Премини към съдържанието

v3cko

Потребител
  • Публикации

    56
  • Регистрация

Харесвания

5 Неутрална репутация

Всичко за v3cko

  • Титла
    Редовен потребител
  • Рожден ден 14.07.1977

Информация

  • Пол
    Мъж
  • Град
    Троян

Последни посетители

975 прегледа на профила
  1. v3cko

    Поддръжка в Уин 8.1

    При мен продължава вече 5-ти ден, не съм изключвал лаптопа като се надявах да си свърши работата и да спре.
  2. v3cko

    Поддръжка в Уин 8.1

    Здравейте , от 4 дена ми върви работа по поддръжката (прилагам снимки)- един път ги спрях и един път рестартирах лаптопа но след около два часа пак започна .Въпроса ми е защо продължава вече 4 дена?
  3. Благодаря , приятна и на вас
  4. Програмата зависна за около 30 мин. и след това изписа програмата не отговаря и се наложи да я стартирам наново # Run at 3.3.2020 'г.' 19:46:43 # KpRm (Kernel-panik) version 2.8 # Website https://kernel-panik.me/tool/kprm/ # Run by ВЕСКО from C:\Users\ВЕСКО\Downloads # Computer Name: PAPA # OS: Windows 8.1 X64 (9600) # Number of passes: 2 - Checked options - ~ Registry Backup ~ Delete Tools ~ Restore System Settings ~ UAC Restore ~ Delete Restore Points ~ Create Restore Point ~ Delete Quarantines - Create Registry Backup - ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up ~ [OK] Hive C:\Users\ВЕСКО\NTUSER.dat backed up [OK] Registry Backup: C:\KPRM\backup\2020-03-03-19-46-43 - Delete Tools - ## ESET Online Scanner [OK] C:\Users\ВЕСКО\AppData\Local\ESET\ESETOnlineScanner deleted ## FRST [OK] C:\FRST deleted - Restore System Settings - [OK] Reset WinSock [OK] FLUSHDNS [OK] Hide Hidden file. [OK] Show Extensions for known file types [OK] Hide protected operating system files - Restore UAC - [OK] Set EnableLUA with default (1) value [OK] Set ConsentPromptBehaviorAdmin with default (5) value [OK] Set ConsentPromptBehaviorUser with default (3) value [OK] Set EnableInstallerDetection with default (0) value [OK] Set EnableSecureUIAPaths with default (1) value [OK] Set EnableUIADesktopToggle with default (0) value [OK] Set EnableVirtualization with default (1) value [OK] Set FilterAdministratorToken with default (0) value [OK] Set PromptOnSecureDesktop with default (1) value [OK] Set ValidateAdminCodeSignatures with default (0) value - Clear Restore Points - ~ [OK] RP named KpRm created at 03/03/2020 16:57:14 deleted [OK] All system restore points have been successfully deleted - Create Restore Point - [OK] System Restore Point created - Display System Restore Point - ~ RP named KpRm created at 03/03/2020 17:47:13 -- KPRM finished in 90.42s --
  5. Възможно е ,но досега не е показвало реклами . BitTorrent винаги ми е вкарвало това приложение.... и винаги ъпделтите са ми спряни - пускам само ако възникне проблем
  6. Програмата аз съм я инсталирал , позната ми е https://www.virustotal.com/gui/file/9e72384e18640eca6de036541b89747e739517687c536b3348fced709a1d849c/detection https://www.virustotal.com/gui/file/2b3bab861ea24115fa62a6873b16197dd8a8309183ec297bf8b8fc9473bc4d86/detection https://www.virustotal.com/gui/file/473c7991cfcc0660f19751dc5940939b3ca8f94e234c2bd996b5aa72880b1c19/detection 3.3.2020 г. 17:54:29 Сканирани файлове: 372010 Открити файлове: 3 Почистени файлове: 3 Общо време на сканиране 02:43:51 Състояние на сканиране: Готово C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\updates\7.10.5_45496.exe вариант на Win32/uTorrent.C потенциално нежелано приложение почистен чрез изтриване C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe вариант на Win32/uTorrent.C потенциално нежелано приложение почистен чрез изтриване C:\Users\ВЕСКО\Downloads\BitTorrent.exe вариант на Win32/uTorrent.C потенциално нежелано приложение,вариант на Win32/WebCompanion.B потенциално нежелано приложение почистен чрез изтриване
  7. Здравейте , нямам оплаквания просто искам да направя профилактична проверка Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020 Ran by ВЕСКО (administrator) on PAPA (Hewlett-Packard HP EliteBook 6930p) (02-03-2020 14:47:25) Running from C:\Users\ВЕСКО\Downloads Loaded Profiles: ВЕСКО (Available Profiles: ВЕСКО) Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avago Technologies U.S. Inc. -> LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (PLARIUM GLOBAL LTD. -> ) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\TrayPP.exe (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe (SafeIP) [File not signed] C:\Program Files (x86)\SafeIP\SafeIPS.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> ) HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.122\Installer\chrmstp.exe [2020-02-24] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {265168EC-659E-486F-A588-95AEB76ABA97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-12] (Adobe Inc. -> Adobe) Task: {55DBABF8-7CBC-45AD-AA41-0CDE6FC314AF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd) Task: {5CB506C8-E8D6-4C56-AF40-B3D478C337CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) Task: {6B9E0AD0-AB0C-4380-A4C4-DCAD81DBD548} - System32\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {87935F6A-A2F4-4866-A907-C7CD2C7A0A21} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {A843C120-2505-4293-BDFD-A29A24C02977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC) Task: {ACA797F2-DFAE-40E9-A1A1-F0FF47044B6A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_pepper.exe [1453624 2020-02-12] (Adobe Inc. -> Adobe) Task: {BC7D6B7B-03DE-4E5D-A1B5-62B9B694C8C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9 16 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9-x64 16 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed] Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A7FF16DF-7DC1-437C-8A22-C8C6BDC82A48}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-02-16 08:34:09&bName= SearchScopes: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms} Chrome: ======= CHR Profile: C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default [2020-03-02] CHR Notifications: Default -> hxxps://realniistorii.com CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Extension: (Презентации) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-10] CHR Extension: (Документи) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-10] CHR Extension: (Google Диск) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-10] CHR Extension: (YouTube) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-10] CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-02-19] CHR Extension: (Таблици) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-10] CHR Extension: (Google Документи офлайн) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-09] CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2020-01-27] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04] CHR Extension: (Gmail) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-10] CHR Extension: (Chrome Media Router) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-20] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-04] (Avago Technologies U.S. Inc. -> LSI Corporation) S3 GameforgeClientService; C:\Program Files (x86)\GameforgeClient\gfservice.exe [529568 2020-02-12] (Gameforge 4D GmbH -> ) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-01-11] (Malwarebytes Inc -> Malwarebytes) R3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [4606976 2015-08-03] (SafeIP) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2019-08-11] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2019-08-11] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider) R3 HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [19000 2010-02-24] (Hewlett-Packard Company -> Hewlett-Packard Company) R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr.sys [18432 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Development Company, L.P.) R3 RICOH SmartCard Reader; C:\Windows\system32\DRIVERS\rismcx64.sys [79488 2006-10-03] (Microsoft Windows Hardware Compatibility Publisher -> RICOH Company, Ltd.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2019-08-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2019-08-11] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2019-08-11] (Microsoft Windows -> Microsoft Corporation) R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [221376 2019-08-11] (Microsoft Corporation -> Microsoft Corporation) S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-02 14:47 - 2020-03-02 14:48 - 000011911 _____ C:\Users\ВЕСКО\Downloads\FRST.txt 2020-03-02 14:47 - 2020-03-02 14:48 - 000000000 ____D C:\FRST 2020-03-02 14:37 - 2020-03-02 14:38 - 002279424 _____ (Farbar) C:\Users\ВЕСКО\Downloads\FRST64.exe 2020-02-22 06:34 - 2020-02-22 06:35 - 000000000 ____D C:\Program Files\CCleaner 2020-02-22 06:34 - 2020-02-22 06:34 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update 2020-02-22 06:34 - 2020-02-22 06:34 - 000002800 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC 2020-02-22 06:34 - 2020-02-22 06:34 - 000000834 _____ C:\Users\Public\Desktop\CCleaner.lnk 2020-02-22 06:34 - 2020-02-22 06:34 - 000000834 _____ C:\ProgramData\Desktop\CCleaner.lnk 2020-02-22 06:34 - 2020-02-22 06:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2020-02-22 06:33 - 2020-02-22 06:34 - 024581800 _____ (Piriform Software Ltd) C:\Users\ВЕСКО\Downloads\cctrialsetup.exe 2020-02-21 04:37 - 2020-02-21 04:56 - 000002456 _____ C:\Windows\SysWOW64\SafeIPSOff.ini 2020-02-21 04:37 - 2020-02-21 04:56 - 000002456 _____ C:\Windows\system32\SafeIPSOff.ini 2020-02-21 04:28 - 2020-02-21 04:28 - 000000995 _____ C:\Users\ВЕСКО\Desktop\SafeIP.lnk 2020-02-21 04:28 - 2020-02-21 04:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeIP 2020-02-21 04:28 - 2020-02-21 04:28 - 000000000 ____D C:\Program Files (x86)\SafeIP 2020-02-21 04:28 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\SysWOW64\SafeIPs.dll 2020-02-16 12:58 - 2020-02-16 12:58 - 000000000 ____D C:\Users\ВЕСКО\Downloads\Collection 2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\WinRAR 2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Program Files\WinRAR 2020-02-16 12:46 - 2020-02-16 12:46 - 003205888 _____ (Alexander Roshal) C:\Users\ВЕСКО\Downloads\winrar-x64-580.exe 2020-02-16 12:37 - 2020-02-16 12:37 - 000000000 ____D C:\Users\Public\Documents\Steam 2020-02-16 12:37 - 2020-02-16 12:37 - 000000000 ____D C:\ProgramData\Documents\Steam 2020-02-16 12:33 - 2020-02-16 12:33 - 000016499 _____ C:\Users\ВЕСКО\Downloads\Collection.torrent 2020-02-16 12:21 - 2020-02-16 12:33 - 000000000 ____D C:\Windows\SysWOW64\directx 2020-02-16 12:21 - 2020-02-16 12:21 - 000000000 ___HD C:\Windows\msdownld.tmp 2020-02-16 11:45 - 2020-02-16 11:45 - 000000000 ____D C:\Users\ВЕСКО\Documents\Lightshot 2020-02-16 11:43 - 2020-03-02 12:45 - 000000398 _____ C:\Windows\Tasks\update-sys.job 2020-02-16 11:43 - 2020-03-02 11:07 - 000000398 _____ C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job 2020-02-16 11:43 - 2020-02-16 11:43 - 000003268 _____ C:\Windows\system32\Tasks\update-sys 2020-02-16 11:43 - 2020-02-16 11:43 - 000003246 _____ C:\Windows\system32\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001 2020-02-16 11:43 - 2020-02-16 11:43 - 000000424 _____ C:\Users\ВЕСКО\AppData\Local\UserProducts.xml 2020-02-16 11:43 - 2020-02-16 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2020-02-16 11:43 - 2020-02-16 11:43 - 000000000 ____D C:\Program Files (x86)\Skillbrains 2020-02-16 11:41 - 2020-02-16 11:41 - 002784344 _____ (Skillbrains ) C:\Users\ВЕСКО\Downloads\setup-lightshot.exe 2020-02-16 11:00 - 2020-02-16 14:38 - 000000000 ____D C:\Games 2020-02-16 10:32 - 2020-02-22 06:37 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\BitTorrent 2020-02-16 10:32 - 2020-02-16 10:32 - 000000913 _____ C:\Users\ВЕСКО\Desktop\BitTorrent.lnk 2020-02-16 10:32 - 2020-02-16 10:32 - 000000893 _____ C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2020-02-16 10:30 - 2020-02-16 10:31 - 005077120 _____ (BitTorrent Inc.) C:\Users\ВЕСКО\Downloads\BitTorrent.exe 2020-02-16 10:29 - 2020-02-16 10:30 - 000018355 _____ C:\Users\ВЕСКО\Downloads\Euro Truck Simulator 2 v1.36.2.2s.torrent 2020-02-16 09:56 - 2020-02-16 10:13 - 2092624032 _____ C:\Users\ВЕСКО\Downloads\EuroTruckSimulator2_1_28_1_3_patch.exe 2020-02-14 17:23 - 2020-02-14 17:24 - 001018988 _____ C:\Users\ВЕСКО\Downloads\QTranslate.6.7.4.exe 2020-02-09 11:43 - 2020-02-09 11:43 - 001031213 _____ C:\Users\ВЕСКО\Downloads\05.02.2020_Списък_на_подлежащите_на_запечатване_търговски_обекти_и_тяхното_местонахождение.pdf 2020-02-09 07:55 - 2020-02-09 07:55 - 003045838 _____ C:\Users\ВЕСКО\Downloads\1dad5ad69c6d5c9593aff6de7ce2ae91.mp4 2020-02-09 07:55 - 2020-02-09 07:55 - 002747301 _____ C:\Users\ВЕСКО\Downloads\b073f119aaf0f65be906afc679159766.mp4 2020-02-09 07:54 - 2020-02-09 07:55 - 003781947 _____ C:\Users\ВЕСКО\Downloads\a4e3ac7ac21e72da14d0550abe14d173.mp4 2020-02-07 19:31 - 2020-02-07 19:31 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\ElevatedDiagnostics ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-02 14:45 - 2019-08-10 22:00 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2076816696-1300689269-2899885506-1001 2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\Users\Public\Desktop\Gameforge Client.url 2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Gameforge Client.url 2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\ProgramData\Desktop\Gameforge Client.url 2020-03-02 14:39 - 2019-12-01 14:43 - 000000000 ____D C:\Program Files (x86)\GameforgeClient 2020-03-02 08:40 - 2019-08-10 22:08 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{54DC4300-FD57-426E-B02E-B8CE96343A01} 2020-02-28 12:39 - 2019-08-10 22:03 - 000000000 ___DO C:\Users\ВЕСКО\SkyDrive 2020-02-28 12:38 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-02-28 12:37 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2020-02-28 01:00 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2020-02-25 18:01 - 2020-01-04 20:07 - 000000065 _____ C:\Users\ВЕСКО\Downloads\uopilot.ini 2020-02-24 21:44 - 2019-08-10 22:13 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-02-24 21:44 - 2019-08-10 22:13 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-02-24 21:44 - 2019-08-10 22:13 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-02-22 06:37 - 2019-10-10 03:14 - 000000000 ____D C:\Windows\Minidump 2020-02-22 06:37 - 2019-08-11 08:47 - 000000000 ____D C:\Windows\Panther 2020-02-16 12:33 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2020-02-14 17:24 - 2020-01-15 20:02 - 000001047 _____ C:\Users\ВЕСКО\Desktop\QTranslate.lnk 2020-02-12 04:05 - 2019-10-13 11:30 - 000004424 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-02-12 04:05 - 2019-10-13 11:30 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater 2020-02-12 04:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2020-02-12 04:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed 2020-02-05 02:36 - 2019-08-10 22:11 - 000003434 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2020-02-05 02:36 - 2019-08-10 22:11 - 000003306 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2020-02-01 06:12 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF 2020-02-01 03:03 - 2019-08-12 01:06 - 000000000 ____D C:\Users\ВЕСКО\AppData\LocalLow\Unity ==================== Files in the root of some directories ======== 2019-10-27 11:08 - 2019-10-27 11:08 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll 2019-10-27 11:08 - 2019-10-27 11:08 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll 2019-10-27 11:08 - 2019-10-27 11:08 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll 2019-10-27 11:08 - 2019-10-27 11:08 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll 2019-10-13 11:25 - 2019-10-13 11:24 - 051823104 _____ () C:\Program Files\Macromedia Captivate.msi 2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\AtStart.txt 2019-10-27 11:08 - 2019-10-27 11:08 - 000000556 _____ () C:\Users\ВЕСКО\AppData\Local\bowsakkdestx.txt 2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\DSwitch.txt 2019-08-10 22:45 - 2019-12-12 16:42 - 000039733 _____ () C:\Users\ВЕСКО\AppData\Local\PlariumPlay.log 2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\QSwitch.txt 2020-02-16 11:43 - 2020-02-16 11:43 - 000000003 _____ () C:\Users\ВЕСКО\AppData\Local\updater.log 2020-02-16 11:43 - 2020-02-16 11:43 - 000000424 _____ () C:\Users\ВЕСКО\AppData\Local\UserProducts.xml ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-02-28 01:00 ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020 Ran by ВЕСКО (02-03-2020 14:49:23) Running from C:\Users\ВЕСКО\Downloads Windows 8.1 Pro (Update) (X64) (2019-08-10 19:55:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2076816696-1300689269-2899885506-500 - Administrator - Disabled) Guest (S-1-5-21-2076816696-1300689269-2899885506-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2076816696-1300689269-2899885506-1003 - Limited - Enabled) ВЕСКО (S-1-5-21-2076816696-1300689269-2899885506-1001 - Administrator - Enabled) => C:\Users\ВЕСКО ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.330 - Adobe) BitTorrent (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\BitTorrent) (Version: 7.10.5.45496 - BitTorrent Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) Gameforge Client (HKLM-x32\...\{d3b2a0c1-f0d0-4888-ae0b-1c5e1febdafb}_is1) (Version: 2.0.51.124 - Gameforge) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.122 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company) Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains) LINE (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\LINE) (Version: 5.22.0.2111 - LINE Corporation) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) Metin2 ru-RU (HKLM-x32\...\{fab180a3-cd65-4b7e-bd0e-2ef77fd0c258.ru-RU}) (Version: - Gameforge) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Plarium Play (HKLM-x32\...\{4EE55C89-1180-4702-86C0-0E999BF691FD}) (Version: 5.1.0 - Plarium) Hidden Plarium Play (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\{1077884f-6e6c-4848-8a7c-9dec58d99637}) (Version: 5.1.0 - Plarium) QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden QTranslate 6.7.4 (HKLM-x32\...\QTranslate) (Version: 6.7.4 - QuestSoft) SafeIP (HKLM-x32\...\SAFEIP_is1) (Version: - SafeIP) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated) WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH) Packages: ========= Frameworkuapbase -> C:\Program Files\WindowsApps\48682KiddoTest.Frameworkuapbase_1.0.0.2_neutral__81ffpr532s7pc [2019-08-11] (KiddoTest) Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions Internal) Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions Internal) Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview.Internal_1.0.9385.3_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions) Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions) Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions) MSN Време -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.322_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] MSN Кулинария -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] MSN Пътуване -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] mxtest2 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.mxtest2_2.0.0.0_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha) Test_Framework_BP_052015 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBP052015_1.0.0.9_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha) Test_Framework_win81appxneutral_061115 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkwin81appxneutral06_4.0.0.7_neutral__x35ns48czryn0 [2019-08-11] (M1DF_Mmengesha) Test_FrameworkBackpublish_050515 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBackpublish050515_1.0.0.0_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha) Test_FrameworkProd_062215_01 -> C:\Program Files\WindowsApps\50856m1dfLL.TestFrameworkProd06221501_1.0.0.10_neutral__nwcxtg9ehxpvt [2019-08-11] (m1df_lucyll) TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2019-08-11] (vasetest101) Видео -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.802.