Премини към съдържанието

v3cko

Потребител
  • Публикации

    63
  • Регистрация

  • Последно онлайн

Нови отговори публикувани от v3cko

  1. # Run at 2.8.2020 'г.' 20:24:34
    # KpRm (Kernel-panik) version 2.8
    # Website https://kernel-panik.me/tool/kprm/
    # Run by ВЕСКО from C:\Users\ВЕСКО\Downloads
    # Computer Name: PAPA
    # OS: Windows 8.1 X64 (9600) 
    # Number of passes: 3

    - Checked options -

        ~ Registry Backup
        ~ Delete Tools
        ~ Restore System Settings
        ~ UAC Restore
        ~ Delete Restore Points
        ~ Create Restore Point

    - Create Registry Backup -

       ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
       ~ [OK] Hive C:\Users\ВЕСКО\NTUSER.dat backed up

         [OK] Registry Backup: C:\KPRM\backup\2020-08-02-20-24-34

    - Delete Tools -


      ## AdwCleaner
         [OK] C:\Users\ВЕСКО\Downloads\adwcleaner_8.0.7.exe deleted

      ## FRST
         [OK] C:\Users\ВЕСКО\Desktop\Addition.txt deleted
         [OK] C:\Users\ВЕСКО\Desktop\FRST.txt deleted

      ## Malwarebytes (log)
         [OK] C:\Users\ВЕСКО\Desktop\malwarebytes.txt deleted

    - Other Lines -


      ## Quarantines keeped
        ~ C:\AdwCleaner (AdwCleaner)

    - Restore System Settings -

         [OK] Reset WinSock
         [OK] FLUSHDNS
         [OK] Hide Hidden file.
         [OK] Show Extensions for known file types
         [OK] Hide protected operating system files

    - Restore UAC -

         [OK] Set EnableLUA with default (1) value
         [OK] Set ConsentPromptBehaviorAdmin with default (5) value
         [OK] Set ConsentPromptBehaviorUser with default (3) value
         [OK] Set EnableInstallerDetection with default (0) value
         [OK] Set EnableSecureUIAPaths with default (1) value
         [OK] Set EnableUIADesktopToggle with default (0) value
         [OK] Set EnableVirtualization with default (1) value
         [OK] Set FilterAdministratorToken with default (0) value
         [OK] Set PromptOnSecureDesktop with default (1) value
         [OK] Set ValidateAdminCodeSignatures with default (0) value

    - Clear Restore Points -

       ~ [OK] RP named Scheduled Checkpoint created at 07/11/2020 23:45:22 deleted
       ~ [OK] RP named Scheduled Checkpoint created at 07/19/2020 02:19:42 deleted
       ~ [OK] RP named Restore Point Created by FRST created at 07/25/2020 09:47:54 deleted
         [OK] All system restore points have been successfully deleted

    - Create Restore Point -

         [OK] System Restore Point created

    - Display System Restore Point -

       ~ RP named KpRm created at 08/02/2020 17:25:10

    -- KPRM finished in 84.14s --
     

    • Харесване 1
  2. Fix result of Farbar Recovery Scan Tool (x64) Version: 23-07-2020
    Ran by ВЕСКО (25-07-2020 12:47:47) Run:1
    Running from C:\Users\ВЕСКО\Downloads
    Loaded Profiles: ВЕСКО
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X] 
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
    IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\webcompanion.com -> hxxp://webcompanion.com 
    FirewallRules: [{1BED8524-52DB-4260-8BBE-A881BD9D3E34}] => (Allow) C:\Users\�����\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
    FirewallRules: [{AA496B3E-2F6F-4807-965E-F158476BB027}] => (Allow) C:\Users\�����\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
    FirewallRules: [TCP Query User{D5E3E617-6558-4159-A706-840C5B334B96}C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
    FirewallRules: [UDP Query User{6D6B588E-0882-4516-BB6C-FB65FAF2ABD3}C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
    FirewallRules: [TCP Query User{E859D23C-6F07-4BE8-B41B-6C3BEB15AF7D}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
    FirewallRules: [UDP Query User{43A95E54-B07C-45B1-8E73-66514B35824E}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
    FirewallRules: [TCP Query User{DED12865-66D2-43F2-8879-E264ACD7BB32}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
    FirewallRules: [UDP Query User{009FD906-4E38-4551-9D52-9D1270FB5477}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
    cmd: del %temp%\*.* /f /s /q
    cmd: rd /s /q %temp%
    cmd: bitsadmin /reset /allusers
    cmd: netsh winsock reset catalog
    cmd: ipconfig /flushdns
    RemoveProxy:
    EmptyTemp:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\System\CurrentControlSet\Services\amsdk => removed successfully
    amsdk => service removed successfully
    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => removed successfully

