramData\Arkei-e591cd67-f005-4746-97ca-ace1dc7f62c6
2018-05-29 21:52 - 2018-05-29 21:52 - 000000000 ____D C:\Program Files (x86)\Paperclip
2018-05-29 21:45 - 2018-05-29 21:51 - 000000000 ____D C:\Users\Ann2\Downloads\iTunes 10.7.0.21 Windows 64-bit [Best Version to Date]
2018-05-29 07:09 - 2018-05-28 05:59 - 004279968 _____ (NeoSoft Tools ) C:\Users\Ann2\AppData\Roaming\ctask.exe
2018-05-27 13:51 - 2018-05-27 13:51 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-05-27 13:51 - 2018-05-27 13:51 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-05-27 13:50 - 2018-05-27 13:51 - 000000000 ____D C:\Program Files\Bonjour
2018-05-27 13:50 - 2018-05-27 13:51 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-05-26 23:06 - 2018-05-26 23:19 - 000000000 ____D C:\Users\Ann2\Downloads\[www.protorrent.co.uk] Criminal Minds Season 1
2018-05-24 22:23 - 2018-05-24 22:25 - 237863407 _____ C:\Users\Ann2\Downloads\the.handmaids.tale.s01e02.hdtv.x264-mtb.mkv
2018-05-24 22:09 - 2018-05-24 22:11 - 318349698 _____ C:\Users\Ann2\Downloads\the.handmaids.tale.s01e01.hdtv.x264-mtb.mkv
2018-05-23 21:54 - 2018-05-23 22:06 - 651813413 _____ C:\Users\Ann2\Downloads\ncis.los.angeles.92324.hdtv-lol.mkv
2018-05-21 20:31 - 2018-05-26 16:34 - 000000000 ____D C:\Users\Ann2\Downloads\The Chi Season 1 Complete 720p WEB x264 [i_c]
2018-05-21 19:59 - 2018-05-21 20:02 - 286524095 _____ C:\Users\Ann2\Downloads\Chicago.Fire.S06E21.HDTV.x264-SVA.mkv
2018-05-21 19:57 - 2018-05-21 20:02 - 577566870 _____ C:\Users\Ann2\Downloads\Chicago.Fire.S06E22-E23.HDTV.x264-KILLERS.mkv
2018-05-20 21:55 - 2018-05-20 21:59 - 549863978 _____ C:\Users\Ann2\Downloads\Saturday.Night.Live.S43E23.Tina.Fey.and.Nicki.Minaj.HDTV.x264-CRiMSON[N1C].mkv
2018-05-18 22:30 - 2018-05-18 22:35 - 258673356 _____ C:\Users\Ann2\Downloads\Brockmire.S01E08.XviD-AFG.avi
2018-05-18 22:30 - 2018-05-18 22:34 - 194999256 _____ C:\Users\Ann2\Downloads\Brockmire.S01E07.XviD-AFG.avi
2018-05-18 22:29 - 2018-05-18 22:35 - 239101378 _____ C:\Users\Ann2\Downloads\Brockmire.S01E04.XviD-AFG.avi
2018-05-18 22:29 - 2018-05-18 22:35 - 237349820 _____ C:\Users\Ann2\Downloads\Brockmire.S01E05.XviD-AFG.avi
2018-05-18 22:29 - 2018-05-18 22:34 - 245459702 _____ C:\Users\Ann2\Downloads\Brockmire.S01E03.XviD-AFG.avi
2018-05-18 22:29 - 2018-05-18 22:34 - 198905882 _____ C:\Users\Ann2\Downloads\Brockmire.S01E06.XviD-AFG.avi
2018-05-18 22:29 - 2018-05-18 22:33 - 215284450 _____ C:\Users\Ann2\Downloads\Brockmire.S01E01.Rally.Cap.XviD-AFG.avi
2018-05-18 22:29 - 2018-05-18 22:33 - 182037400 _____ C:\Users\Ann2\Downloads\Brockmire.S01E02.XviD-AFG.avi
2018-05-17 18:12 - 2018-05-17 18:16 - 299272923 _____ C:\Users\Ann2\Downloads\Suits.S07E16.HDTV.x264-SVA.mkv
2018-05-17 18:11 - 2018-05-17 18:15 - 229610527 _____ C:\Users\Ann2\Downloads\Suits.S07E14.HDTV.x264-SVA.mkv
2018-05-17 18:11 - 2018-05-17 18:15 - 225503897 _____ C:\Users\Ann2\Downloads\Suits.S07E12.HDTV.x264-SVA.mkv
2018-05-17 18:11 - 2018-05-17 18:15 - 205450772 _____ C:\Users\Ann2\Downloads\Suits.S07E13.HDTV.x264-SVA.mkv
2018-05-17 18:11 - 2018-05-17 18:14 - 206724860 _____ C:\Users\Ann2\Downloads\Suits.S07E11.HDTV.x264-SVA.mkv
2018-05-17 18:11 - 2018-05-17 18:14 - 203920580 _____ C:\Users\Ann2\Downloads\Suits.S07E15.HDTV.x264-SVA.mkv
2018-05-17 07:43 - 2018-05-21 17:39 - 000012259 _____ C:\Users\Ann2\Documents\Fitness.xlsx
2018-05-16 19:18 - 2018-05-16 19:20 - 214269508 _____ C:\Users\Ann2\Downloads\Chicago.Med.S03E20.HDTV.x264-SVA.mkv
2018-05-15 19:47 - 2018-05-15 19:50 - 442161728 _____ C:\Users\Ann2\Downloads\NCIS.Los.Angeles.S09E21.WEBRip.x264-ION10.mp4
2018-05-15 19:47 - 2018-05-15 19:49 - 323239673 _____ C:\Users\Ann2\Downloads\ncis.los.angeles.922.hdtv-lol.mkv
2018-05-15 18:58 - 2018-05-15 19:01 - 364647877 _____ C:\Users\Ann2\Downloads\ncis.los.angeles.920.hdtv-lol.mkv
2018-05-14 21:27 - 2018-05-14 21:32 - 671739369 _____ C:\Users\Ann2\Downloads\Silicon.Valley.S05E08.Fifty-One.Percent.720p.AMZN.WEB-DL.DDP5.1.H.264-NTb[N1C].mkv
2018-05-14 20:55 - 2018-05-14 20:57 - 216559054 _____ C:\Users\Ann2\Downloads\Last.Week.Tonight.With.John.Oliver.S05E11.HDTV.x264-UAV.mkv
2018-05-14 18:19 - 2018-05-14 18:21 - 271188572 _____ C:\Users\Ann2\Downloads\The.Daily.Show.2018.05.08.Jon.Meacham.EXTENDED.WEB.x264-CAFFEiNE.mkv
2018-05-13 00:12 - 2018-05-13 00:15 - 191888122 _____ C:\Users\Ann2\Downloads\Silicon.Valley.S05E06.WEB.H264-DEFLATE.mkv
2018-05-13 00:12 - 2018-05-13 00:14 - 173333037 _____ C:\Users\Ann2\Downloads\Silicon.Valley.S05E07.WEB.H264-DEFLATE.mkv
2018-05-13 00:11 - 2018-05-13 00:23 - 444548260 _____ C:\Users\Ann2\Downloads\Silicon.Valley.S05E04.REPACK.720p.WEB.H264-DEFLATE.mkv
2018-05-13 00:11 - 2018-05-13 00:14 - 172171595 _____ C:\Users\Ann2\Downloads\Silicon.Valley.S05E03.WEB.H264-DEFLATE.mkv
2018-05-13 00:11 - 2018-05-13 00:14 - 171881383 _____ C:\Users\Ann2\Downloads\Silicon.Valley.S05E05.WEB.H264-DEFLATE.mkv
2018-05-13 00:11 - 2018-05-13 00:13 - 157837514 _____ C:\Users\Ann2\Downloads\Silicon.Valley.S05E02.WEB.H264-DEFLATE.mkv
2018-05-10 21:27 - 2018-05-10 21:31 - 228065701 _____ C:\Users\Ann2\Downloads\Chicago.Med.S03E19.HDTV.x264-KILLERS.mkv
2018-05-10 21:27 - 2018-05-10 21:29 - 244036391 _____ C:\Users\Ann2\Downloads\Chicago.PD.S05E22.HDTV.x264-KILLERS.mkv
2018-05-09 18:46 - 2018-05-09 18:51 - 679492232 _____ C:\Users\Ann2\Downloads\silicon.valley.s05e01.720p.web.h264-tbs.mkv