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] Игри -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] Музика -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.2.800.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2019-08-15 04:28 - 2015-08-03 08:54 - 000547328 _____ (SafeIP) [File not signed] C:\Windows\system32\SafeIPs64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2019-12-06 18:21 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ВЕСКО\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run32: => "QlbCtrl.exe" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{90A6F7DD-E504-4409-ABEC-C48BCE0F48C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{75128495-E63B-4C18-86A2-FA3306C63C36}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not signed] FirewallRules: [UDP Query User{C5906F14-8730-4E59-AB30-06C67E9BC2EB}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not signed] FirewallRules: [{1BED8524-52DB-4260-8BBE-A881BD9D3E34}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{AA496B3E-2F6F-4807-965E-F158476BB027}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{A809C2BA-1C3A-4ECC-A381-6678FB2DAD54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 21-12-2019 21:54:55 Scheduled Checkpoint 20-01-2020 02:26:46 Scheduled Checkpoint 27-01-2020 03:35:29 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (03/02/2020 06:15:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAPA) Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/02/2020 06:15:56 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program WWAHost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d24 Start Time: 01d5f0493947cd5c Termination Time: 4294967295 Application Path: C:\Windows\System32\WWAHost.exe Report Id: 810a4bbc-5c3c-11ea-828f-002713343a56 Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: Windows.Store Error: (03/02/2020 06:15:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PAPA) Description: App winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store did not launch within its allotted time. Error: (02/28/2020 12:39:52 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/27/2020 04:18:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: skydrive.exe, version: 6.3.9600.17484, time stamp: 0x545d76bd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x0000000000000000 Faulting process id: 0x1114 Faulting application start time: 0x01d5ed78bd3cd471 Faulting application path: C:\Windows\System32\skydrive.exe Faulting module path: unknown Report Id: fccfc0d4-596b-11ea-828e-002713343a56 Faulting package full name: Faulting package-relative application ID: Error: (02/26/2020 04:20:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: skydrive.exe, version: 6.3.9600.17484, time stamp: 0x545d76bd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x0000000000000000 Faulting process id: 0x1614 Faulting application start time: 0x01d5ecafd3283424 Faulting application path: C:\Windows\System32\skydrive.exe Faulting module path: unknown Report Id: 134ef253-58a3-11ea-828e-002713343a56 Faulting package full name: Faulting package-relative application ID: Error: (02/26/2020 04:58:58 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/26/2020 04:58:51 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. System errors: ============= Error: (02/27/2020 04:27:58 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (02/27/2020 04:27:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Услуга на Google Актуализация (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (02/27/2020 04:27:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Услуга на Google Актуализация (gupdate) service to connect. Error: (02/27/2020 04:18:47 PM) (Source: DCOM) (EventID: 10010) (User: PAPA) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (02/26/2020 04:21:21 PM) (Source: DCOM) (EventID: 10010) (User: PAPA) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (02/25/2020 04:19:39 PM) (Source: DCOM) (EventID: 10010) (User: PAPA) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (02/21/2020 04:23:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Peer Name Resolution Protocol service, but this action failed with the following error: An instance of the service is already running. Error: (02/21/2020 04:21:26 PM) (Source: DCOM) (EventID: 10010) (User: PAPA) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2020-03-02 14:49:21.815 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:BAT/AutoKms.S!MTB&threatid=2147743496&enterprise=0 Name: HackTool:BAT/AutoKms.S!MTB ID: 2147743496 Severity: High Category: Tool Path: file:_C:\Users\ВЕСКО\Documents\windows8.cmd Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\ВЕСКО\Downloads\FRST64.exe Signature Version: AV: 1.311.394.0, AS: 1.311.394.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16800.2, NIS: 2.1.14600.4 Date: 2020-02-24 16:49:50.613 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0 Name: Program:Win32/Vigram.A ID: 232718 Severity: Severe Category: Potentially Unwanted Software Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Signature Version: AV: 1.309.1602.0, AS: 1.309.1602.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4 Date: 2020-02-21 04:27:22.929 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0 Name: Program:Win32/Vigram.A ID: 232718 Severity: Severe Category: Potentially Unwanted Software Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP (1).exe;file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP (1).exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4 Date: 2020-02-21 04:27:20.517 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0 Name: Program:Win32/Vigram.A ID: 232718 Severity: Severe Category: Potentially Unwanted Software Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4 Date: 2020-02-21 04:24:18.037 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0 Name: Program:Win32/Vigram.A ID: 232718 Severity: Severe Category: Potentially Unwanted Software Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4 Date: 2020-03-02 12:48:53.550 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.311.300.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16800.2 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Date: 2020-02-29 12:48:53.098 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.311.96.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16800.2 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Date: 2020-02-27 16:25:58.491 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.311.51.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16800.2 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Date: 2020-02-26 02:54:12.140 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.309.1602.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16700.3 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Date: 2020-02-24 16:32:59.871 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.309.1475.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16700.3 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. CodeIntegrity: =================================== Date: 2020-03-02 14:42:10.317 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-03-02 14:42:09.709 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-01 14:45:58.203 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-01 14:45:57.468 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-27 11:05:31.653 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-27 11:05:30.955 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-15 17:13:52.723 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-15 17:13:51.566 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Hewlett-Packard 68PCU Ver. F.20 12/08/2011 Motherboard: Hewlett-Packard 30DB Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz Percentage of memory in use: 57% Total physical RAM: 3000.26 MB Available physical RAM: 1289.71 MB Total Virtual: 7000.26 MB Available Virtual: 5244.19 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:365.12 GB) (Free:324.76 GB) NTFS Drive e: () (Fixed) (Total:100.1 GB) (Free:80.41 GB) NTFS \\?\Volume{bce0ecb4-bba7-11e9-8250-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{bce0ecb7-bba7-11e9-8250-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=450 MB) - (Type=27) ==================== End of Addition.txt =======================
  8. Благодаря за отделеното време , приятна вечр и на вас
  9. # Run at 4.8.2019 'г.' 20:29:45 # KpRm (Kernel-panik) version 1.7.3 # Website https://kernel-panik.me/tool/kprm/ # Run by Beco from C:\Users\Beco\Downloads # Computer Name: BECO-PC # OS: Windows 10 X86 (18362) - Create Registry Backup - [OK] Registry Backup: C:\KPRM\backup\2019-08-04-20-29 - Search Tools - ## AdwCleaner [OK] C:\Users\Beco\Downloads\adwcleaner_7.1.1.exe deleted (1) [OK] C:\AdwCleaner deleted (1) ## ESET Online Scanner [OK] HKLM\SOFTWARE\ESET\ESET Online Scanner deleted (1) ## FRST [OK] C:\Users\Beco\Downloads\Addition.txt deleted (1) [OK] C:\Users\Beco\Downloads\Addition_04-08-2019 17.09.48.txt deleted (1) [OK] C:\Users\Beco\Downloads\Fixlog.txt deleted (1) [OK] C:\Users\Beco\Downloads\FRST.exe deleted (1) [OK] C:\Users\Beco\Downloads\FRST.txt deleted (1) [OK] C:\FRST deleted (1) ## SecurityCheck [OK] C:\Users\Beco\Downloads\SecurityCheck.exe deleted (1) - Restore Default System Settings - [OK] Flush DNS [OK] Reset WinSock [OK] Hide Hidden file. [OK] Show Extensions for known file types [OK] Hide protected operating system files - Restore UAC Default Value - [OK] Set ConsentPromptBehaviorAdmin with default (5) value [OK] Set ConsentPromptBehaviorUser with default (3) value [OK] Set EnableInstallerDetection with default (0) value [OK] Set EnableLUA with default (1) value [OK] Set EnableSecureUIAPaths with default (1) value [OK] Set EnableUIADesktopToggle with default (0) value [OK] Set EnableVirtualization with default (1) value [OK] Set FilterAdministratorToken with default (0) value [OK] Set PromptOnSecureDesktop with default (1) value [OK] Set ValidateAdminCodeSignatures with default (0) value - Clear All System Restore Points - ~ [OK] RP named Windows Update created at 08/01/2019 10:54:17 deleted ~ [OK] RP named Driver Booster : Microsoft ACPI-Compliant Control Method Battery created at 08/03/2019 15:20:34 deleted [OK] All system restore points have been successfully deleted - Create New System Restore Point - [OK] Enable System Restore [OK] System Restore Point created - Display All System Restore Point - ~ RP named KpRm created at 08/04/2019 17:31:23 found
  10. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-08-2019 Ran by Beco (administrator) on BECO-PC (Hewlett-Packard HP EliteBook 6930p) (04-08-2019 19:42:13) Running from C:\Users\Beco\Downloads Loaded Profiles: Beco (Available Profiles: Beco) Platform: Microsoft Windows 10 Pro Version 1903 18362.267 (X86) Language: Английски (Съединени щати) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Hewlett-Packard Company -> HP Inc.) C:\Program Files\HP\HP System Event\HPMSGSVC.exe (Hewlett-Packard Company -> HP Inc.) C:\Program Files\HP\HP System Event\HPWMISVC.exe (HP Inc. -> HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (LSI Corporation -> LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [349240 2010-01-11] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [HPMessageService] => C:\Program Files\HP\HP System Event\HPMSGSVC.exe [664848 2016-04-26] (Hewlett-Packard Company -> HP Inc.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-03-19] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-03-19] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\76.0.3809.87\Installer\chrmstp.exe [2019-08-01] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {007EB50E-306C-4243-A051-E9CD96BD6478} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {02368336-6FC1-4641-AC1C-AF3E2FBAFA41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [243576 2019-07-23] (HP Inc. -> HP Inc.) Task: {09CD826E-432A-424E-9075-D474750087E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-12] (HP Inc. -> HP Inc.) Task: {0AC7D9DD-906E-4B7B-847E-273A28E54C7F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0CD5E731-3C97-48A0-89D3-4BE6DE9D3197} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-12] (HP Inc. -> HP Inc.) Task: {10F238F1-61B3-4FF4-B5F0-8DDC8322392A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.) Task: {1B3EB7B5-BC28-4B91-AE3A-F9EED593562F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [137592 2019-06-12] (HP Inc. -> HP Inc.) Task: {1ECBFDA8-5C75-484C-9609-D69F88A27FC2} - System32\Tasks\{C5F4DFD8-894D-40BF-9817-EDD70197CF73} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\LeagueOfAngels3-gtarcade-5c84c94d5b7d1.exe -d C:\Users\Beco\Downloads Task: {2237D89C-8BA2-4D66-8621-5F8040BA7EE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [156968 2019-02-24] (Google Inc -> Google Inc.) Task: {23C30DE0-3363-4410-9EB8-2B31B3D0ECEE} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {25AB2260-9353-403C-90EC-CC7BD098D295} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {2BDBC731-7714-481B-B2BC-27EC77EACFFB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {36942695-8A2A-42ED-A030-4B8E54984C38} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe) Task: {36FF84BD-F80B-4AC0-A3CD-CEA552F511CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3B8B0FF6-5976-4CD4-868A-6EFD55AC20EE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3CC255DE-9A77-4339-B257-97BEED1F30CB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3D8A7ED4-7E07-4834-9592-460518EE157F} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {43CBF981-9207-415B-A43F-EA808D674483} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5286E90C-81E4-4622-9F35-2E63C86A789E} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files\PrivaZer\PrivaZer.exe [17307864 2019-07-31] (Goversoft LLC -> Goversoft LLC) Task: {5CCA8EB2-1044-43C2-83EF-14AFD88A23FB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {6247CC29-3BAC-4EB6-AD0A-8D6CF73982B7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6927372A-A3E3-4697-84F8-4492DE198CAE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {70D1EB0E-4134-4D8A-B28B-71D12D891637} - System32\Tasks\{55AAC5B5-BEF5-4E5F-BF9A-95DAFA22D058} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\SharewareOnSale_Giveaway_IObit_Uninstaller_8_PRO_hub.exe -d C:\Users\Beco\Downloads Task: {70D4EC4B-4DC4-4743-8A18-19650406D2DF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {76A1CED5-E44E-41BC-88E4-53FFAC64AC3F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7DF081FE-AF3E-4B1F-A713-015169C165F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.) Task: {7E391591-2447-4B71-8C46-9F851D3C62B9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8573BFA5-38FD-40AC-9800-8EC04403FFEC} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {863D0715-8EC5-4308-B25B-A1A49453A5E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe) Task: {9E9DB093-650D-4AC1-AE74-EFF09DAA28AF} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {A00C8D46-8534-4496-96EE-C950CC0D41C6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {A37D69BB-3628-4340-9743-AC2FA5585724} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {B265CC37-CE62-4823-8496-5957A29C4EED} - System32\Tasks\HPCeeScheduleForBeco => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2019-05-17] (HP Inc. -> HP Inc.) Task: {B9FB55F4-5977-4236-9F75-7569B987B420} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BB75632B-EC31-4185-A0E7-CE9618974674} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BC00F4DF-2168-4200-B664-82D78875D451} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {BE834CB4-A940-4395-A30D-42B461E75614} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {C118C4DD-2CC4-42CB-BA9E-FA5E7EE07C24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {C8C95506-2926-45B9-B2BC-6D645180D789} - System32\Tasks\{B4FF3079-1C8A-4E12-8782-220F860F7F4E} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\EraOfCelestials-gtarcade-5c839784bff81.exe -d C:\Users\Beco\Downloads Task: {CB047417-746E-40BA-902A-815AC8FA6C7D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {D3D93664-7AD4-4496-BF89-348597AE5BC6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {D83BAE58-18BB-4010-9F0E-054149DAE465} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [156968 2019-02-24] (Google Inc -> Google Inc.) Task: {D988B398-1B45-483C-AA40-86B6646D65A8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe) Task: {DB531726-7852-4C5C-8C8E-7E643191E42A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {E0E8C45C-FE64-4087-8E0C-2193CDC81717} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {E7356B7D-5DD6-4890-B4AF-6B1E94A3EF8F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Beco\Downloads\esetonlinescanner_enu.exe [7969304 2019-08-04] (ESET, spol. s r.o. -> ESET spol. s r.o.) Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {EC15E52E-DA43-4DCC-A275-1158D0C511BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F153981F-F55F-4D98-B828-A6E1A197FAF3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FF8FD040-EFED-4F3F-B025-E7200A94FA01} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForBeco.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{338C8A04-E5A4-41C0-A592-06F731151E59}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{50FBF5F3-CB8C-4AC9-A764-9C2251E7FE43}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{c92b2e9a-dca7-4503-a7ab-bc7c831445cd}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{f048b2a6-1866-46e6-b7f4-e6a65c07e85b}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-2920239448-2505446405-2311763162-1001 -> hxxp://google.bg/ FireFox: ======== FF DefaultProfile: oytl87x0.default FF ProfilePath: C:\Users\Beco\AppData\Roaming\K-Meleon\oytl87x0.default [2019-07-16] FF user.js: detected! => C:\Users\Beco\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06] FF Homepage: K-Meleon\oytl87x0.default -> google.bg FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default [2019-08-04] CHR Extension: (Презентации) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-24] CHR Extension: (Документи) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-24] CHR Extension: (Google Диск) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-05] CHR Extension: (YouTube) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-05] CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-02] CHR Extension: (Таблици) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-24] CHR Extension: (Google Документи офлайн) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-24] CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-07-29] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-24] CHR Extension: (Gmail) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-01] CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-08-04] CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-04] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AEADIFilters; C:\WINDOWS\system32\AEADISRV.EXE [90112 2008-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation -> LSI Corporation) S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [357240 2019-07-05] (HP Inc. -> HP Inc.) R2 HPWMISVC; C:\Program Files\HP\HP System Event\HPWMISVC.exe [606224 2016-04-18] (Hewlett-Packard Company -> HP Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3735832 2019-08-01] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [304680 2018-05-22] (Synaptics Incorporated -> Synaptics Incorporated) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [1879960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [82984 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) S3 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [37696 2019-01-06] (Hewlett-Packard Company -> Hewlett-Packard Company) R3 ADIHdAudAddService; C:\WINDOWS\system32\drivers\ADIHdAud.sys [381440 2009-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) R3 AgereSoftModem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [1163328 2010-01-26] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation) S3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [199608 2019-02-20] (BayHub Technology Inc. -> BayHubTech/O2Micro ) R3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [47504 2019-08-03] (IVT CORPORATION -> IVT Corporation.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-05-31] (Malwarebytes Corporation -> Malwarebytes) R3 HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [15544 2010-02-25] (Hewlett-Packard Company -> Hewlett-Packard Company) R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [27968 2019-01-06] (Hewlett-Packard Company -> Hewlett-Packard Company) R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr.sys [15872 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Development Company, L.P.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2019-01-06] (Martin Malik - REALiX -> REALiX(tm)) S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [106144 2019-01-11] (Malwarebytes Corporation -> Malwarebytes) S3 MBAMProtection; C:\WINDOWS\System32\DRIVERS\mbam.sys [63760 2019-01-11] (Malwarebytes Corporation -> Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\System32\DRIVERS\mwac.sys [83648 2019-01-12] (Malwarebytes Corporation -> Malwarebytes) R1 MEmuDrv; C:\WINDOWS\System32\DRIVERS\MEmuDrv.sys [257512 2019-03-14] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation) R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [18448 2019-08-03] (Microsoft Windows Hardware Compatibility Publisher -> NEC Personal Computers, Ltd.) S3 NETw5s32; C:\WINDOWS\System32\DRIVERS\NETw5s32.sys [6755840 2010-01-13] (Intel Corporation) [File not signed] R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7530736 2019-01-06] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) R2 rimmptsk; C:\WINDOWS\System32\drivers\rimmptsk.sys [48128 2019-01-06] (Microsoft Windows Hardware Compatibility Publisher -> REDC) R3 rismc32; C:\WINDOWS\system32\DRIVERS\rismc32.sys [49152 2019-01-06] (Microsoft Windows Hardware Compatibility Publisher -> RICOH Company, Ltd.) U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [24688 2019-08-04] (Adlice -> ) S3 vjoy; C:\WINDOWS\System32\DRIVERS\vjoy.sys [50224 2016-02-03] (Shaul Eizikovich -> Shaul Eizikovich) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38280 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [269024 2019-07-26] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [39136 2019-07-26] (Microsoft Windows -> Microsoft Corporation) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [207360 2019-03-19] (Microsoft Windows -> Microsoft Corporation) S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X] U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-04 19:18 - 2019-08-04 19:19 - 000000000 ____D C:\AdwCleaner 2019-08-04 19:18 - 2019-08-04 19:18 - 007277776 _____ (Malwarebytes) C:\Users\Beco\Downloads\adwcleaner_7.1.1.exe 2019-08-04 18:54 - 2019-08-04 18:54 - 000000000 ____D C:\SecurityCheck 2019-08-04 18:53 - 2019-08-04 18:53 - 000528638 _____ (glax24 (safezone.cc)) C:\Users\Beco\Downloads\SecurityCheck.exe 2019-08-04 18:21 - 2019-08-04 18:21 - 000000008 __RSH C:\ProgramData\ntuser.pol 2019-08-04 18:16 - 2019-08-04 18:19 - 000007694 _____ C:\Users\Beco\Downloads\Fixlog.txt 2019-08-04 17:49 - 2019-08-04 17:49 - 000029543 _____ C:\Users\Beco\Downloads\Addition_04-08-2019 17.09.48.txt 2019-08-04 17:07 - 2019-08-04 18:34 - 000025876 _____ C:\Users\Beco\Downloads\Addition.txt 2019-08-04 17:04 - 2019-08-04 19:43 - 000023644 _____ C:\Users\Beco\Downloads\FRST.txt 2019-08-04 17:02 - 2019-08-04 19:42 - 000000000 ____D C:\FRST 2019-08-04 17:01 - 2019-08-04 17:01 - 001447936 _____ (Farbar) C:\Users\Beco\Downloads\FRST.exe 2019-08-04 16:54 - 2019-08-04 16:54 - 000000299 _____ C:\Users\Beco\Documents\zemana.txt 2019-08-04 16:51 - 2019-08-04 18:11 - 001496275 _____ C:\WINDOWS\ZAM.krnl.trace 2019-08-04 16:51 - 2019-08-04 16:51 - 000000000 ____D C:\Users\Beco\AppData\Local\Zemana 2019-08-04 16:50 - 2019-08-04 18:11 - 000000000 ____D C:\Users\Beco\AppData\Local\AMSDK 2019-08-04 16:50 - 2019-08-04 16:50 - 012664512 _____ (Zemana Ltd. ) C:\Users\Beco\Downloads\AntiMalware_Setup.exe 2019-08-04 16:45 - 2019-08-04 16:45 - 000000078 _____ C:\Users\Beco\Downloads\137bdc50b1.json 2019-08-04 15:45 - 2019-08-04 15:45 - 000008066 _____ C:\Users\Beco\Documents\Rogue killer.txt 2019-08-04 15:19 - 2019-08-04 15:19 - 000024688 _____ C:\WINDOWS\system32\Drivers\truesight.sys 2019-08-04 15:17 - 2019-08-04 15:17 - 030667800 _____ (Adlice Software ) C:\Users\Beco\Downloads\RogueKiller_setup.exe 2019-08-04 15:09 - 2019-08-04 15:09 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-04 13:11 - 2019-08-04 13:12 - 000001894 _____ C:\Users\Beco\Desktop\Rkill.txt 2019-08-04 13:10 - 2019-08-04 13:10 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Beco\Downloads\rkill-unsigned.exe 2019-08-04 12:29 - 2019-08-04 14:00 - 000000681 _____ C:\Users\Beco\Desktop\ESET Online Scanner.lnk 2019-08-04 12:29 - 2019-08-04 12:29 - 000000780 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2019-08-04 12:29 - 2019-08-04 12:29 - 000000000 ____D C:\Users\Beco\AppData\Local\ESET 2019-08-04 12:28 - 2019-08-04 12:29 - 007969304 _____ (ESET spol. s r.o.) C:\Users\Beco\Downloads\esetonlinescanner_enu.exe 2019-08-04 11:17 - 2019-08-04 15:19 - 001146190 _____ C:\WINDOWS\ntbtlog.txt 2019-08-04 09:57 - 2019-08-04 09:57 - 000002856 _____ C:\Users\Beco\Unigine_Heaven_Benchmark_4.0_20190804_0957.html 2019-08-04 09:49 - 2019-08-04 09:59 - 000000000 ____D C:\Users\Beco\Heaven 2019-08-04 09:48 - 2019-08-04 09:48 - 001065984 _____ C:\Users\Beco\AppData\Local\file__0.localstorage 2019-08-04 09:25 - 2019-08-04 10:14 - 000002217 _____ C:\Users\Beco\Desktop\Plarium Play.lnk 2019-08-04 09:13 - 2019-08-04 09:13 - 001159992 _____ (Plarium) C:\Users\Beco\Downloads\PlariumPlaySetup (1).exe 2019-08-03 18:21 - 2019-08-03 18:21 - 000047504 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\btcusb.sys 2019-08-03 18:21 - 2019-08-03 18:21 - 000018448 _____ (NEC Personal Computers, Ltd.) C:\WINDOWS\system32\Drivers\necbatt.sys 2019-08-01 13:55 - 2019-05-31 06:13 - 000835688 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerApp.exe 2019-08-01 13:55 - 2019-05-31 06:13 - 000179816 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2019-08-01 09:04 - 2019-08-01 09:04 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2019-08-01 08:59 - 2019-08-01 08:59 - 000000020 ___SH C:\Users\Beco\ntuser.ini 2019-08-01 08:57 - 2019-08-04 19:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-01 08:57 - 2019-08-01 08:57 - 000007623 _____ C:\WINDOWS\diagwrn.xml 2019-08-01 08:57 - 2019-08-01 08:57 - 000007623 _____ C:\WINDOWS\diagerr.xml 2019-08-01 08:53 - 2019-08-04 19:27 - 000912284 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-08-01 08:40 - 2019-08-01 08:40 - 000000000 ____D C:\ProgramData\USOShared 2019-08-01 08:36 - 2019-08-04 14:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-01 08:36 - 2019-08-01 09:37 - 000264440 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-08-01 08:03 - 2019-08-01 19:35 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2019-08-01 08:03 - 2019-08-01 08:03 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines 2019-08-01 08:02 - 2019-08-04 11:32 - 000000000 ____D C:\Users\Beco 2019-08-01 08:02 - 2019-03-19 05:41 - 000001105 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-08-01 08:01 - 2019-08-01 08:03 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2019-08-01 07:50 - 2019-08-01 07:50 - 005083352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 004306432 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 003635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 002314440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001866064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001652536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001555688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001273176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001106288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001039872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL 2019-08-01 07:50 - 2019-08-01 07:50 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 000838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 000759808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000700928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL 2019-08-01 07:50 - 2019-08-01 07:50 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL 2019-08-01 07:50 - 2019-08-01 07:50 - 000650552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2019-08-01 07:50 - 2019-08-01 07:50 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000463272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000418816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 000413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000075480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2019-08-01 07:50 - 2019-08-01 07:50 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 018017792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 007008768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 006515592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 006218752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 005919744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 005753728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 002863104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2019-08-01 07:49 - 2019-08-01 07:49 - 002398720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 002040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001783808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001612600 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001505080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001501496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001399296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet40.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001297720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001251640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001219072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001102648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000995800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000916280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\opengl32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000826680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CBDHSvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000769336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000739328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000736056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000733136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000625464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000568336 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000566072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000522552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000478520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000446224 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiagn.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2019-08-01 07:49 - 2019-08-01 07:49 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourceMapper.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspbde40.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000363832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd3x40.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000319376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000279864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000258056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\provplatformdesktop.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000249656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\glu32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msltus40.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000213776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityUxHost.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2019-08-01 07:49 - 2019-08-01 07:49 - 000183096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000180536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Gpu.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000152888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000145720 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000145720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000135480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwclientres.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000118584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000111416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVfs.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000091960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000086528 _____ C:\WINDOWS\system32\ResBParser.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000058825 _____ C:\WINDOWS\system32\srms.dat 2019-08-01 07:49 - 2019-08-01 07:49 - 000054792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000051512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000030008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000021816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScriptRunner.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwstreamingux.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 007067448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 003120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002991104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002777600 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002712072 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 002586608 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002458112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002245432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 002204472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 002074224 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001790976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001690624 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001611416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001473488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001468728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001429096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001392968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-08-01 07:48 - 2019-08-01 07:48 - 001283584 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001178608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001111992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-08-01 07:48 - 2019-08-01 07:48 - 001077632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001007160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000980792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000892488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000811160 _____ C:\WINDOWS\system32\locale.nls 2019-08-01 07:48 - 2019-08-01 07:48 - 000772656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000700912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000699304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000672944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000645632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000636696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000602640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000588256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000588088 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000554720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000553144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000540680 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000500992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000478800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000451896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000441584 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000440256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000404392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000398648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000395064 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000395064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000389432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000385808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000374800 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000361784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000331064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2019-08-01 07:48 - 2019-08-01 07:48 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000309048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000301880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000277520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000265744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000220984 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000206136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000199176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000161592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000158736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000142856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000138552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000136504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000135000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000134760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000108048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000104976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000098592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Display.BrightnessOverride.