  3. Malwarebytes AdwCleaner 8.0.7.0
    # -------------------------------
    # Build:    07-22-2020
    # Database: 2020-07-20.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start:    07-24-2020
    # Duration: 00:00:06
    # OS:       Windows 8.1 Pro
    # Cleaned:  3
    # Failed:   0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted       HKCU\Software\Lavasoft\Web Companion
    Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1651 octets] - [24/07/2020 20:28:39]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
     

    • Харесване 1
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2020
    Ran by ВЕСКО (administrator) on PAPA (Hewlett-Packard HP EliteBook 6930p) (24-07-2020 18:01:54)
    Running from C:\Users\ВЕСКО\Downloads
    Loaded Profiles: ВЕСКО
    Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
    Default browser: Opera
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-
    scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core
    \smax4pnp.exe
    (PLARIUM GLOBAL LTD. -> ) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\6.1.0-0.0.1\PlariumPlayClientService.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated ->
    Synaptics Incorporated)
    HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
    HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11]
    (Hewlett-Packard Company ->  Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Microsoft
    Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files
    (x86)\Google\Chrome\Application\84.0.4147.89\Installer\chrmstp.exe [2020-07-16] (Google LLC -> Google LLC)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
    separately.)

    Task: {265168EC-659E-486F-A588-95AEB76ABA97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash
    \FlashPlayerUpdateService.exe [335416 2020-07-18] (Adobe Inc. -> Adobe)
    Task: {34623323-DEFF-4314-B094-7F8713513045} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ВЕСКО\Downloads
    \esetonlinescanner_enu.exe
    Task: {6B9E0AD0-AB0C-4380-A4C4-DCAD81DBD548} - System32\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001 => C:\Program
    Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
    Task: {87935F6A-A2F4-4866-A907-C7CD2C7A0A21} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater
    \Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
    Task: {9FF7AC8D-513B-44BB-96F6-B7107D0F6437} - System32\Tasks\Opera GX scheduled Autoupdate 1587844699 => C:\Users\ВЕСКО\AppData
    \Local\Programs\Opera GX\launcher.exe [1459224 2020-07-15] (Opera Software AS -> Opera Software)
    Task: {A843C120-2505-4293-BDFD-A29A24C02977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google
    \Update\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC)
    Task: {ACA797F2-DFAE-40E9-A1A1-F0FF47044B6A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed
    \Flash\FlashUtil32_32_0_0_403_pepper.exe [1471032 2020-07-18] (Adobe Inc. -> Adobe)
    Task: {BC7D6B7B-03DE-4E5D-A1B5-62B9B694C8C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update
    \GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC)
    Task: {F1B81EA2-DA5D-42DC-9C29-E67D88055A79} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ВЕСКО\Downloads
    \esetonlinescanner_enu.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be
    moved.)

    Task: C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job => C:\Program Files (x86)\Skillbrains\Updater
    \Updater.exe
    Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 46.35.180.1 46.35.180.2
    Tcpip\..\Interfaces\{42BC6B57-A733-46D9-8ABC-14B01E8C41EF}: [DhcpNameServer] 46.35.180.1 46.35.180.2
    Tcpip\..\Interfaces\{A7FF16DF-7DC1-437C-8A22-C8C6BDC82A48}: [DhcpNameServer] 46.35.180.1 46.35.180.2
    Tcpip\..\Interfaces\{E1D0E267-FB12-4D8A-899D-ECB810445149}: [DhcpNameServer] 192.168.42.129

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/

    FireFox:
    ========
    FF DefaultProfile: tq2nngvb.default
    FF ProfilePath: C:\Users\ВЕСКО\AppData\Roaming\Mozilla\Firefox\Profiles\tq2nngvb.default [2020-03-19]
    FF ProfilePath: C:\Users\ВЕСКО\AppData\Roaming\Mozilla\Firefox\Profiles\i1y0xx66.default-release [2020-04-23]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23]
    (Microsoft Corporation ->  Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10
    -23] (Microsoft Corporation ->  Microsoft Corporation)