2018-05-09 00:07 - 2018-04-23 14:57 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-09 00:07 - 2018-04-23 14:02 - 000348832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-09 00:07 - 2018-04-22 20:35 - 005583552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-09 00:07 - 2018-04-22 20:35 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-09 00:07 - 2018-04-22 20:35 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-05-09 00:07 - 2018-04-22 20:35 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-09 00:07 - 2018-04-22 20:35 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-05-09 00:07 - 2018-04-22 20:12 - 004047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-05-09 00:07 - 2018-04-22 20:12 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-05-09 00:07 - 2018-04-22 20:10 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-09 00:07 - 2018-04-22 20:07 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:44 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-05-09 00:07 - 2018-04-22 19:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-05-09 00:07 - 2018-04-22 19:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-09 00:07 - 2018-04-22 19:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-05-09 00:07 - 2018-04-22 19:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-05-09 00:07 - 2018-04-22 19:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-05-09 00:07 - 2018-04-22 19:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-05-09 00:07 - 2018-04-22 19:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-09 00:07 - 2018-04-22 19:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-05-09 00:07 - 2018-04-22 19:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:32 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-05-09 00:07 - 2018-04-22 19:32 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-05-09 00:07 - 2018-04-22 19:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-05-09 00:07 - 2018-04-22 19:31 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-05-09 00:07 - 2018-04-22 19:28 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-05-09 00:07 - 2018-04-22 19:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-05-09 00:07 - 2018-04-22 19:27 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-05-09 00:07 - 2018-04-22 19:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-05-09 00:07 - 2018-04-22 19:24 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-05-09 00:07 - 2018-04-22 19:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-05-09 00:07 - 2018-04-22 19:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-05-09 00:07 - 2018-04-22 19:23 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-05-09 00:07 - 2018-04-22 19:23 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-05-09 00:07 - 2018-04-22 19:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-05-09 00:07 - 2018-04-22 19:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-05-09 00:07 - 2018-04-22 19:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-05-09 00:07 - 2018-04-22 19:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-05-09 00:07 - 2018-04-22 19:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-05-09 00:07 - 2018-04-22 19:18 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-05-09 00:07 - 2018-04-22 19:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 19:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-09 00:07 - 2018-04-22 04:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-09 00:07 - 2018-04-22 03:53 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-05-09 00:07 - 2018-04-22 03:53 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-05-09 00:07 - 2018-04-22 03:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-09 00:07 - 2018-04-22 03:39 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-05-09 00:07 - 2018-04-22 03:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-09 00:07 - 2018-04-22 03:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-05-09 00:07 - 2018-04-22 03:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-05-09 00:07 - 2018-04-22 03:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-09 00:07 - 2018-04-22 03:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-09 00:07 - 2018-04-22 03:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-05-09 00:07 - 2018-04-22 03:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-05-09 00:07 - 2018-04-22 03:27 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-05-09 00:07 - 2018-04-22 03:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-09 00:07 - 2018-04-22 03:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-09 00:07 - 2018-04-22 03:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-05-09 00:07 - 2018-04-22 03:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-05-09 00:07 - 2018-04-22 03:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-09 00:07 - 2018-04-22 03:18 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-09 00:07 - 2018-04-22 03:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-05-09 00:07 - 2018-04-22 03:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-05-09 00:07 - 2018-04-22 03:08 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-05-09 00:07 - 2018-04-22 03:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-09 00:07 - 2018-04-22 03:07 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-05-09 00:07 - 2018-04-22 03:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-09 00:07 - 2018-04-22 03:04 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-05-09 00:07 - 2018-04-22 03:04 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-09 00:07 - 2018-04-22 03:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-05-09 00:07 - 2018-04-22 03:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-05-09 00:07 - 2018-04-22 03:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-05-09 00:07 - 2018-04-22 03:02 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-09 00:07 - 2018-04-22 03:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-09 00:07 - 2018-04-22 03:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-09 00:07 - 2018-04-22 03:00 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-05-09 00:07 - 2018-04-22 02:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-05-09 00:07 - 2018-04-22 02:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-05-09 00:07 - 2018-04-22 02:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-05-09 00:07 - 2018-04-22 02:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-09 00:07 - 2018-04-22 02:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-09 00:07 - 2018-04-22 02:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-05-09 00:07 - 2018-04-22 02:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-09 00:07 - 2018-04-22 02:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-09 00:07 - 2018-04-22 02:49 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-09 00:07 - 2018-04-22 02:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-09 00:07 - 2018-04-22 02:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-09 00:07 - 2018-04-22 02:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-05-09 00:07 - 2018-04-22 02:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-05-09 00:07 - 2018-04-22 02:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-05-09 00:07 - 2018-04-22 02:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-09 00:07 - 2018-04-22 02:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-05-09 00:07 - 2018-04-22 02:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-05-09 00:07 - 2018-04-22 02:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-09 00:07 - 2018-04-22 02:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-09 00:07 - 2018-04-22 02:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-05-09 00:07 - 2018-04-22 02:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-09 00:07 - 2018-04-22 02:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-09 00:07 - 2018-04-22 02:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-09 00:07 - 2018-04-22 02:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-09 00:07 - 2018-04-22 02:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-09 00:07 - 2018-04-22 02:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-09 00:07 - 2018-04-22 02:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-05-09 00:07 - 2018-04-22 02:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-09 00:07 - 2018-04-22 02:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-09 00:07 - 2018-04-22 02:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-09 00:07 - 2018-04-22 02:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-09 00:07 - 2018-04-22 02:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-09 00:07 - 2018-04-18 12:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-09 00:07 - 2018-04-18 12:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-05-09 00:07 - 2018-04-18 11:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-09 00:07 - 2018-04-18 11:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-05-09 00:07 - 2018-04-18 11:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-05-09 00:07 - 2018-04-18 11:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-05-09 00:07 - 2018-04-11 12:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-05-09 00:07 - 2018-04-11 12:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-09 00:07 - 2018-04-11 12:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-05-09 00:07 - 2018-04-11 12:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-09 00:07 - 2018-04-10 15:45 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-09 00:07 - 2018-04-10 12:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-05-09 00:07 - 2018-04-10 12:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-05-09 00:07 - 2018-04-10 12:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-09 00:07 - 2018-04-10 12:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-05-09 00:07 - 2018-04-10 12:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-09 00:07 - 2018-04-10 12:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-05-09 00:07 - 2018-04-10 12:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-05-09 00:07 - 2018-04-10 11:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-09 00:07 - 2018-04-10 11:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-05-09 00:07 - 2018-04-10 11:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-05-09 00:07 - 2018-04-10 11:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-09 00:07 - 2018-04-07 12:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-05-09 00:07 - 2018-03-18 18:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-09 00:07 - 2018-03-18 18:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-09 00:07 - 2018-03-14 13:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-05-09 00:07 - 2018-03-14 13:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-05-09 00:07 - 2018-03-14 13:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-05-09 00:07 - 2018-03-14 13:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-05-09 00:07 - 2018-03-14 13:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-05-09 00:07 - 2018-03-14 12:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-09 00:07 - 2018-03-14 12:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-05-09 00:07 - 2018-03-14 12:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-05-09 00:07 - 2018-03-14 12:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-05-09 00:07 - 2018-03-14 12:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-09 00:07 - 2018-03-14 12:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-09 00:07 - 2018-03-14 12:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-05-09 00:07 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-05-09 00:07 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-05-09 00:07 - 2018-03-14 12:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-05-09 00:07 - 2018-03-14 12:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-05-08 12:10 - 2018-05-08 12:11 - 232390207 _____ C:\Users\Ann2\Downloads\Last.Week.Tonight.With.John.Oliver.S05E10.HDTV.x264-UAV.mkv