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000066872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000061448 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000056008 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds_ps.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000039224 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000033592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsldr.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnlsres.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDJPN.DLL 2019-08-01 07:48 - 2019-08-01 07:48 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKOR.DLL 2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 006070920 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 004679168 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 003042816 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002798592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-08-01 07:47 - 2019-08-01 07:47 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002490712 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002306048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001893888 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001651848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001562640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001537624 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001535288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001515008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001334064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdrecordcpu.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001213456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001123840 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConstraintIndex.Search.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001101312 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001079296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsf3gip.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000800048 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000777528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000773680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000738304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2019-08-01 07:47 - 2019-08-01 07:47 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000667272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2019-08-01 07:47 - 2019-08-01 07:47 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000602224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000531464 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\webauthn.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-08-01 07:47 - 2019-08-01 07:47 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2019-08-01 07:47 - 2019-08-01 07:47 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000284536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000283472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdwriter.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\directxdatabaseupdater.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000187920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ManagePhone.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgiadaptercache.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000149512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000149304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2019-08-01 07:47 - 2019-08-01 07:47 - 000120352 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000116728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000105384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000091664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2019-08-01 07:47 - 2019-08-01 07:47 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000090128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys 2019-08-01 07:47 - 2019-08-01 07:47 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\coloradapterclient.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaproxystub.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000028672 _____ C:\WINDOWS\system32\usocoreps.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 014814208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 005941760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 005087744 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 004867400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 004572016 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 003915536 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 003735264 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 002763576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 002600960 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 002373120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 002200576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 002066944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001912576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001881400 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001531992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001497088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001452032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001432064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001331976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001304888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001244672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001154960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001097528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001086464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 001063944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000889888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000724480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Signals.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000690488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_9.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000564240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000550200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000506232 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000425488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2019-08-01 07:46 - 2019-08-01 07:46 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2019-08-01 07:46 - 2019-08-01 07:46 - 000414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000400232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000375512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000344376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000336928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000321848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000284176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000279624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000268216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000245544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000235536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000222008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000191288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\regapi.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000166712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000159544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000158736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000156472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viac7.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000142648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000140304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000134424 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000103224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapistub.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapi32.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameChatTranscription.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000096208 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000095184 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2019-08-01 07:46 - 2019-08-01 07:46 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000047928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000045384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000042792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidspi.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS 2019-08-01 07:46 - 2019-08-01 07:46 - 000023736 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000016696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fixmapi.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll 2019-08-01 07:45 - 2019-08-01 07:45 - 000603448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2019-08-01 07:45 - 2019-08-01 07:45 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys 2019-08-01 07:45 - 2019-08-01 07:45 - 000244712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2019-08-01 07:45 - 2019-08-01 07:45 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio2.sys 2019-08-01 07:45 - 2019-08-01 07:45 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys 2019-08-01 07:45 - 2019-08-01 07:45 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\devauthe.sys 2019-08-01 07:29 - 2019-08-01 07:29 - 000000000 ____D C:\WINDOWS\system32\bg 2019-08-01 07:23 - 2019-08-01 07:23 - 004164608 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0002.dll 2019-08-01 07:23 - 2019-08-01 07:23 - 001875968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS2.dll 2019-08-01 07:23 - 2019-08-01 07:23 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0002.dll 2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\WINDOWS\system32\msmq 2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\WINDOWS\system32\BestPractices 2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\inetpub 2019-08-01 07:22 - 2019-08-01 07:22 - 000778912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2019-08-01 07:22 - 2019-08-01 07:22 - 000103072 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2019-08-01 07:22 - 2019-08-01 07:22 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2019-08-01 07:22 - 2019-08-01 07:22 - 000000000 ____D C:\Program Files\Reference Assemblies 2019-08-01 07:22 - 2019-08-01 07:22 - 000000000 ____D C:\Program Files\MSBuild 2019-08-01 07:20 - 2019-08-01 07:20 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll 2019-08-01 07:20 - 2019-08-01 07:20 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll 2019-08-01 07:20 - 2019-08-01 07:20 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml 2019-08-01 07:15 - 2019-08-01 07:15 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2019-08-01 07:08 - 2019-08-01 07:08 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2019-08-01 04:44 - 2019-08-01 08:59 - 000000000 ___DC C:\WINDOWS\Panther 2019-07-31 19:53 - 2019-07-31 19:53 - 025776848 _____ (Goversoft LLC) C:\Users\Beco\Downloads\PrivaZer_free (2).exe 2019-07-31 15:21 - 2019-07-31 15:23 - 000000000 ____D C:\Users\Beco\Documents\hermes_global_images_V9.6.3.0.LHMMIFD_20180801.0000.00_5.0_global_0dc0ffff2c 2019-07-31 10:46 - 2019-07-31 10:46 - 000000000 ____D C:\ProgramData\Thunder Network 2019-07-31 10:45 - 2019-08-01 10:06 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xiaomi 2019-07-31 10:45 - 2019-07-31 10:45 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Xiaomi 2019-07-31 10:42 - 2019-08-04 11:02 - 000000332 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBeco.job 2019-07-31 10:18 - 2019-07-31 10:34 - 1390856692 _____ C:\Users\Beco\Downloads\hermes_global_images_V9.6.3.0.LHMMIFD_20180801.0000.00_5.0_global_0dc0ffff2c.tgz 2019-07-29 11:31 - 2019-07-29 11:31 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2019-07-28 09:45 - 2019-07-28 09:45 - 000000000 ____D C:\Users\Beco\AppData\Roaming\AndroidTbox 2019-07-28 09:36 - 2019-07-28 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software 2019-07-28 09:35 - 2019-07-28 09:35 - 000000000 ____D C:\Temp 2019-07-21 16:47 - 2019-07-21 16:47 - 004196408 _____ C:\Users\Beco\Downloads\2019-07-10_16-29-20.861.bmp 2019-07-18 17:34 - 2019-07-31 19:53 - 000000000 ____D C:\Program Files\PrivaZer 2019-07-11 13:08 - 2019-07-11 13:22 - 000000775 _____ C:\Users\Beco\Documents\new tournament.txt 2019-07-11 12:23 - 2019-07-11 12:23 - 000000000 ____D C:\Users\Beco\.QtWebEngineProcess 2019-07-11 12:23 - 2019-07-11 12:23 - 000000000 ____D C:\Users\Beco\.LINE 2019-07-07 11:09 - 2019-07-07 11:09 - 000000000 ____D C:\Users\Beco\AppData\Local\HP_Inc 2019-07-07 11:05 - 2019-08-01 19:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2019-07-07 11:05 - 2019-07-07 11:05 - 000002262 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk 2019-07-07 11:05 - 2019-07-07 11:05 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Hewlett-Packard 2019-07-07 11:05 - 2019-07-07 11:05 - 000000000 ____D C:\Users\Beco\AppData\Local\Hewlett-Packard 2019-07-07 10:44 - 2019-07-07 10:45 - 039926088 _____ (Hewlett Packard ) C:\Users\Beco\Downloads\sp54177.exe 2019-07-07 10:37 - 2019-07-07 11:04 - 000000000 ____D C:\ProgramData\Hewlett-Packard 2019-07-07 10:37 - 2019-07-07 10:37 - 000000000 ____D C:\Users\Beco\AppData\Local\HP 2019-07-07 10:36 - 2019-07-07 10:36 - 003510048 _____ (Oleg N. Scherbakov) C:\Users\Beco\Downloads\HPSupportSolutionsFramework-12.11.24.11.exe ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-04 19:36 - 2019-03-19 05:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-04 19:27 - 2019-03-19 05:44 - 000000000 ____D C:\WINDOWS\INF 2019-08-04 19:20 - 2019-03-19 05:35 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-08-04 19:19 - 2019-01-06 19:32 - 000000000 ____D C:\Program Files\Common Files\IObit 2019-08-04 19:19 - 2019-01-06 07:53 - 000000000 ____D C:\Users\Beco\AppData\LocalLow\IObit 2019-08-04 19:19 - 2019-01-06 07:53 - 000000000 ____D C:\Program Files\IObit 2019-08-04 19:19 - 2019-01-06 07:52 - 000000000 ____D C:\Users\Beco\AppData\Roaming\IObit 2019-08-04 19:19 - 2019-01-06 07:52 - 000000000 ____D C:\ProgramData\IObit 2019-08-04 19:17 - 2019-04-13 13:26 - 000000000 ____D C:\Users\Beco\AppData\Local\Unity 2019-08-04 19:17 - 2019-01-06 10:16 - 000000000 ____D C:\Users\Beco\AppData\LocalLow\Unity 2019-08-04 18:26 - 2019-01-06 07:56 - 000000000 ____D C:\ProgramData\ProductData 2019-08-04 18:17 - 2009-07-14 05:37 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2019-08-04 18:14 - 2019-01-06 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-04 16:43 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\System 2019-08-04 16:43 - 2019-03-19 05:35 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-08-04 10:14 - 2019-04-13 12:35 - 000002131 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Plarium Play.lnk 2019-08-04 10:14 - 2019-01-06 00:54 - 000000000 ____D C:\Users\Beco\AppData\Local\Plarium 2019-08-04 10:14 - 2019-01-06 00:54 - 000000000 ____D C:\Users\Beco\AppData\Local\Package Cache 2019-08-04 07:29 - 2019-03-19 05:46 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-03 23:50 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-02 04:34 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\appcompat 2019-08-01 19:35 - 2019-06-19 04:27 - 000000000 ____D C:\Program Files\UNP 2019-08-01 19:35 - 2019-06-02 18:07 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer 2019-08-01 19:35 - 2019-04-03 05:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX H.264 decoder 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\spool 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\IME 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ServiceState 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\schemas 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\Registration 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2019-08-01 19:35 - 2019-03-19 05:43 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2019-08-01 19:35 - 2019-03-17 15:10 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-01 19:35 - 2019-03-17 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-01 19:35 - 2019-02-24 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-08-01 19:35 - 2019-01-06 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8K Player 2019-08-01 19:35 - 2019-01-06 07:51 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed 2019-08-01 19:35 - 2019-01-05 21:52 - 000000000 ____D C:\Program Files\Intel 2019-08-01 19:35 - 2018-09-15 08:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2019-08-01 19:35 - 2018-09-15 08:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2019-08-01 15:17 - 2019-04-19 19:53 - 000000000 ____D C:\Users\Beco\AppData\Local\Packages 2019-08-01 10:28 - 2019-02-24 13:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-08-01 10:28 - 2019-02-24 13:31 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-08-01 09:18 - 2019-03-19 05:46 - 000000000 ___RD C:\WINDOWS\PrintDialog 2019-08-01 09:00 - 2019-04-19 19:54 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-08-01 09:00 - 2019-04-19 19:54 - 000000000 ___RD C:\Users\Beco\3D Objects 2019-08-01 08:59 - 2019-03-19 05:46 - 000000000 ____D C:\ProgramData\USOPrivate 2019-08-01 08:58 - 2019-03-19 05:35 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2019-08-01 08:57 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Windows Defender 2019-08-01 08:40 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugins 2019-08-01 08:40 - 2019-01-05 22:05 - 000000000 ____D C:\Program Files\LSI SoftModem 2019-08-01 08:39 - 2019-01-05 22:00 - 000000000 ____D C:\WINDOWS\QLB 2019-08-01 08:32 - 2019-03-19 05:49 - 000000000 ____D C:\WINDOWS\Setup 2019-08-01 08:16 - 2019-03-19 05:46 - 000000000 __RHD C:\Users\Public\Libraries 2019-08-01 08:03 - 2019-04-13 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2019-08-01 08:03 - 2019-01-12 14:52 - 000000000 ____D C:\Program Files\Synaptics 2019-08-01 08:03 - 2019-01-06 07:59 - 000000000 ____D C:\Program Files\AuthenTec 2019-08-01 08:03 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Microsoft Games 2019-08-01 07:57 - 2019-03-19 06:40 - 000000000 ___SD C:\WINDOWS\system32\AppV 2019-08-01 07:57 - 2019-03-19 06:40 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\TextInput 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\SystemResources 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\migwiz 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-08-01 07:29 - 2019-03-19 06:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2019-08-01 07:29 - 2019-03-19 06:38 - 000000000 ____D C:\WINDOWS\system32\WCN 2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ___SD C:\WINDOWS\system32\F12 