    Chrome: 
    =======
    CHR Profile: C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default [2020-07-24]
    CHR Notifications: Default -> hxxps://www.zyngapoker.com
    CHR HomePage: Default -> hxxp://google.bg/
    CHR StartupUrls: Default -> "hxxps://www.google.bg/"
    CHR Extension: (Презентации) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
    \aapocclcgogkmnckokdopfmhonfmgoek [2019-08-10]
    CHR Extension: (Документи) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
    \aohghmighlieiainnegkcijnfilokake [2019-08-10]
    CHR Extension: (Google Диск) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
    \apdfllckaahabafndbhieahigkjlhalf [2019-08-10]
    CHR Extension: (YouTube) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
    \blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-10]
    CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default
    \Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-07-24]
    CHR Extension: (Таблици) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
    \felcaaldnbdncclmgdcncolpebgiejap [2019-08-10]
    CHR Extension: (Google Документи офлайн) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
    \ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-21]
    CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
    \mbniclmhobmnbdlbpiphghaielnnpgdp [2020-01-27]
    CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
    \nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
    CHR Extension: (Gmail) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    [2019-08-10]
    CHR Extension: (Chrome Media Router) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
    \pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-16]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
    separately.)

    S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-18] (Adobe Inc. ->
    Adobe)
    S4 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Microsoft Windows Hardware Compatibility Publisher ->
    Andrea Electronics Corporation)
    S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-04] (Avago Technologies U.S. Inc. -> LSI
    Corporation)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-07-08] (Malwarebytes Inc ->
    Malwarebytes)
    R2 Plarium Play Client Service; C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\6.1.0-0.0.1\PlariumPlayClientService.exe [89696
    2020-06-18] (PLARIUM GLOBAL LTD. -> )
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
    separately.)

    R3 ADIHdAudAddService; C:\Windows\system32\drivers\ADIHdAud.sys [497152 2009-05-18] (Microsoft Windows Hardware Compatibility
    Publisher -> Analog Devices, Inc.)
    R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-04] (Microsoft Windows Hardware Compatibility
    Publisher -> LSI Corporation)
    R3 HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr.sys [18432 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher
    -> Hewlett-Packard Development Company, L.P.)
    S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-07-08] (Malwarebytes Inc -> Malwarebytes)
    R1 MpKsl5976d10a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C95734CA-1077-44CF-B2A0-
    B54B171EEC0B}\MpKsl5976d10a.sys [43232 2020-07-19] (Microsoft Windows -> Microsoft Corporation)
    R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C95734CA-1077-44CF-B2A0-B54B171EEC0B}\MpKslDrv.sys
    [43232 2020-07-15] (Microsoft Windows -> Microsoft Corporation)
    R3 RICOH SmartCard Reader; C:\Windows\system32\DRIVERS\rismcx64.sys [79488 2006-10-03] (Microsoft Windows Hardware Compatibility
    Publisher -> RICOH Company, Ltd.)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2019-08-11] (Microsoft Windows Early Launch Anti-malware Publisher ->
    Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2019-08-11] (Microsoft Windows -> Microsoft Corporation)
    S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2019-08-11] (Microsoft Windows -> Microsoft Corporation)
    R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [221376 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)
    S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
    separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-07-24 18:01 - 2020-07-24 18:02 - 000012068 _____ C:\Users\ВЕСКО\Downloads\FRST.txt
    2020-07-24 18:01 - 2020-07-24 18:02 - 000000000 ____D C:\FRST
    2020-07-24 17:58 - 2020-07-24 17:58 - 002294784 _____ (Farbar) C:\Users\ВЕСКО\Downloads\FRST64.exe
    2020-07-08 16:06 - 2020-07-08 16:06 - 000005994 _____ C:\Users\ВЕСКО\Desktop\malwarebytes.txt
    2020-07-08 15:47 - 2020-07-08 15:47 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2020-07-08 15:47 - 2020-07-08 15:47 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2020-07-04 18:57 - 2020-07-04 18:57 - 000000095 _____ C:\Users\ВЕСКО\Documents\hhhh.cms
    2020-07-04 18:30 - 2020-07-04 18:30 - 002810297 _____ C:\Users\ВЕСКО\Downloads\cm413_64.zip
    2020-07-04 17:27 - 2020-07-04 17:27 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\EpicGamesLauncher
    2020-07-04 17:27 - 2020-07-04 17:27 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\CrashReportClient
    2020-07-04 17:17 - 2020-07-04 17:26 - 000000000 ____D C:\Program Files (x86)\Ubisoft
    2020-07-04 17:17 - 2020-07-04 17:17 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\Ubisoft Game Launcher
    2020-07-04 17:04 - 2020-07-04 17:27 - 000000000 ____D C:\Program Files\Epic Games
    2020-07-04 17:02 - 2020-07-04 17:02 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2020-07-04 17:02 - 2020-07-04 17:02 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2020-07-04 17:01 - 2020-07-04 17:01 - 000000000 ____D C:\Program Files\Reference Assemblies
    2020-07-04 17:01 - 2020-07-04 17:01 - 000000000 ____D C:\Program Files\MSBuild
    2020-07-04 16:59 - 2013-08-03 07:48 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
    2020-07-04 16:59 - 2013-08-03 07:48 - 000124112 _____ (Microsoft Corporation) C:\Windows
    \system32\PresentationCFFRasterizerNative_v0300.dll
    2020-07-04 16:59 - 2013-08-03 07:48 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2020-07-04 16:59 - 2013-08-03 07:41 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
    2020-07-04 16:59 - 2013-08-03 07:41 - 000102608 _____ (Microsoft Corporation) C:\Windows
    \SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2020-07-04 16:59 - 2013-08-03 07:41 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2020-07-04 16:54 - 2020-07-04 16:54 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\UnrealEngine