2018-05-07 10:28 - 2018-05-07 10:32 - 546374863 _____ C:\Users\Ann2\Downloads\EverythingButt.18.05.04.Ariel.X.And.Maya.Kendrick.XXX.SD.MP4-KLEENEX.mp4
2018-05-06 20:41 - 2018-05-06 20:52 - 1384511707 _____ C:\Users\Ann2\Downloads\saturday.night.live.s43e21.720p.web.x264-tbs[ettv].mkv
2018-05-03 18:39 - 2018-05-03 18:41 - 249890785 _____ C:\Users\Ann2\Downloads\Chicago.PD.S05E21.HDTV.x264-KILLERS.mkv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-31 15:52 - 2009-07-13 22:34 - 020447232 _____ C:\Windows\system32\config\HARDWARE
2018-05-31 15:45 - 2009-07-14 00:45 - 000021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-31 15:45 - 2009-07-14 00:45 - 000021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-31 15:43 - 2014-05-12 00:54 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2018-05-31 15:35 - 2016-11-18 18:55 - 000000000 ____D C:\Users\Ann2\AppData\LocalLow\Mozilla
2018-05-31 15:33 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-31 14:25 - 2017-01-25 20:12 - 000000000 ____D C:\Users\postgres.Ann2-PC
2018-05-31 14:19 - 2018-04-04 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2018-05-31 14:19 - 2018-04-04 11:44 - 000000000 ____D C:\Program Files\KMSpico
2018-05-31 12:55 - 2009-07-14 01:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-31 12:55 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-05-31 10:40 - 2017-09-12 15:44 - 000000000 ____D C:\Users\Ann2\Downloads\Nuance Dragon NaturallySpeaking 13.00.000.525 Premium-[FirstUploads]
2018-05-31 10:14 - 2014-07-23 16:14 - 000000000 ____D C:\Users\Ann2
2018-05-31 00:46 - 2009-07-14 01:08 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-05-30 23:44 - 2016-05-30 15:07 - 000000000 ____D C:\Users\Ann2\AppData\Roaming\qBittorrent
2018-05-30 16:45 - 2009-07-14 01:32 - 000032768 _____ C:\Windows\system32\config\BCD-Template
2018-05-30 15:56 - 2016-12-06 16:55 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-30 15:50 - 2017-01-28 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-30 15:49 - 2017-08-25 19:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-30 13:17 - 2015-03-21 13:32 - 000000000 ____D C:\Users\Ann2\AppData\Local\CrashDumps
2018-05-29 11:54 - 2016-05-30 16:12 - 000000000 ____D C:\ProgramData\TEMP
2018-05-29 11:39 - 2016-05-30 16:16 - 000001395 _____ C:\Users\Ann2\AppData\Roaming\SAS7_000.DAT
2018-05-29 07:43 - 2016-05-29 20:03 - 000000000 ____D C:\Users\Ann2\AppData\Roaming\vlc
2018-05-27 13:51 - 2015-05-22 19:09 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-05-27 13:50 - 2015-05-22 19:09 - 000000000 ____D C:\ProgramData\Apple
2018-05-25 14:53 - 2016-05-29 21:59 - 000000000 ____D C:\Users\Ann2\Desktop\Mark Smith
2018-05-25 10:32 - 2016-05-29 18:10 - 000000000 ____D C:\Users\Ann2\Desktop\ahk
2018-05-24 13:57 - 2016-08-10 00:37 - 000000000 ____D C:\AmericasCardroom
2018-05-24 13:57 - 2016-08-10 00:23 - 000000000 ____D C:\Users\Ann2\AppData\Roaming\HoldemManager
2018-05-11 23:07 - 2011-02-10 12:10 - 000775728 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-10 14:43 - 2017-11-16 18:07 - 000000000 ____D C:\Program Files (x86)\Holdem Manager 2
2018-05-09 04:02 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-05-09 03:24 - 2009-07-14 00:45 - 000456496 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-09 03:04 - 2014-11-29 11:58 - 000000000 ____D C:\Windows\system32\MRT
2018-05-09 03:01 - 2017-10-10 22:19 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-09 03:00 - 2014-11-29 11:58 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2018-05-29 07:09 - 2018-05-28 05:59 - 004279968 _____ (NeoSoft Tools                                               ) C:\Users\Ann2\AppData\Roaming\ctask.exe
2016-05-30 16:16 - 2018-05-29 11:39 - 000001395 _____ () C:\Users\Ann2\AppData\Roaming\SAS7_000.DAT
2016-10-31 14:50 - 2016-10-31 14:50 - 000007597 _____ () C:\Users\Ann2\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-10-02 15:59 - 2017-10-02 15:59 - 000290304 _____ (Microsoft Corporation) C:\Users\Ann2\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2014-07-24 18:40 - 2014-07-24 18:40 - 019178160 _____ (Adobe Systems Incorporated) C:\Users\Ann2\AppData\Local\Temp\fp_pl_pfs_installer.exe
2016-03-23 22:27 - 2016-03-23 22:27 - 000736320 _____ (Oracle Corporation) C:\Users\Ann2\AppData\Local\Temp\jre-8u77-windows-au.exe
2015-06-04 06:45 - 2015-06-04 06:45 - 000119312 _____ (McAfee, Inc.) C:\Users\Ann2\AppData\Local\Temp\McCSPInstall.dll
2017-05-29 13:30 - 2015-06-04 06:45 - 000161528 _____ (McAfee Inc.) C:\Users\Ann2\AppData\Local\Temp\mccspuninstall.exe
2010-07-23 05:47 - 2010-07-23 05:47 - 000868752 _____ (CANON INC.) C:\Users\Ann2\AppData\Local\Temp\MSETUP4.EXE
2016-05-29 18:10 - 2016-05-29 18:10 - 004211112 _____ () C:\Users\Ann2\AppData\Local\Temp\npp.6.9.2.Installer.exe
2017-08-21 09:05 - 2017-08-21 09:05 - 000000000 _____ () C:\Users\Ann2\AppData\Local\Temp\npp.7.4.2.Installer.exe
2006-10-28 01:28 - 2006-10-28 01:28 - 000145184 ____R (Microsoft Corporation) C:\Users\Ann2\AppData\Local\Temp\ose00000.exe
2018-05-29 18:27 - 2018-05-29 18:27 - 013133460 _____ () C:\Users\Ann2\AppData\Local\Temp\setup.dll
2017-09-02 13:48 - 2017-09-02 13:49 - 014456872 _____ (Microsoft Corporation) C:\Users\Ann2\AppData\Local\Temp\vc_redist.x86.exe
2015-08-02 19:58 - 2015-08-02 19:58 - 000118784 _____ () C:\Users\Ann2\AppData\Local\Temp\xmlUpdater.exe
2015-12-11 18:43 - 2015-12-11 18:43 - 000833504 _____ (Yahoo! Inc.) C:\Users\Ann2\AppData\Local\Temp\ytb.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\atmybehl.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-05-28 00:34