2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\IME 2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Common Files\System 2019-08-01 07:29 - 2019-03-19 05:35 - 000000000 ____D C:\WINDOWS\servicing 2019-08-01 07:23 - 2019-03-19 06:39 - 000000000 ____D C:\WINDOWS\OCR 2019-08-01 07:23 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\et-EE 2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\es-MX 2019-08-01 04:23 - 2019-01-05 20:39 - 000000000 ____D C:\Users\Beco\AppData\Local\ElevatedDiagnostics 2019-07-31 20:16 - 2019-06-02 18:07 - 000000000 ____D C:\Users\Beco\AppData\Local\PrivaZer 2019-07-31 20:01 - 2019-04-18 03:25 - 000000000 ____D C:\Users\Beco\AppData\Local\CrashDumps 2019-07-31 19:53 - 2019-06-02 18:07 - 000001916 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk 2019-07-31 19:53 - 2019-06-02 18:07 - 000001904 _____ C:\Users\Public\Desktop\PrivaZer.lnk 2019-07-26 16:30 - 2019-04-19 19:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-11 12:23 - 2019-01-05 19:50 - 000000000 ____D C:\Users\Beco\AppData\Local\VirtualStore 2019-07-11 12:21 - 2019-04-19 20:32 - 000000000 ____D C:\ProgramData\Packages 2019-07-11 12:21 - 2019-04-19 20:02 - 000000000 ____D C:\Users\Beco\AppData\Local\PlaceholderTileLogoFolder 2019-07-11 05:03 - 2019-04-19 21:24 - 000000000 ___RD C:\Users\Beco\OneDrive 2019-07-10 19:32 - 2019-01-05 21:56 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-07-10 19:26 - 2019-01-05 21:56 - 133475400 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-07-10 12:28 - 2019-01-05 20:17 - 000606264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2019-07-07 11:05 - 2019-01-05 22:00 - 000000000 ___HD C:\Program Files\InstallShield Installation Information 2019-07-07 11:04 - 2019-05-04 17:11 - 000000000 ____D C:\Program Files\HP 2019-07-07 11:04 - 2019-04-19 19:43 - 000000000 ____D C:\Users\Beco\AppData\Roaming\hpqLog 2019-07-07 11:04 - 2019-01-05 22:00 - 000000000 ____D C:\Program Files\Hewlett-Packard 2019-07-07 10:45 - 2019-05-04 17:09 - 000000000 ____D C:\SWSetup ==================== Files in the root of some directories ================ 2019-08-04 09:48 - 2019-08-04 09:48 - 001065984 _____ () C:\Users\Beco\AppData\Local\file__0.localstorage 2019-08-04 09:14 - 2019-08-04 10:14 - 000061590 _____ () C:\Users\Beco\AppData\Local\PlariumPlay.log 2019-01-05 22:44 - 2019-01-05 22:44 - 000000000 _____ () C:\Users\Beco\AppData\Local\QSwitch.txt 2019-01-26 19:23 - 2019-01-26 19:23 - 000007605 _____ () C:\Users\Beco\AppData\Local\Resmon.ResmonCfg ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-08-2019 Ran by Beco (04-08-2019 19:44:51) Running from C:\Users\Beco\Downloads Microsoft Windows 10 Pro Version 1903 18362.267 (X86) (2019-08-01 05:59:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2920239448-2505446405-2311763162-500 - Administrator - Disabled) Beco (S-1-5-21-2920239448-2505446405-2311763162-1001 - Administrator - Enabled) => C:\Users\Beco DefaultAccount (S-1-5-21-2920239448-2505446405-2311763162-503 - Limited - Disabled) Guest (S-1-5-21-2920239448-2505446405-2311763162-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2920239448-2505446405-2311763162-1002 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-2920239448-2505446405-2311763162-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 8K Player version 4.4.0 (HKLM\...\842F0D80-2EC4-4903-9798-714D9927DCA1_is1) (Version: 4.4.0 - DimoSoft, Inc.) Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) DivX H.264 decoder 8.2.0.26 (HKLM\...\divxh264_is1) (Version: 8.2.0.26 - ) Google Chrome (HKLM\...\Google Chrome) (Version: 76.0.3809.87 - Google LLC) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM\...\{A2926515-9BCE-4785-AFAD-98233D52C3AE}) (Version: 12.11.27.1 - HP Inc.) HP System Event Utility (HKLM\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.) K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Microsoft OneDrive (HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Plarium Play (HKLM\...\{12D4088C-8ED7-4218-B9FF-10E8FA3D7B57}) (Version: 3.1.0.0 - Plarium) Hidden Plarium Play (HKLM\...\{FBD9CDDD-13B0-406B-BDFA-79703D34C153}) (Version: 3.1.0 - Plarium) Hidden Plarium Play (HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\{b06aff34-801f-46e9-9690-9d16b8f33092}) (Version: 3.1.0 - Plarium) PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.75.0 - Goversoft LLC) QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden Skype, версия 8.45 (HKLM\...\Skype_is1) (Version: 8.45 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.69 - Synaptics Incorporated) WinRAR 5.70 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH) Packages: ========= LINE -> C:\Program Files\WindowsApps\NAVER.LINEwin8_5.18.2.0_x86__8ptj331gd3tyt [2019-07-31] (LINE Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-19] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x86__8wekyb3d8bbwe [2019-06-17] (Microsoft Studios) [MS Ad] Torrex Lite - Torrent Downloader -> C:\Program Files\WindowsApps\BooStudioLLC.TorrexLite-TorrentDownloader_1.3.97.0_x86__b6e429xa66pga [2019-06-21] (Finebits OÜ) [MS Ad] Добавка за „Снимки“ -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x86__8wekyb3d8bbwe [2019-04-20] (Microsoft Corporation) Поща и календар -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x86__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] Shortcut: C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer\Деинсталирай Privazer.lnk -> C:\Program Files\PrivaZer\privazer_remover.exe (Goversoft LLC) <==== Cyrillic Shortcut: C:\Users\Beco\AppData\Roaming\Microsoft\Windows\SendTo\Прехвърляне на файлове с Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKCU\Environment\\Path -> ;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\Control Panel\Desktop\\Wallpaper -> c:\users\beco\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\diy.jpg DNS Servers: 192.168.0.1 HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: SafeDNS Agent => 2 HKLM\...\StartupApproved\Run: => "QlbCtrl.exe" HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\Run: => "SafeDNS Agent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{155B760F-5E54-482B-8365-6665EC03CC2C}C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [TCP Query User{44B11955-F926-4A9B-AA9D-6B5A18DAAF61}C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{90A20652-3E5F-405C-B8E5-AF6D9A4EC0E7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{612CBEB6-20A2-448D-99E9-FCB1F2B34F23}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{AF4C1CD7-FED9-470D-B329-7F50331D7D0B}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [UDP Query User{77363016-8846-4DB7-AD51-2B727580DA68}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe () [File not signed] FirewallRules: [TCP Query User{45A74C76-06A8-4563-9550-548C167DE0D2}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe () [File not signed] FirewallRules: [UDP Query User{340FE0D8-F433-4684-8EEE-555FA3D5CC3D}C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe] => (Allow) C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe No File FirewallRules: [TCP Query User{353B7826-2A8F-493D-A1F1-2AC837AF0B3C}C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe] => (Allow) C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe No File FirewallRules: [UDP Query User{24C96F24-BD78-4B3B-8CC8-CCD439113A9E}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{F80ACAFA-F1DD-447C-8EF2-F8CFE0A3F99F}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{06598060-8173-4526-85B1-326A8EADE9B1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 01-08-2019 13:54:17 Windows Update 03-08-2019 18:20:34 Driver Booster : Microsoft ACPI-Compliant Control Method Battery ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/04/2019 07:41:57 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7388,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (08/04/2019 07:26:56 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3124,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (08/04/2019 07:19:50 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (08/04/2019 07:19:50 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (08/04/2019 07:19:50 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (08/04/2019 07:19:50 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (08/04/2019 07:00:18 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8184,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (08/04/2019 06:53:27 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7556,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. System errors: ============= Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Услуга SynTPEnh Caller Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Услуга Andrea ADI Filters Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Услуга Message Queuing беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 120000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service. Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Услуга HPWMISVC беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Услуга Agere Modem Call Progress Audio беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2019-08-04 16:39:23.995 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Name: Trojan:Win32/Wacatac.B!ml ID: 2147735505 Severity: Severe Category: Trojan Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/18e663c4b0|pid:4648,ProcessStart:132093995403375033 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 16:35:34.363 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0 Name: Trojan:Win32/Conteban.B!ml ID: 2147735507 Severity: Severe Category: Trojan Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/78834792cf|pid:2452,ProcessStart:132093992524073237 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 16:35:16.939 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0 Name: Trojan:Win32/Conteban.B!ml ID: 2147735507 Severity: Severe Category: Trojan Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/459d5f08a7|pid:2452,ProcessStart:132093992524073237 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 16:34:50.615 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0 Name: Trojan:Win32/Conteban.B!ml ID: 2147735507 Severity: Severe Category: Trojan Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/3e4192f681|pid:2452,ProcessStart:132093992524073237 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 16:31:18.836 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0 Name: Trojan:Win32/Conteban.B!ml ID: 2147735507 Severity: Severe Category: Trojan Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/d814e79dee|pid:7088,ProcessStart:132093990433000700 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 15:19:12.432 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.299.1222.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Date: 2019-08-04 15:09:07.516 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-04 12:37:18.611 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.299.1222.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Date: 2019-08-04 12:27:12.471 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-04 11:52:30.958 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. ==================== Memory info =========================== BIOS: Hewlett-Packard 68PCU Ver. F.20 12/08/2011 Motherboard: Hewlett-Packard 30DB Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz Percentage of memory in use: 62% Total physical RAM: 3000.26 MB Available physical RAM: 1115.69 MB Total Virtual: 5542.26 MB Available Virtual: 3518.26 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:365.12 GB) (Free:312.39 GB) NTFS Drive d: () (Fixed) (Total:100.1 GB) (Free:85.36 GB) NTFS \\?\Volume{35691345-1108-11e9-812b-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{35691348-1108-11e9-812b-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=450 MB) - (Type=27) ==================== End of Addition.txt ============================ Определено всичко вече е наред и Chrome зарежда по-бързо
  11. Аз не съм казал нищо по различно освен че съм ви потърсил за помощ за изтеглянето на инструмента тъй като имах затруднения . Сканиранията сам съм правил без ваши препоръки
  12. # Malwarebytes AdwCleaner 7.1.1.0 # ------------------------------- # Build: 04-24-2018 # Database: # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-04-2019 # Duration: 00:00:04 # OS: Windows 10 Pro # Cleaned: 18 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\Common Files\IObit\Advanced SystemCare Deleted C:\Users\Beco\AppData\LocalLow\IObit\Advanced SystemCare Deleted C:\Users\Beco\AppData\Roaming\IObit\Advanced SystemCare Deleted C:\ProgramData\IOBIT\Driver Booster Deleted C:\Program Files\IOBIT\Driver Booster Deleted C:\Users\Beco\AppData\Roaming\IOBIT\Driver Booster Deleted C:\Users\Beco\AppData\Roaming\DRPSu Deleted C:\ProgramData\Tencent Deleted C:\Users\Beco\AppData\Local\Tencent Deleted C:\Users\Beco\AppData\Roaming\Tencent ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\IObit\RealTimeProtector Deleted HKLM\Software\IObit\Advanced SystemCare Deleted HKLM\Software\IOBIT\ASC Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted HKLM\Software\IObit\Driver Booster Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B0A739B5-4232-4958-9C1D-486DC1047518} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{08CAA098-8E08-4DD6-AB80-2885F8050FD9} Deleted HKLM\Software\Classes\METNSD ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
  13. Системата се държи по добре , ето и резултата от сканирането: SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17] WebSite: www.safezone.cc DateLog: 04.08.2019 18:54:10 Path starting: C:\Users\Beco\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Beco VersionXML: 6.67is-31.07.2019 ___________________________________________________________________________ Windows 10(6.3.18362) (x86) Professional Release: 1903 Lang: English(0409) Installation date OS: 01.08.2019 05:59:11 LicenseStatus: Windows(R), Professional edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe SystemDrive: 😄 FS: [NTFS] Capacity: [365.1 Gb] Used: [52.6 Gb] Free: [312.5 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.239.18362.0 User Account Control enabled (Level 3) Never check for updates Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service has stopped SSDP Discovery (SSDPSRV) - The service is running Remote Desktop Services (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (enabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Защитна стена на Windows Defender (mpssvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Windows Defender (enabled and up to date) --------------------------- [ OtherUtilities ] ---------------------------- Microsoft .NET Framework 4.7.2 v.4.7.03062 -------------------------------- [ Arch ] --------------------------------- WinRAR 5.70 (32-bit) v.5.70.0 Warning! Download Update --------------------------------- [ IM ] ---------------------------------- Skype, версия 8.45 v.8.45 Warning! Download Update --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 32 NPAPI v.32.0.0.223 Adobe Flash Player 32 PPAPI v.32.0.0.223 ------------------------------- [ Browser ] ------------------------------- Google Chrome v.76.0.3809.87 K-Meleon 75.0 (x86 en-US) v.75.0 ------------------ [ AntivirusFirewallProcessServices ] ------------------- Malwarebytes Service (MBAMService) - The service has stopped C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe v.4.18.1907.4 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe v.4.18.1907.4 Услуга Windows Defender Antivirus (WinDefend) - The service is running Услуга за мрежова проверка на Windows Defender Antivirus (WdNisSvc) - The service is running Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - The service has stopped ---------------------------- [ UnwantedApps ] ----------------------------- IObit Uninstaller 8 v.8.4.0.11 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Unity Web Player v.5.3.8f2 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. IObit Uninstaller Service (IObitUnSvr) - The service has stopped ----------------------------- [ End of Log ] ------------------------------
  14. Днес писах с колегата ви B-boy/StyLe/ защото не можех да изтегля Farbar , браузърите го блокираха като вирус и накрая реших да правя опити сам за което знам че не е редно Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-08-2019 Ran by Beco (administrator) on BECO-PC (Hewlett-Packard HP EliteBook 6930p) (04-08-2019 18:28:47) Running from C:\Users\Beco\Downloads Loaded Profiles: Beco (Available Profiles: Beco) Platform: Microsoft Windows 10 Pro Version 1903 18362.267 (X86) Language: Английски (Съединени щати) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Hewlett-Packard Company -> HP Inc.) C:\Program Files\HP\HP System Event\HPMSGSVC.exe (Hewlett-Packard Company -> HP Inc.) C:\Program Files\HP\HP System Event\HPWMISVC.exe (HP Inc. -> HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (IObit Information Technology -> IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe (LSI Corporation -> LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [349240 2010-01-11] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [HPMessageService] => C:\Program Files\HP\HP System Event\HPMSGSVC.exe [664848 2016-04-26] (Hewlett-Packard Company -> HP Inc.