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-07-24 16:45 - 2020-02-16 12:43 - 000000398 _____ C:\Windows\Tasks\update-sys.job
    2020-07-24 16:33 - 2019-08-10 23:03 - 000000000 ___DO C:\Users\ВЕСКО\SkyDrive
    2020-07-24 04:40 - 2019-08-10 23:08 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{54DC4300-FD57-426E-
    B02E-B8CE96343A01}
    2020-07-24 03:07 - 2020-02-16 12:43 - 000000398 _____ C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job
    2020-07-23 17:36 - 2020-04-23 17:13 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\CrashDumps
    2020-07-21 05:28 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Inf
    2020-07-20 06:00 - 2019-08-10 22:55 - 000000000 ____D C:\Users\ВЕСКО
    2020-07-19 00:43 - 2013-08-22 17:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2020-07-18 11:52 - 2019-10-13 12:30 - 000004424 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
    2020-07-18 11:52 - 2019-10-13 12:30 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
    2020-07-18 11:52 - 2019-10-13 12:30 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\Adobe
    2020-07-18 11:52 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2020-07-18 11:52 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\Macromed
    2020-07-16 23:50 - 2019-08-10 23:00 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-
    2076816696-1300689269-2899885506-1001
    2020-07-16 19:01 - 2019-08-10 23:13 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-07-16 19:01 - 2019-08-10 23:13 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2020-07-16 19:01 - 2019-08-10 23:13 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2020-07-15 16:30 - 2020-05-17 21:43 - 000001459 _____ C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
    \Браузър Opera GX.lnk
    2020-07-15 16:30 - 2020-04-25 22:58 - 000004052 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1587844699
    2020-07-14 19:01 - 2013-09-30 07:14 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
    2020-07-14 18:52 - 2020-01-04 21:07 - 000000065 _____ C:\Users\ВЕСКО\Downloads\uopilot.ini
    2020-07-14 18:52 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\NDF
    2020-07-14 17:34 - 2020-02-07 20:31 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\ElevatedDiagnostics
    2020-07-14 17:05 - 2013-08-22 16:25 - 000262144 ___SH C:\Windows\system32\config\BBI
    2020-07-08 15:47 - 2020-01-11 21:25 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2020-07-08 15:47 - 2020-01-11 21:25 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
    2020-07-08 15:46 - 2020-01-11 21:25 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2020-07-07 20:10 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\AppReadiness
    2020-07-05 04:21 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\rescache
    2020-07-04 17:26 - 2019-10-13 12:37 - 000000000 ____D C:\Windows\system32\appmgmt
    2020-07-04 17:09 - 2013-08-22 18:20 - 000000000 ____D C:\Windows\CbsTemp
    2020-07-04 16:57 - 2019-08-11 10:20 - 000000000 ____D C:\ProgramData\Package Cache
    2020-06-29 18:18 - 2020-01-15 21:02 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
    \QTranslate
    2020-06-29 18:18 - 2020-01-15 21:02 - 000000000 ____D C:\Program Files (x86)\QTranslate
    2020-06-29 18:17 - 2013-08-22 18:36 - 000000000 ___HD C:\Program Files\WindowsApps
    2020-06-29 18:14 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\registration