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Ann2 (31-05-2018 15:52:50)
Running from C:\Users\Ann2\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-23 20:14:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2536185707-2510705283-2797590743-500 - Administrator - Disabled)
Guest (S-1-5-21-2536185707-2510705283-2797590743-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2536185707-2510705283-2797590743-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AutoHotkey 1.1.24.02 (HKLM\...\AutoHotkey) (Version: 1.1.24.02 - Lexikos)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKU\S-1-5-21-2536185707-2510705283-2797590743-1000\...\Brave) (Version: 0.13.4 - Brave Software)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
DDS Converter 2.1 (HKLM-x32\...\DDS Converter 2.1) (Version:  - )
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.62 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java SE Development Kit 8 Update 92 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180920}) (Version: 8.0.920.14 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2536185707-2510705283-2797590743-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetBeans IDE 8.1 (HKLM\...\nbi-nb-base-8.1.0.0.201510222201) (Version: 8.1 - NetBeans.org)
Node.js (HKLM\...\{4219DF19-09C9-47A4-88C0-49778E491E54}) (Version: 8.9.4 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
qBittorrent 3.3.6 (HKLM-x32\...\qBittorrent) (Version: 3.3.6 - The qBittorrent project)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
SciTE4AutoHotkey v3.0.06.01 (HKLM-x32\...\SciTE4AutoHotkey) (Version: v3.0.06.01 - fincs)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2536185707-2510705283-2797590743-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Ann2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-05-31] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2013-07-02] (Qualcomm®Atheros®)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2013-07-02] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-22] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-05-31] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BB97849-65CD-4604-8893-186E733E3C90} - System32\Tasks\{6DED5589-8699-4591-BC66-26D5F1647829} => C:\AmericasCardroom\AmericasCardroom.exe [2018-05-10] (IGSoft Ltd.)
Task: {1A8A95D5-F0B0-44E3-9B15-0CA7017A36FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-30] (Google Inc.)
Task: {24DB2372-C9BA-4C71-B8EB-7DEDAE902BCC} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {5A3BCBD8-557A-4634-A44C-B6A0AAC3B4F4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
Task: {77738776-7BD2-47DC-B0D5-AE4DD2AB4CF0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {8105A200-B753-4254-A228-8E10B917536E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-08] (Microsoft Corporation)
Task: {984BFA06-EC20-4575-B400-71AE96693A6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-30] (Google Inc.)
Task: {BE847E9D-640C-4920-9E0C-5375291362CD} - System32\Tasks\falloutfallout => C:\Program Files (x86)\Paperclip\sus.exe [2018-05-29] ()
Task: {D0C22FB0-31E8-411E-9AC5-404327F18145} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
Task: {EBA34382-3BC6-44B8-8C63-0930782FC2B6} - System32\Tasks\fallout => C:\Program Files (x86)\Paperclip\sus.exe [2018-05-29] ()
Task: {F81F307F-29DC-45FF-ADDA-7BDBFFD91CFD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {F9939C99-3F97-43A5-AC9A-AE7F800B4174} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-29 21:56 - 2018-05-31 15:33 - 000188928 _____ () C:\Windows\System32\iTranslator.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 001346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-08-23 08:06 - 2017-12-19 06:05 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-05-12 00:54 - 2013-08-18 21:21 - 000020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-05-12 00:54 - 2013-08-18 21:21 - 000019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2018-05-29 19:24 - 2018-05-29 19:24 - 000078268 _____ () C:\Program Files (x86)\Paperclip\sus.exe
2013-07-02 10:51 - 2013-07-02 10:51 - 000086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-05-12 00:54 - 2013-11-21 05:22 - 000484880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2017-01-25 20:11 - 2014-07-22 05:00 - 000172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2017-01-25 20:11 - 2012-08-14 09:19 - 000999424 _____ () c:\postgreSQL\bin\libxml2.dll
2014-05-12 00:41 - 2013-12-09 18:27 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-05-12 00:54 - 2013-11-21 03:00 - 001904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-05-12 00:54 - 2012-11-25 10:20 - 001153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-05-12 00:54 - 2012-11-25 10:20 - 000117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [147]