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-03-19] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-03-19] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\76.0.3809.87\Installer\chrmstp.exe [2019-08-01] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {007EB50E-306C-4243-A051-E9CD96BD6478} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {02368336-6FC1-4641-AC1C-AF3E2FBAFA41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [243576 2019-07-23] (HP Inc. -> HP Inc.) Task: {09CD826E-432A-424E-9075-D474750087E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-12] (HP Inc. -> HP Inc.) Task: {0AC7D9DD-906E-4B7B-847E-273A28E54C7F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0CD5E731-3C97-48A0-89D3-4BE6DE9D3197} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-12] (HP Inc. -> HP Inc.) Task: {10F238F1-61B3-4FF4-B5F0-8DDC8322392A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.) Task: {1B3EB7B5-BC28-4B91-AE3A-F9EED593562F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [137592 2019-06-12] (HP Inc. -> HP Inc.) Task: {1ECBFDA8-5C75-484C-9609-D69F88A27FC2} - System32\Tasks\{C5F4DFD8-894D-40BF-9817-EDD70197CF73} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\LeagueOfAngels3-gtarcade-5c84c94d5b7d1.exe -d C:\Users\Beco\Downloads Task: {2237D89C-8BA2-4D66-8621-5F8040BA7EE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [156968 2019-02-24] (Google Inc -> Google Inc.) Task: {23C30DE0-3363-4410-9EB8-2B31B3D0ECEE} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {25AB2260-9353-403C-90EC-CC7BD098D295} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {2671536C-6AFE-4BA9-B77B-1D42B06C7FB1} - System32\Tasks\Uninstaller_SkipUac_Beco => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [5293328 2019-03-19] (IObit Information Technology -> IObit) Task: {2BDBC731-7714-481B-B2BC-27EC77EACFFB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {36942695-8A2A-42ED-A030-4B8E54984C38} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe) Task: {36FF84BD-F80B-4AC0-A3CD-CEA552F511CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3B8B0FF6-5976-4CD4-868A-6EFD55AC20EE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3CC255DE-9A77-4339-B257-97BEED1F30CB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3D8A7ED4-7E07-4834-9592-460518EE157F} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {43CBF981-9207-415B-A43F-EA808D674483} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5286E90C-81E4-4622-9F35-2E63C86A789E} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files\PrivaZer\PrivaZer.exe [17307864 2019-07-31] (Goversoft LLC -> Goversoft LLC) Task: {5CCA8EB2-1044-43C2-83EF-14AFD88A23FB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {6247CC29-3BAC-4EB6-AD0A-8D6CF73982B7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6927372A-A3E3-4697-84F8-4492DE198CAE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {70D1EB0E-4134-4D8A-B28B-71D12D891637} - System32\Tasks\{55AAC5B5-BEF5-4E5F-BF9A-95DAFA22D058} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\SharewareOnSale_Giveaway_IObit_Uninstaller_8_PRO_hub.exe -d C:\Users\Beco\Downloads Task: {70D4EC4B-4DC4-4743-8A18-19650406D2DF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {76A1CED5-E44E-41BC-88E4-53FFAC64AC3F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7DF081FE-AF3E-4B1F-A713-015169C165F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.) Task: {7E391591-2447-4B71-8C46-9F851D3C62B9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8573BFA5-38FD-40AC-9800-8EC04403FFEC} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {863D0715-8EC5-4308-B25B-A1A49453A5E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe) Task: {9E9DB093-650D-4AC1-AE74-EFF09DAA28AF} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {A00C8D46-8534-4496-96EE-C950CC0D41C6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {A37D69BB-3628-4340-9743-AC2FA5585724} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {B265CC37-CE62-4823-8496-5957A29C4EED} - System32\Tasks\HPCeeScheduleForBeco => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2019-05-17] (HP Inc. -> HP Inc.) Task: {B9FB55F4-5977-4236-9F75-7569B987B420} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BB75632B-EC31-4185-A0E7-CE9618974674} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BC00F4DF-2168-4200-B664-82D78875D451} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {BE834CB4-A940-4395-A30D-42B461E75614} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {C118C4DD-2CC4-42CB-BA9E-FA5E7EE07C24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {C8C95506-2926-45B9-B2BC-6D645180D789} - System32\Tasks\{B4FF3079-1C8A-4E12-8782-220F860F7F4E} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\EraOfCelestials-gtarcade-5c839784bff81.exe -d C:\Users\Beco\Downloads Task: {CB047417-746E-40BA-902A-815AC8FA6C7D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {D3D93664-7AD4-4496-BF89-348597AE5BC6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {D83BAE58-18BB-4010-9F0E-054149DAE465} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [156968 2019-02-24] (Google Inc -> Google Inc.) Task: {D988B398-1B45-483C-AA40-86B6646D65A8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe) Task: {DB531726-7852-4C5C-8C8E-7E643191E42A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {E0E8C45C-FE64-4087-8E0C-2193CDC81717} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {E7356B7D-5DD6-4890-B4AF-6B1E94A3EF8F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Beco\Downloads\esetonlinescanner_enu.exe [7969304 2019-08-04] (ESET, spol. s r.o. -> ESET spol. s r.o.) Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {EC15E52E-DA43-4DCC-A275-1158D0C511BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F153981F-F55F-4D98-B828-A6E1A197FAF3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FF8FD040-EFED-4F3F-B025-E7200A94FA01} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForBeco.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{338C8A04-E5A4-41C0-A592-06F731151E59}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{50FBF5F3-CB8C-4AC9-A764-9C2251E7FE43}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{c92b2e9a-dca7-4503-a7ab-bc7c831445cd}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{f048b2a6-1866-46e6-b7f4-e6a65c07e85b}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-2920239448-2505446405-2311763162-1001 -> hxxp://google.bg/ FireFox: ======== FF DefaultProfile: oytl87x0.default FF ProfilePath: C:\Users\Beco\AppData\Roaming\K-Meleon\oytl87x0.default [2019-07-16] FF user.js: detected! => C:\Users\Beco\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06] FF Homepage: K-Meleon\oytl87x0.default -> google.bg FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin HKU\S-1-5-21-2920239448-2505446405-2311763162-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Beco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default [2019-08-04] CHR Extension: (Презентации) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-24] CHR Extension: (Документи) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-24] CHR Extension: (Google Диск) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-05] CHR Extension: (YouTube) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-05] CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-02] CHR Extension: (Таблици) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-24] CHR Extension: (Google Документи офлайн) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-24] CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-07-29] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-24] CHR Extension: (Gmail) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-01] CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-08-04] CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-04] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AEADIFilters; C:\WINDOWS\system32\AEADISRV.EXE [90112 2008-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation -> LSI Corporation) S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [357240 2019-07-05] (HP Inc. -> HP Inc.) R2 HPWMISVC; C:\Program Files\HP\HP System Event\HPWMISVC.exe [606224 2016-04-18] (Hewlett-Packard Company -> HP Inc.) S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit Information Technology -> IObit) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3735832 2019-08-01] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [304680 2018-05-22] (Synaptics Incorporated -> Synaptics Incorporated) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [1879960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [82984 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) S3 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [37696 2019-01-06] (Hewlett-Packard Company -> Hewlett-Packard Company) R3 ADIHdAudAddService; C:\WINDOWS\system32\drivers\ADIHdAud.sys [381440 2009-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) R3 AgereSoftModem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [1163328 2010-01-26] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation) S3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [199608 2019-02-20] (BayHub Technology Inc. -> BayHubTech/O2Micro ) R3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [47504 2019-08-03] (IVT CORPORATION -> IVT Corporation.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-05-31] (Malwarebytes Corporation -> Malwarebytes) R3 HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [15544 2010-02-25] (Hewlett-Packard Company -> Hewlett-Packard Company) R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [27968 2019-01-06] (Hewlett-Packard Company -> Hewlett-Packard Company) R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr.sys [15872 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Development Company, L.P.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2019-01-06] (Martin Malik - REALiX -> REALiX(tm)) R3 IUProcessFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win10_x86\IUProcessFilter.sys [35136 2018-10-16] (IObit Information Technology -> IObit) R3 IURegistryFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win10_x86\IURegistryFilter.sys [41336 2018-10-16] (IObit Information Technology -> IObit) S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [106144 2019-01-11] (Malwarebytes Corporation -> Malwarebytes) S3 MBAMProtection; C:\WINDOWS\System32\DRIVERS\mbam.sys [63760 2019-01-11] (Malwarebytes Corporation -> Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\System32\DRIVERS\mwac.sys [83648 2019-01-12] (Malwarebytes Corporation -> Malwarebytes) R1 MEmuDrv; C:\WINDOWS\System32\DRIVERS\MEmuDrv.sys [257512 2019-03-14] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation) R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [18448 2019-08-03] (Microsoft Windows Hardware Compatibility Publisher -> NEC Personal Computers, Ltd.) S3 NETw5s32; C:\WINDOWS\System32\DRIVERS\NETw5s32.sys [6755840 2010-01-13] (Intel Corporation) [File not signed] R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7530736 2019-01-06] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) R2 rimmptsk; C:\WINDOWS\System32\drivers\rimmptsk.sys [48128 2019-01-06] (Microsoft Windows Hardware Compatibility Publisher -> REDC) R3 rismc32; C:\WINDOWS\system32\DRIVERS\rismc32.sys [49152 2019-01-06] (Microsoft Windows Hardware Compatibility Publisher -> RICOH Company, Ltd.) U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [24688 2019-08-04] (Adlice -> ) S3 vjoy; C:\WINDOWS\System32\DRIVERS\vjoy.sys [50224 2016-02-03] (Shaul Eizikovich -> Shaul Eizikovich) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38280 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [269024 2019-07-26] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [39136 2019-07-26] (Microsoft Windows -> Microsoft Corporation) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [207360 2019-03-19] (Microsoft Windows -> Microsoft Corporation) S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X] U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-04 18:21 - 2019-08-04 18:21 - 000000008 __RSH C:\ProgramData\ntuser.pol 2019-08-04 18:16 - 2019-08-04 18:19 - 000007694 _____ C:\Users\Beco\Downloads\Fixlog.txt 2019-08-04 17:49 - 2019-08-04 17:49 - 000029543 _____ C:\Users\Beco\Downloads\Addition_04-08-2019 17.09.48.txt 2019-08-04 17:07 - 2019-08-04 17:09 - 000029543 _____ C:\Users\Beco\Downloads\Addition.txt 2019-08-04 17:04 - 2019-08-04 18:30 - 000024833 _____ C:\Users\Beco\Downloads\FRST.txt 2019-08-04 17:02 - 2019-08-04 18:28 - 000000000 ____D C:\FRST 2019-08-04 17:01 - 2019-08-04 17:01 - 001447936 _____ (Farbar) C:\Users\Beco\Downloads\FRST.exe 2019-08-04 16:54 - 2019-08-04 16:54 - 000000299 _____ C:\Users\Beco\Documents\zemana.txt 2019-08-04 16:51 - 2019-08-04 18:11 - 001496275 _____ C:\WINDOWS\ZAM.krnl.trace 2019-08-04 16:51 - 2019-08-04 16:51 - 000000000 ____D C:\Users\Beco\AppData\Local\Zemana 2019-08-04 16:50 - 2019-08-04 18:11 - 000000000 ____D C:\Users\Beco\AppData\Local\AMSDK 2019-08-04 16:50 - 2019-08-04 16:50 - 012664512 _____ (Zemana Ltd. ) C:\Users\Beco\Downloads\AntiMalware_Setup.exe 2019-08-04 16:45 - 2019-08-04 16:45 - 000000078 _____ C:\Users\Beco\Downloads\137bdc50b1.json 2019-08-04 15:45 - 2019-08-04 15:45 - 000008066 _____ C:\Users\Beco\Documents\Rogue killer.txt 2019-08-04 15:19 - 2019-08-04 15:19 - 000024688 _____ C:\WINDOWS\system32\Drivers\truesight.sys 2019-08-04 15:17 - 2019-08-04 15:17 - 030667800 _____ (Adlice Software ) C:\Users\Beco\Downloads\RogueKiller_setup.exe 2019-08-04 15:09 - 2019-08-04 15:09 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-04 13:11 - 2019-08-04 13:12 - 000001894 _____ C:\Users\Beco\Desktop\Rkill.txt 2019-08-04 13:10 - 2019-08-04 13:10 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Beco\Downloads\rkill-unsigned.exe 2019-08-04 12:29 - 2019-08-04 14:00 - 000000681 _____ C:\Users\Beco\Desktop\ESET Online Scanner.lnk 2019-08-04 12:29 - 2019-08-04 12:29 - 000000780 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2019-08-04 12:29 - 2019-08-04 12:29 - 000000000 ____D C:\Users\Beco\AppData\Local\ESET 2019-08-04 12:28 - 2019-08-04 12:29 - 007969304 _____ (ESET spol. s r.o.) C:\Users\Beco\Downloads\esetonlinescanner_enu.exe 2019-08-04 11:17 - 2019-08-04 15:19 - 001146190 _____ C:\WINDOWS\ntbtlog.txt 2019-08-04 09:57 - 2019-08-04 09:57 - 000002856 _____ C:\Users\Beco\Unigine_Heaven_Benchmark_4.0_20190804_0957.html 2019-08-04 09:49 - 2019-08-04 09:59 - 000000000 ____D C:\Users\Beco\Heaven 2019-08-04 09:48 - 2019-08-04 09:48 - 001065984 _____ C:\Users\Beco\AppData\Local\file__0.localstorage 2019-08-04 09:25 - 2019-08-04 10:14 - 000002217 _____ C:\Users\Beco\Desktop\Plarium Play.lnk 2019-08-04 09:13 - 2019-08-04 09:13 - 001159992 _____ (Plarium) C:\Users\Beco\Downloads\PlariumPlaySetup (1).exe 2019-08-03 18:21 - 2019-08-03 18:21 - 000047504 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\btcusb.sys 2019-08-03 18:21 - 2019-08-03 18:21 - 000018448 _____ (NEC Personal Computers, Ltd.) C:\WINDOWS\system32\Drivers\necbatt.sys 2019-08-01 13:55 - 2019-05-31 06:13 - 000835688 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerApp.exe 2019-08-01 13:55 - 2019-05-31 06:13 - 000179816 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2019-08-01 09:04 - 2019-08-01 09:04 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2019-08-01 08:59 - 2019-08-01 08:59 - 000000020 ___SH C:\Users\Beco\ntuser.ini 2019-08-01 08:57 - 2019-08-04 18:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-01 08:57 - 2019-08-01 08:57 - 000007623 _____ C:\WINDOWS\diagwrn.xml 2019-08-01 08:57 - 2019-08-01 08:57 - 000007623 _____ C:\WINDOWS\diagerr.xml 2019-08-01 08:53 - 2019-08-04 18:27 - 000912284 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-08-01 08:40 - 2019-08-01 08:40 - 000000000 ____D C:\ProgramData\USOShared 2019-08-01 08:36 - 2019-08-04 14:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-01 08:36 - 2019-08-01 09:37 - 000264440 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-08-01 08:03 - 2019-08-01 19:35 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2019-08-01 08:03 - 2019-08-01 08:03 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines 2019-08-01 08:02 - 2019-08-04 11:32 - 000000000 ____D C:\Users\Beco 2019-08-01 08:02 - 2019-03-19 05:41 - 000001105 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-08-01 08:01 - 2019-08-01 08:03 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2019-08-01 07:50 - 2019-08-01 07:50 - 005083352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 004306432 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 003635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 002314440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001866064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001652536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001555688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001273176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001106288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 001039872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL 2019-08-01 07:50 - 2019-08-01 07:50 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 000838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 000759808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000700928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL 2019-08-01 07:50 - 2019-08-01 07:50 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL 2019-08-01 07:50 - 2019-08-01 07:50 - 000650552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2019-08-01 07:50 - 2019-08-01 07:50 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000463272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000418816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 000413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000075480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2019-08-01 07:50 - 2019-08-01 07:50 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe 2019-08-01 07:50 - 2019-08-01 07:50 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll 2019-08-01 07:50 - 2019-08-01 07:50 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 018017792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 007008768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 006515592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 006218752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 005919744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 005753728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 002863104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2019-08-01 07:49 - 2019-08-01 07:49 - 002398720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 002040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001783808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001612600 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001505080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001501496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001399296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet40.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001297720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001251640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001219072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001102648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000995800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000916280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\opengl32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000826680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CBDHSvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000769336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000739328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000736056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000733136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000625464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000568336 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000566072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000522552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000478520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000446224 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiagn.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2019-08-01 07:49 - 2019-08-01 07:49 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourceMapper.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspbde40.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000363832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd3x40.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000319376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000279864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000258056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\provplatformdesktop.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000249656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\glu32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msltus40.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000213776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityUxHost.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2019-08-01 07:49 - 2019-08-01 07:49 - 000183096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000180536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Gpu.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000152888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000145720 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000145720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000135480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwclientres.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000118584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000111416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVfs.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000091960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000086528 _____ C:\WINDOWS\system32\ResBParser.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000058825 _____ C:\WINDOWS\system32\srms.dat 2019-08-01 07:49 - 2019-08-01 07:49 - 000054792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000051512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000030008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000021816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScriptRunner.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys 2019-08-01 07:49 - 2019-08-01 07:49 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwstreamingux.dll 2019-08-01 07:49 - 2019-08-01 07:49 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2019-08-01 07:49 - 2019-08-01 07:49 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 007067448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 003120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002991104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002777600 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002712072 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 002586608 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002458112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 002245432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 002204472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 002074224 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001790976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001690624 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001611416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001473488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001468728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001429096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001392968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-08-01 07:48 - 2019-08-01 07:48 - 001283584 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001178608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001111992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-08-01 07:48 - 2019-08-01 07:48 - 001077632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 001007160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000980792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000892488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000811160 _____ C:\WINDOWS\system32\locale.nls 2019-08-01 07:48 - 2019-08-01 07:48 - 000772656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000700912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000699304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000672944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000645632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000636696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000602640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000588256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000588088 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000554720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000553144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000540680 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000500992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000478800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000451896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000441584 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000440256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000404392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000398648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000395064 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000395064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000389432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000385808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000374800 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000361784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000331064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2019-08-01 07:48 - 2019-08-01 07:48 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000309048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000301880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000277520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000265744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000220984 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000206136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000199176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000161592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000158736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000142856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000138552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000136504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000135000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000134760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000108048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000104976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000098592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Display.BrightnessOverride.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000066872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000061448 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000056008 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds_ps.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000039224 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000033592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsldr.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnlsres.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDJPN.DLL 2019-08-01 07:48 - 2019-08-01 07:48 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys 2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKOR.DLL 2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe 2019-08-01 07:48 - 2019-08-01 07:48 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll 2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 006070920 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 004679168 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 003042816 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002798592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-08-01 07:47 - 2019-08-01 07:47 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002490712 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 002306048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001893888 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001651848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001562640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001537624 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001535288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001515008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001334064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdrecordcpu.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001213456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001123840 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConstraintIndex.Search.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001101312 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001079296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsf3gip.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000800048 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000777528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000773680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000738304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2019-08-01 07:47 - 2019-08-01 07:47 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000667272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2019-08-01 07:47 - 2019-08-01 07:47 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000602224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000531464 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\webauthn.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-08-01 07:47 - 2019-08-01 07:47 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2019-08-01 07:47 - 2019-08-01 07:47 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000284536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000283472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdwriter.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\directxdatabaseupdater.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000187920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ManagePhone.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgiadaptercache.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000149512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000149304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2019-08-01 07:47 - 2019-08-01 07:47 - 000120352 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000116728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000105384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000091664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2019-08-01 07:47 - 2019-08-01 07:47 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000090128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys 2019-08-01 07:47 - 2019-08-01 07:47 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\coloradapterclient.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaproxystub.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2019-08-01 07:47 - 2019-08-01 07:47 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000028672 _____ C:\WINDOWS\system32\usocoreps.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll 2019-08-01 07:47 - 2019-08-01 07:47 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 014814208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 005941760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 005087744 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 004867400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 004572016 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 003915536 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 003735264 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 002763576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 002600960 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 002373120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 002200576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 002066944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001912576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001881400 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001531992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001497088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001452032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001432064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001331976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001304888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001244672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001154960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001097528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001086464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 001063944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000889888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000724480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Signals.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000690488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_9.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000564240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000550200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000506232 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000425488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2019-08-01 07:46 - 2019-08-01 07:46 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2019-08-01 07:46 - 2019-08-01 07:46 - 000414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000400232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000375512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000344376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000336928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000321848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000284176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000279624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000268216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000245544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000235536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000222008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000191288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\regapi.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000166712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000159544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000158736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000156472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viac7.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000142648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000140304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000134424 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000103224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapistub.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapi32.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameChatTranscription.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000096208 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000095184 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2019-08-01 07:46 - 2019-08-01 07:46 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000047928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000045384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000042792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidspi.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS 2019-08-01 07:46 - 2019-08-01 07:46 - 000023736 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000016696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys 2019-08-01 07:46 - 2019-08-01 07:46 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2019-08-01 07:46 - 2019-08-01 07:46 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fixmapi.exe 2019-08-01 07:46 - 2019-08-01 07:46 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll 2019-08-01 07:45 - 2019-08-01 07:45 - 000603448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2019-08-01 07:45 - 2019-08-01 07:45 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys 2019-08-01 07:45 - 2019-08-01 07:45 - 000244712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2019-08-01 07:45 - 2019-08-01 07:45 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio2.sys 2019-08-01 07:45 - 2019-08-01 07:45 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys 2019-08-01 07:45 - 2019-08-01 07:45 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\devauthe.sys 2019-08-01 07:29 - 2019-08-01 07:29 - 000000000 ____D C:\WINDOWS\system32\bg 2019-08-01 07:23 - 2019-08-01 07:23 - 004164608 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0002.dll 2019-08-01 07:23 - 2019-08-01 07:23 - 001875968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS2.dll 2019-08-01 07:23 - 2019-08-01 07:23 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0002.dll 2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\WINDOWS\system32\msmq 2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\WINDOWS\system32\BestPractices 2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\inetpub 2019-08-01 07:22 - 2019-08-01 07:22 - 000778912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2019-08-01 07:22 - 2019-08-01 07:22 - 000103072 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2019-08-01 07:22 - 2019-08-01 07:22 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2019-08-01 07:22 - 2019-08-01 07:22 - 000000000 ____D C:\Program Files\Reference Assemblies 2019-08-01 07:22 - 2019-08-01 07:22 - 000000000 ____D C:\Program Files\MSBuild 2019-08-01 07:20 - 2019-08-01 07:20 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll 2019-08-01 07:20 - 2019-08-01 07:20 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll 2019-08-01 07:20 - 2019-08-01 07:20 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml 2019-08-01 07:15 - 2019-08-01 07:15 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2019-08-01 07:08 - 2019-08-01 07:08 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2019-08-01 04:44 - 2019-08-01 08:59 - 000000000 ___DC C:\WINDOWS\Panther 2019-07-31 19:53 - 2019-07-31 19:53 - 025776848 _____ (Goversoft LLC) C:\Users\Beco\Downloads\PrivaZer_free (2).exe 2019-07-31 15:21 - 2019-07-31 15:23 - 000000000 ____D C:\Users\Beco\Documents\hermes_global_images_V9.6.3.0.LHMMIFD_20180801.0000.00_5.0_global_0dc0ffff2c 2019-07-31 10:46 - 2019-07-31 10:46 - 000000000 ____D C:\ProgramData\Thunder Network 2019-07-31 10:45 - 2019-08-01 10:06 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xiaomi 2019-07-31 10:45 - 2019-07-31 10:45 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Xiaomi 2019-07-31 10:42 - 2019-08-04 11:02 - 000000332 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBeco.job 2019-07-31 10:18 - 2019-07-31 10:34 - 1390856692 _____ C:\Users\Beco\Downloads\hermes_global_images_V9.6.3.0.LHMMIFD_20180801.0000.00_5.0_global_0dc0ffff2c.tgz 2019-07-29 11:31 - 2019-07-29 11:31 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2019-07-28 09:45 - 2019-07-28 09:45 - 000000000 ____D C:\Users\Beco\AppData\Roaming\AndroidTbox 2019-07-28 09:36 - 2019-07-28 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software 2019-07-28 09:36 - 2019-07-28 09:43 - 000000000 ____D C:\ProgramData\Tencent 2019-07-28 09:36 - 2019-07-28 09:36 - 000000000 ____D C:\Users\Beco\AppData\Local\Tencent 2019-07-28 09:35 - 2019-07-28 10:25 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Tencent 2019-07-28 09:35 - 2019-07-28 09:35 - 