AlternateDataStreams: C:\Users\Ann2\Desktop\ahk:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Ann2\Desktop\Mark Smith:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Ann2\Desktop\music:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2018-05-31 10:40 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2536185707-2510705283-2797590743-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ann2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EADFFE4A-5E79-405E-A9C5-98CA4D9D0690}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{44E14560-7838-4453-987D-73EF036F581B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8A98D5D4-639D-48AC-BF31-38AE09D2ABE2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{F3602031-FF8C-4D2C-A07C-885D34A2008B}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{F5B1F4BA-BFB9-4912-A42C-9F7D433F9A81}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{10C5B5B4-77BF-40D7-B811-2285EE1ABA7A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ivory Tower\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{E1CE4412-84FA-4F65-9697-BB40DB35596B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ivory Tower\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [TCP Query User{3C362E4C-DDFC-4544-9161-6824F17AD0A8}C:\users\ann2\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\ann2\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B4E2BD72-A8BF-4D02-95A0-5638B0699A09}C:\users\ann2\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\ann2\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{C6DCD334-A850-4F5C-8A38-F7F9DCA1A6B8}] => (Allow) C:\Users\Ann2\AppData\Local\Temp\nsz3449.tmp\Installer-75221696.exe
FirewallRules: [{0B37CD49-FDCB-48BD-865D-9CF272553C23}] => (Allow) C:\Users\Ann2\AppData\Local\Temp\nsz3449.tmp\Installer-75221696.exe
FirewallRules: [TCP Query User{462E2B1F-FE1E-4DB4-A6A0-E380E813A35F}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{02606F6B-E770-46B1-B736-448743F1D881}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{D19824FF-5813-48D8-9132-38EEDFFE9E59}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{721DC773-7311-446D-9A07-3AEC8FDADBBE}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{C474F7B4-1E22-4D90-87EC-935FE54D7E55}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{DF96C23A-3E42-44F9-BB3F-5C28C0953EBB}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{0A1EBD25-F0C4-4760-83D5-B12BD7F06EFC}C:\users\ann2\appdata\local\temp\rar$exa0.475\files\bin\kmss.exe] => (Allow) C:\users\ann2\appdata\local\temp\rar$exa0.475\files\bin\kmss.exe
FirewallRules: [UDP Query User{AE4EFE19-03CE-426C-90CE-5B7DB243B7DF}C:\users\ann2\appdata\local\temp\rar$exa0.475\files\bin\kmss.exe] => (Allow) C:\users\ann2\appdata\local\temp\rar$exa0.475\files\bin\kmss.exe
FirewallRules: [{457F1114-3273-418E-978D-7EB28E6F6344}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{0A0B94DE-CD44-4B58-AEDF-CD8CC9555B1C}C:\windows\files\bin\kmss.exe] => (Block) C:\windows\files\bin\kmss.exe
FirewallRules: [UDP Query User{B40EBE03-9FC1-4976-89F5-06DC904FF4B3}C:\windows\files\bin\kmss.exe] => (Block) C:\windows\files\bin\kmss.exe
FirewallRules: [{E1C36A77-BA64-4713-915F-80E12DE8AD53}] => (Allow) LPort=5432
FirewallRules: [{DA2699A1-30A5-4CF3-B506-888358730F78}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D142E8DC-7CBF-4EF2-AC52-2E38C1522FB7}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{5975BCCA-C710-43BB-8863-9D41657DCA06}C:\program files\java\jdk1.8.0_92\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_92\bin\jmc.exe
FirewallRules: [UDP Query User{C8395C00-52AC-469A-B210-5783094B33A2}C:\program files\java\jdk1.8.0_92\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_92\bin\jmc.exe
FirewallRules: [TCP Query User{652F9D13-87A5-4C91-B442-92976172CD24}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B7679519-B1C1-4F76-B6E4-3C2221AB00C9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3C07F1B4-3841-40F7-914B-00ADC0278E0B}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{5FD0DAE0-0A11-4D28-BA74-C2DAC9E626DE}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{617BF86B-55EE-40CB-979A-6C419F590B1C}] => (Allow) LPort=51001
FirewallRules: [{D83D1354-FBF0-4D35-A2ED-56C54EA8E1B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{00D7E1BA-6C2F-4727-8E1C-A26E551A5D8E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{612FD5F5-B65D-4575-A3F4-6642729DDB57}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{72956E86-F5E1-4AB4-A4AF-7907BF484BBF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{39FCDD7B-F9C6-40A1-918D-B4D77AEF0815}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8D3B2903-3E13-4CD8-B9E5-6477CB705E30}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E8EDEF84-727D-49C1-A0F3-69F9165A4CD3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E796E16E-793F-4398-97AA-3CA742CF928C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5E2A6422-F76F-48C6-9FD7-282A7CD55697}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA48A009-6FD1-487C-9C3B-0817D4296866}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0681FE6E-1310-414A-A25E-E4FD25613F25}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{764A2EDC-AF06-48A4-A16E-4AE23207E49A}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{71016A66-F317-46CF-9B19-D01DBF97ED82}] => (Allow) C:\Program Files (x86)\Bergin\Yoh.exe
FirewallRules: [{34352FB7-5B67-4C41-8B3D-A2349DB80938}] => (Allow) C:\Program Files (x86)\Sacks\Yoh.exe
FirewallRules: [{630B9832-2674-4865-B635-0321FA393A73}] => (Allow) C:\Program Files (x86)\arranged\Pergola.exe
FirewallRules: [{7921DD4C-72DF-4BFF-B8F7-444F3BB5B997}] => (Allow) C:\Program Files (x86)\Sacks\Pergola.exe
FirewallRules: [{C4DD70B2-CD60-4D5E-8237-9A0E8DCB6169}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{310CD574-41DA-441D-BB11-2A2CB518C8B4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{672F7E0B-CB21-4E0A-984D-DAEDF289F5BA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

31-05-2018 14:19:01 Checkpoint by HitmanPro
31-05-2018 14:19:32 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2018 03:35:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/31/2018 02:26:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/31/2018 02:25:14 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2018-05-31 14:25:14 EDTFATAL:  the database system is starting up

Error: (05/31/2018 02:25:13 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2018-05-31 14:25:13 EDTFATAL:  the database system is starting up

Error: (05/31/2018 02:01:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/31/2018 02:00:27 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2018-05-31 14:00:27 EDTFATAL:  the database system is starting up

Error: (05/31/2018 12:50:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/31/2018 12:48:59 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2018-05-31 12:48:59 EDTFATAL:  the database system is starting up


System errors:
=============
Error: (05/31/2018 03:37:31 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6F9E917F-ADF5-4EA0-B2DA-DA5966BC9188}.
The backup browser is stopping.

Error: (05/31/2018 03:37:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/31/2018 03:37:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.

Error: (05/31/2018 02:30:35 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.8 Crusader (Boot) service terminated with service-specific error The operation completed successfully.
.

Error: (05/31/2018 02:28:53 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6F9E917F-ADF5-4EA0-B2DA-DA5966BC9188}.
The backup browser is stopping.

Error: (05/31/2018 02:28:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/31/2018 02:28:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.

Error: (05/31/2018 02:26:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Windows Defender:
===================================
Date: 2018-05-29 21:49:28.813
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload&threatid=17567
Name:TrojanDownloader:Win32/Adload
ID:17567
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\Ann2\Downloads\iTunes 10.7.0.21 Windows 64-bit [Best Version to Date]\iTunes 10.7.0.21 Windows 64-bit [Best Version to Date].exe;process:pid:7016
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2018-05-29 21:49:14.014
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload&threatid=17567
Name:TrojanDownloader:Win32/Adload
ID:17567
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\Ann2\Downloads\iTunes 10.7.0.21 Windows 64-bit [Best Version to Date]\iTunes 10.7.0.21 Windows 64-bit [Best Version to Date].exe
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G3240 @ 3.10GHz
Percentage of memory in use: 76%
Total physical RAM: 4012.95 MB
Available physical RAM: 931.9 MB
Total Virtual: 8024.06 MB
Available Virtual: 4044.64 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:441.5 GB) (Free:129.3 GB) NTFS ==>[drive with boot components (obtained from BCD)]

\\?\Volume{097e9444-da0c-11e3-9fef-806e6f6e6963}\ () (Fixed) (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 245BD617)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=24.2 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=441.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Thank you for your help. 


Edited by JSntgRvr, 01 June 2018 - 03:29 PM.
Removed Profile at the user's request


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:05 AM

Posted 31 May 2018 - 07:55 PM

Welcome.
 
You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file [attachment=204878:Fixlist.txt] and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
    • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
      • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
      • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums
      • After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.
      • On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • First press the Scan button. That will deactivate the rootkit. Once the scan is finished, press the Fix button
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply

Once finished in the Recovery Environment, restart the computer in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 marksmith7

marksmith7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 31 May 2018 - 08:56 PM

edited


Edited by marksmith7, 01 June 2018 - 03:11 PM.


#4 marksmith7

marksmith7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 31 May 2018 - 08:58 PM

Edited


Edited by marksmith7, 01 June 2018 - 03:08 PM.


#5 marksmith7

marksmith7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 31 May 2018 - 09:07 PM

It looks like that may have fixed it, but I am not certain.  On Windows Task Manager it was showing two instances of client that I could not close out before, but now they are gone.  In the processes tab it is still showing sus.exe and I am not sure what that is.  Also my Firefox browser is still really slow to start up.  Is there any way from the log files if you can tell if its fixed?  Should I run malwarebytes again?



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:05 AM

Posted 01 June 2018 - 07:52 AM

Nice logs.
  • Highlight the entire content of the quote box below.