000000000 ____D C:\Temp 2019-07-21 16:47 - 2019-07-21 16:47 - 004196408 _____ C:\Users\Beco\Downloads\2019-07-10_16-29-20.861.bmp 2019-07-18 17:34 - 2019-07-31 19:53 - 000000000 ____D C:\Program Files\PrivaZer 2019-07-11 13:08 - 2019-07-11 13:22 - 000000775 _____ C:\Users\Beco\Documents\new tournament.txt 2019-07-11 12:23 - 2019-07-11 12:23 - 000000000 ____D C:\Users\Beco\.QtWebEngineProcess 2019-07-11 12:23 - 2019-07-11 12:23 - 000000000 ____D C:\Users\Beco\.LINE 2019-07-07 11:09 - 2019-07-07 11:09 - 000000000 ____D C:\Users\Beco\AppData\Local\HP_Inc 2019-07-07 11:05 - 2019-08-01 19:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2019-07-07 11:05 - 2019-07-07 11:05 - 000002262 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk 2019-07-07 11:05 - 2019-07-07 11:05 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Hewlett-Packard 2019-07-07 11:05 - 2019-07-07 11:05 - 000000000 ____D C:\Users\Beco\AppData\Local\Hewlett-Packard 2019-07-07 10:44 - 2019-07-07 10:45 - 039926088 _____ (Hewlett Packard ) C:\Users\Beco\Downloads\sp54177.exe 2019-07-07 10:37 - 2019-07-07 11:04 - 000000000 ____D C:\ProgramData\Hewlett-Packard 2019-07-07 10:37 - 2019-07-07 10:37 - 000000000 ____D C:\Users\Beco\AppData\Local\HP 2019-07-07 10:36 - 2019-07-07 10:36 - 003510048 _____ (Oleg N. Scherbakov) C:\Users\Beco\Downloads\HPSupportSolutionsFramework-12.11.24.11.exe ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-04 18:27 - 2019-03-19 05:44 - 000000000 ____D C:\WINDOWS\INF 2019-08-04 18:26 - 2019-01-06 07:56 - 000000000 ____D C:\ProgramData\ProductData 2019-08-04 18:21 - 2019-03-19 05:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-04 18:20 - 2019-03-19 05:35 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-08-04 18:17 - 2009-07-14 05:37 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2019-08-04 18:14 - 2019-01-06 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-04 18:09 - 2019-01-06 07:52 - 000000000 ____D C:\Users\Beco\AppData\Roaming\IObit 2019-08-04 16:43 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\System 2019-08-04 16:43 - 2019-03-19 05:35 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-08-04 10:14 - 2019-04-13 12:35 - 000002131 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Plarium Play.lnk 2019-08-04 10:14 - 2019-01-06 00:54 - 000000000 ____D C:\Users\Beco\AppData\Local\Plarium 2019-08-04 10:14 - 2019-01-06 00:54 - 000000000 ____D C:\Users\Beco\AppData\Local\Package Cache 2019-08-04 09:30 - 2019-01-06 10:16 - 000000000 ____D C:\Users\Beco\AppData\LocalLow\Unity 2019-08-04 07:29 - 2019-03-19 05:46 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-03 23:50 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-02 04:34 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\appcompat 2019-08-01 19:35 - 2019-06-19 04:27 - 000000000 ____D C:\Program Files\UNP 2019-08-01 19:35 - 2019-06-02 18:07 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer 2019-08-01 19:35 - 2019-04-03 05:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX H.264 decoder 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\spool 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\IME 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ServiceState 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\schemas 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\Registration 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2019-08-01 19:35 - 2019-03-19 05:43 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2019-08-01 19:35 - 2019-03-17 15:10 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-01 19:35 - 2019-03-17 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-01 19:35 - 2019-02-24 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-08-01 19:35 - 2019-01-06 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2019-08-01 19:35 - 2019-01-06 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8K Player 2019-08-01 19:35 - 2019-01-06 07:51 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed 2019-08-01 19:35 - 2019-01-05 21:52 - 000000000 ____D C:\Program Files\Intel 2019-08-01 19:35 - 2018-09-15 08:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2019-08-01 19:35 - 2018-09-15 08:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2019-08-01 15:17 - 2019-04-19 19:53 - 000000000 ____D C:\Users\Beco\AppData\Local\Packages 2019-08-01 10:28 - 2019-02-24 13:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-08-01 10:28 - 2019-02-24 13:31 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-08-01 09:18 - 2019-03-19 05:46 - 000000000 ___RD C:\WINDOWS\PrintDialog 2019-08-01 09:00 - 2019-04-19 19:54 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-08-01 09:00 - 2019-04-19 19:54 - 000000000 ___RD C:\Users\Beco\3D Objects 2019-08-01 08:59 - 2019-03-19 05:46 - 000000000 ____D C:\ProgramData\USOPrivate 2019-08-01 08:58 - 2019-03-19 05:35 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2019-08-01 08:57 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Windows Defender 2019-08-01 08:40 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugins 2019-08-01 08:40 - 2019-01-05 22:05 - 000000000 ____D C:\Program Files\LSI SoftModem 2019-08-01 08:39 - 2019-01-05 22:00 - 000000000 ____D C:\WINDOWS\QLB 2019-08-01 08:32 - 2019-03-19 05:49 - 000000000 ____D C:\WINDOWS\Setup 2019-08-01 08:16 - 2019-03-19 05:46 - 000000000 __RHD C:\Users\Public\Libraries 2019-08-01 08:03 - 2019-04-13 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2019-08-01 08:03 - 2019-01-12 14:52 - 000000000 ____D C:\Program Files\Synaptics 2019-08-01 08:03 - 2019-01-06 07:59 - 000000000 ____D C:\Program Files\AuthenTec 2019-08-01 08:03 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Microsoft Games 2019-08-01 07:57 - 2019-03-19 06:40 - 000000000 ___SD C:\WINDOWS\system32\AppV 2019-08-01 07:57 - 2019-03-19 06:40 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\TextInput 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\SystemResources 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\migwiz 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-08-01 07:29 - 2019-03-19 06:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2019-08-01 07:29 - 2019-03-19 06:38 - 000000000 ____D C:\WINDOWS\system32\WCN 2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ___SD C:\WINDOWS\system32\F12 2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\IME 2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Common Files\System 2019-08-01 07:29 - 2019-03-19 05:35 - 000000000 ____D C:\WINDOWS\servicing 2019-08-01 07:23 - 2019-03-19 06:39 - 000000000 ____D C:\WINDOWS\OCR 2019-08-01 07:23 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\et-EE 2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\es-MX 2019-08-01 04:23 - 2019-01-05 20:39 - 000000000 ____D C:\Users\Beco\AppData\Local\ElevatedDiagnostics 2019-07-31 20:16 - 2019-06-02 18:07 - 000000000 ____D C:\Users\Beco\AppData\Local\PrivaZer 2019-07-31 20:01 - 2019-04-18 03:25 - 000000000 ____D C:\Users\Beco\AppData\Local\CrashDumps 2019-07-31 19:53 - 2019-06-02 18:07 - 000001916 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk 2019-07-31 19:53 - 2019-06-02 18:07 - 000001904 _____ C:\Users\Public\Desktop\PrivaZer.lnk 2019-07-26 16:30 - 2019-04-19 19:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-11 12:23 - 2019-01-05 19:50 - 000000000 ____D C:\Users\Beco\AppData\Local\VirtualStore 2019-07-11 12:21 - 2019-04-19 20:32 - 000000000 ____D C:\ProgramData\Packages 2019-07-11 12:21 - 2019-04-19 20:02 - 000000000 ____D C:\Users\Beco\AppData\Local\PlaceholderTileLogoFolder 2019-07-11 05:03 - 2019-04-19 21:24 - 000000000 ___RD C:\Users\Beco\OneDrive 2019-07-10 19:32 - 2019-01-05 21:56 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-07-10 19:26 - 2019-01-05 21:56 - 133475400 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-07-10 12:28 - 2019-01-05 20:17 - 000606264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2019-07-07 11:05 - 2019-01-05 22:00 - 000000000 ___HD C:\Program Files\InstallShield Installation Information 2019-07-07 11:04 - 2019-05-04 17:11 - 000000000 ____D C:\Program Files\HP 2019-07-07 11:04 - 2019-04-19 19:43 - 000000000 ____D C:\Users\Beco\AppData\Roaming\hpqLog 2019-07-07 11:04 - 2019-01-05 22:00 - 000000000 ____D C:\Program Files\Hewlett-Packard 2019-07-07 10:45 - 2019-05-04 17:09 - 000000000 ____D C:\SWSetup ==================== Files in the root of some directories ================ 2019-08-04 09:48 - 2019-08-04 09:48 - 001065984 _____ () C:\Users\Beco\AppData\Local\file__0.localstorage 2019-08-04 09:14 - 2019-08-04 10:14 - 000061590 _____ () C:\Users\Beco\AppData\Local\PlariumPlay.log 2019-01-05 22:44 - 2019-01-05 22:44 - 000000000 _____ () C:\Users\Beco\AppData\Local\QSwitch.txt 2019-01-26 19:23 - 2019-01-26 19:23 - 000007605 _____ () C:\Users\Beco\AppData\Local\Resmon.ResmonCfg ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-08-2019 Ran by Beco (04-08-2019 18:31:23) Running from C:\Users\Beco\Downloads Microsoft Windows 10 Pro Version 1903 18362.267 (X86) (2019-08-01 05:59:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2920239448-2505446405-2311763162-500 - Administrator - Disabled) Beco (S-1-5-21-2920239448-2505446405-2311763162-1001 - Administrator - Enabled) => C:\Users\Beco DefaultAccount (S-1-5-21-2920239448-2505446405-2311763162-503 - Limited - Disabled) Guest (S-1-5-21-2920239448-2505446405-2311763162-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2920239448-2505446405-2311763162-1002 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-2920239448-2505446405-2311763162-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 8K Player version 4.4.0 (HKLM\...\842F0D80-2EC4-4903-9798-714D9927DCA1_is1) (Version: 4.4.0 - DimoSoft, Inc.) Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) DivX H.264 decoder 8.2.0.26 (HKLM\...\divxh264_is1) (Version: 8.2.0.26 - ) Google Chrome (HKLM\...\Google Chrome) (Version: 76.0.3809.87 - Google LLC) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM\...\{A2926515-9BCE-4785-AFAD-98233D52C3AE}) (Version: 12.11.27.1 - HP Inc.) HP System Event Utility (HKLM\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.) IObit Uninstaller 8 (HKLM\...\IObitUninstall) (Version: 8.4.0.11 - IObit) K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Microsoft OneDrive (HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Plarium Play (HKLM\...\{12D4088C-8ED7-4218-B9FF-10E8FA3D7B57}) (Version: 3.1.0.0 - Plarium) Hidden Plarium Play (HKLM\...\{FBD9CDDD-13B0-406B-BDFA-79703D34C153}) (Version: 3.1.0 - Plarium) Hidden Plarium Play (HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\{b06aff34-801f-46e9-9690-9d16b8f33092}) (Version: 3.1.0 - Plarium) PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.75.0 - Goversoft LLC) QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden Skype, версия 8.45 (HKLM\...\Skype_is1) (Version: 8.45 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.69 - Synaptics Incorporated) Unity Web Player (HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS) WinRAR 5.70 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH) Packages: ========= LINE -> C:\Program Files\WindowsApps\NAVER.LINEwin8_5.18.2.0_x86__8ptj331gd3tyt [2019-07-31] (LINE Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-19] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x86__8wekyb3d8bbwe [2019-06-17] (Microsoft Studios) [MS Ad] Torrex Lite - Torrent Downloader -> C:\Program Files\WindowsApps\BooStudioLLC.TorrexLite-TorrentDownloader_1.3.97.0_x86__b6e429xa66pga [2019-06-21] (Finebits OÜ) [MS Ad] Добавка за „Снимки“ -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x86__8wekyb3d8bbwe [2019-04-20] (Microsoft Corporation) Поща и календар -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x86__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2920239448-2505446405-2311763162-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Beco\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies SF -> Unity Technologies ApS) ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit) ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] Shortcut: C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer\Деинсталирай Privazer.lnk -> C:\Program Files\PrivaZer\privazer_remover.exe (Goversoft LLC) <==== Cyrillic Shortcut: C:\Users\Beco\AppData\Roaming\Microsoft\Windows\SendTo\Прехвърляне на файлове с Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKCU\Environment\\Path -> ;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\Control Panel\Desktop\\Wallpaper -> c:\users\beco\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\diy.jpg DNS Servers: 192.168.0.1 HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: SafeDNS Agent => 2 HKLM\...\StartupApproved\Run: => "QlbCtrl.exe" HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\Run: => "SafeDNS Agent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{155B760F-5E54-482B-8365-6665EC03CC2C}C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [TCP Query User{44B11955-F926-4A9B-AA9D-6B5A18DAAF61}C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{08CAA098-8E08-4DD6-AB80-2885F8050FD9}] => (Allow) C:\Users\Beco\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{B0A739B5-4232-4958-9C1D-486DC1047518}] => (Allow) C:\Users\Beco\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{90A20652-3E5F-405C-B8E5-AF6D9A4EC0E7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{612CBEB6-20A2-448D-99E9-FCB1F2B34F23}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{AF4C1CD7-FED9-470D-B329-7F50331D7D0B}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [UDP Query User{77363016-8846-4DB7-AD51-2B727580DA68}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe () [File not signed] FirewallRules: [TCP Query User{45A74C76-06A8-4563-9550-548C167DE0D2}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe () [File not signed] FirewallRules: [UDP Query User{340FE0D8-F433-4684-8EEE-555FA3D5CC3D}C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe] => (Allow) C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe No File FirewallRules: [TCP Query User{353B7826-2A8F-493D-A1F1-2AC837AF0B3C}C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe] => (Allow) C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe No File FirewallRules: [UDP Query User{24C96F24-BD78-4B3B-8CC8-CCD439113A9E}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{F80ACAFA-F1DD-447C-8EF2-F8CFE0A3F99F}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{06598060-8173-4526-85B1-326A8EADE9B1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 01-08-2019 13:54:17 Windows Update 03-08-2019 18:20:34 Driver Booster : Microsoft ACPI-Compliant Control Method Battery ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/04/2019 06:26:50 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2400,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (08/04/2019 06:20:06 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (08/04/2019 06:20:06 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (08/04/2019 06:20:06 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (08/04/2019 06:20:06 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (08/04/2019 06:17:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/04/2019 06:16:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Грешка в услугата "Криптографски услуги" при обработка на обръщение на OnIdentity() към обекта System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/04/2019 06:16:49 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {73ac7222-9583-4e9c-aeca-ddf782586332} System errors: ============= Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/04/2019 06:17:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Услуга Windows Search беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service. Error: (08/04/2019 06:17:23 PM) (Source: WAS) (EventID: 5175) (User: ) Description: The listener adapter serving the 'net.msmq' protocol disconnected unexpectedly. Error: (08/04/2019 06:17:23 PM) (Source: WAS) (EventID: 5175) (User: ) Description: The listener adapter serving the 'net.pipe' protocol disconnected unexpectedly. Windows Defender: =================================== Date: 2019-08-04 16:39:23.995 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Name: Trojan:Win32/Wacatac.B!ml ID: 2147735505 Severity: Severe Category: Trojan Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/18e663c4b0|pid:4648,ProcessStart:132093995403375033 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 16:35:34.363 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0 Name: Trojan:Win32/Conteban.B!ml ID: 2147735507 Severity: Severe Category: Trojan Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/78834792cf|pid:2452,ProcessStart:132093992524073237 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 16:35:16.939 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0 Name: Trojan:Win32/Conteban.B!ml ID: 2147735507 Severity: Severe Category: Trojan Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/459d5f08a7|pid:2452,ProcessStart:132093992524073237 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 16:34:50.615 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0 Name: Trojan:Win32/Conteban.B!ml ID: 2147735507 Severity: Severe Category: Trojan Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/3e4192f681|pid:2452,ProcessStart:132093992524073237 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 16:31:18.836 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0 Name: Trojan:Win32/Conteban.B!ml ID: 2147735507 Severity: Severe Category: Trojan Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/d814e79dee|pid:7088,ProcessStart:132093990433000700 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-04 15:19:12.432 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.299.1222.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Date: 2019-08-04 15:09:07.516 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-04 12:37:18.611 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.299.1222.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Date: 2019-08-04 12:27:12.471 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-04 11:52:30.958 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. ==================== Memory info =========================== BIOS: Hewlett-Packard 68PCU Ver. F.20 12/08/2011 Motherboard: Hewlett-Packard 30DB Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz Percentage of memory in use: 63% Total physical RAM: 3000.26 MB Available physical RAM: 1096.62 MB Total Virtual: 5542.26 MB Available Virtual: 3503.47 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:365.12 GB) (Free:312.59 GB) NTFS Drive d: () (Fixed) (Total:100.1 GB) (Free:85.36 GB) NTFS \\?\Volume{35691345-1108-11e9-812b-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{35691348-1108-11e9-812b-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=450 MB) - (Type=27) ==================== End of Addition.txt ============================ Не видях че сте писали погоре - потърсих съвет от него защото не можех да изтегля Farbar и да направя сканиране и да пусна тема , а не по тази тема
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×
×
  • Добави ново...