Start::  
C:\Windows\b23800226
C:\ProgramData\itranslator
C:\Windows\iTranslator
2018-05-29 21:55 - 2018-05-29 21:55 - 000000000 ____D C:\Windows\SysWOW64\mbbtcos
2018-05-29 21:55 - 2018-05-29 21:55 - 000000000 ____D C:\Windows\system32\mbbtcos
2018-05-29 21:54 - 2018-05-29 21:54 - 000000000 ____D C:\Users\Ann2\AppData\Roaming\et
2018-05-29 21:53 - 2018-05-29 21:53 - 000003724 _____ C:\Windows\System32\Tasks\fallout
C:\Windows\System32\Tasks\falloutfallout
R2 postgresql-8.4; "c:\postgreSQL\bin\pg_ctl.exe" runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X] <==== ATTENTION
R4 NetfilterSvc; \??\C:\Windows\iNetfilterSvc [X]
S4 phrkid; System32\drivers\avekplis.sys [X]
U0 smlaekw; system32\drivers\atmuxaeh.sys [X]
S3 wwzzzd; system32\drivers\qqtttw.sys [X]
FirewallRules: [{457F1114-3273-418E-978D-7EB28E6F6344}] => (Allow) LPort=51001
FirewallRules: [{E1C36A77-BA64-4713-915F-80E12DE8AD53}] => (Allow) LPort=5432
FirewallRules: [{617BF86B-55EE-40CB-979A-6C419F590B1C}] => (Allow) LPort=51001
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
C:\Users\Ann2\AppData\Local\wdbkuvx
2018-05-31 10:26 - 2018-05-31 10:26 - 000000000 ____D C:\Users\Ann2\AppData\Local\wdeazck
C:\Users\Ann2\AppData\Local\wmcagent
2018-05-31 07:24 - 2018-05-31 07:24 - 000000000 ____D C:\Users\Ann2\AppData\Local\nikxosz
C:\Program Files (x86)\Paperclip
Task: {EBA34382-3BC6-44B8-8C63-0930782FC2B6} - System32\Tasks\fallout => C:\Program Files (x86)\Paperclip\sus.exe [2018-05-29] ()
Task: {BE847E9D-640C-4920-9E0C-5375291362CD} - System32\Tasks\falloutfallout => C:\Program Files (x86)\Paperclip\sus.exe [2018-05-29] ()
C:\Program Files (x86)\Paperclip
C:\n7z77vlg0tndtoe
C:\Users\Ann2\AppData\Local\msswxlg
Unlock: HKLM\System\CurrentControl\Services\iTranslatorSvc
reg: reg delete HKLM\System\CurrentControl\Services\iTranslatorSvc
R2 postgresql-8.4; "c:\postgreSQL\bin\pg_ctl.exe" runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X] <==== ATTENTION
U5 iTranslatorSvc;  <==== ATTENTION: Locked Service
Task: {24DB2372-C9BA-4C71-B8EB-7DEDAE902BCC} - \AutoPico Daily Restart -> No File <==== ATTENTION
C:\Users\Ann2\AppData\Local\iamougb
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
Task: {24DB2372-C9BA-4C71-B8EB-7DEDAE902BCC} - \AutoPico Daily Restart -> No File <==== ATTENTION
2018-05-31 16:41 - 2018-05-31 16:41 - 000000000 ____D C:\Users\Ann2\AppData\Local\iamougb
FirewallRules: [{C6DCD334-A850-4F5C-8A38-F7F9DCA1A6B8}] => (Allow) C:\Users\Ann2\AppData\Local\Temp\nsz3449.tmp\Installer-75221696.exe
C:\Users\Ann2\AppData\Local\Temp\nsz3449.tmp\Installer-75221696.exe
2018-05-30 23:33 - 2018-05-30 23:33 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ann2\Downloads\avg_antivirus_free_setup.exe
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
 
RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log
  • Copy/pasted Fixlog.txt log

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 marksmith7

marksmith7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 01 June 2018 - 09:33 AM

Edited


Edited by marksmith7, 01 June 2018 - 03:08 PM.


#8 marksmith7

marksmith7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 01 June 2018 - 09:35 AM

Sus.exe is no longer running in task manager.  Do you think all the malware is gone? 



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:05 AM

Posted 01 June 2018 - 03:01 PM

That is what it seems, congratulations.

Use this application to remove quarantined items:

Please download DelFix by Xplode and save to your Desktop.
  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)
Since there are no signs of infection anymore , I guess we're done here.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system.Keeping your programs up-to-date

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :Best regards. :)

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 marksmith7

marksmith7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 01 June 2018 - 03:15 PM

That is what it seems, congratulations.

Use this application to remove quarantined items:

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)
Since there are no signs of infection anymore , I guess we're done here.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. Keeping your programs up-to-date

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few: As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices : Best regards. :)

 

Thank you for your help (paypal sent).  Is there anyway I can edit the original post.  I'm not comfortable leaving the logs up there publicly. 



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:05 AM

Posted 01 June 2018 - 03:30 PM

Removed profiles. Will that be OK?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 marksmith7

marksmith7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 01 June 2018 - 03:34 PM

Removed profiles. Will that be OK?

That works.  Thanks again for all your help. 



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:05 AM

Posted 01 June 2018 - 03:36 PM

You are welcome. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:05 AM

Posted 01 June 2018 - 03:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users