    ==================== Files in the root of some directories ========

    2019-10-13 12:25 - 2019-10-13 12:24 - 051823104 _____ () C:\Program Files\Macromedia Captivate.msi
    2019-08-11 01:00 - 2019-08-11 01:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\AtStart.txt
    2019-10-27 12:08 - 2019-10-27 12:08 - 000000556 _____ () C:\Users\ВЕСКО\AppData\Local\bowsakkdestx.txt
    2019-08-11 01:00 - 2019-08-11 01:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\DSwitch.txt
    2019-08-10 23:45 - 2020-06-18 19:42 - 000157609 _____ () C:\Users\ВЕСКО\AppData\Local\PlariumPlay.log
    2019-08-11 01:00 - 2019-08-11 01:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\QSwitch.txt
    2020-02-16 12:43 - 2020-02-16 12:43 - 000000003 _____ () C:\Users\ВЕСКО\AppData\Local\updater.log
    2020-02-16 12:43 - 2020-02-16 12:43 - 000000424 _____ () C:\Users\ВЕСКО\AppData\Local\UserProducts.xml

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2020-07-16 04:43
    ==================== End of FRST.txt ========================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2020
    Ran by ВЕСКО (24-07-2020 18:04:10)
    Running from C:\Users\ВЕСКО\Downloads
    Windows 8.1 Pro (Update) (X64) (2019-08-10 19:55:10)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2076816696-1300689269-2899885506-500 - Administrator - Disabled)
    Guest (S-1-5-21-2076816696-1300689269-2899885506-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2076816696-1300689269-2899885506-1003 - Limited - Enabled)
    ВЕСКО (S-1-5-21-2076816696-1300689269-2899885506-1001 - Administrator - Enabled) => C:\Users\ВЕСКО

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be
    uninstalled manually.)

    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.403 - Adobe)
    BitTorrent (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\BitTorrent) (Version: 7.10.5.45496 - BitTorrent Inc.)
    Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.)
    Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.89 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
    HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
    Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
    LINE (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\LINE) (Version: 6.1.1.2266 - LINE Corporation)
    LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
    Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version:
    9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version:
    9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version:
    10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version:
    10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version:
    12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version:
    14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58})
    (Version: 14.24.28127.4 - Microsoft Corporation)
    Opera GX Stable 68.0.3618.197 (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\Opera GX 68.0.3618.197) (Version:
    68.0.3618.197 - Opera Software)
    Plarium Play (HKLM-x32\...\{186b8f7a-d886-40d0-af54-0a87967eb0cf}) (Version: 6.1.0 - Plarium)
    Plarium Play (HKLM-x32\...\{4FD60DF5-8569-4D49-B396-135E44C0B716}) (Version: 6.1.0 - Plarium) Hidden
    QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
    QTranslate 6.7.4 (HKLM-x32\...\QTranslate) (Version: 6.7.4 - QuestSoft)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
    WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)

    Packages:
    =========
    Frameworkuapbase -> C:\Program Files\WindowsApps\48682KiddoTest.Frameworkuapbase_1.0.0.2_neutral__81ffpr532s7pc [2020-06-29]
    (KiddoTest)
    Kinect for Windows Framework -> C:\Program Files\WindowsApps
    \Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
    Kinect for Windows Framework -> C:\Program Files\WindowsApps
    \Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
    Kinect for Windows Framework -> C:\Program Files\WindowsApps
    \Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
    Kinect for Windows Framework -> C:\Program Files\WindowsApps
    \Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
    Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x64__8wekyb3d8bbwe [2020
    -06-29] (Microsoft Corporation)
    Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x86__8wekyb3d8bbwe [2020
    -06-29] (Microsoft Corporation)
    Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps
    \Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions Internal)
    Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps
    \Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions Internal)
    Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps
    \Microsoft.WinJS.2.0.Preview.Internal_1.0.9385.3_neutral__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions)
    Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps
    \Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions)
    Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps
    \Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions)
    MSN Време -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
    [MS Ad]
    MSN Кулинария -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft
    Corporation) [MS Ad]
    MSN Пътуване -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft
    Corporation) [MS Ad]
    mxtest2 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.mxtest2_2.0.0.0_neutral__x35ns48czryn0 [2020-06-29] (m1df_mmengesha)
    Racing 3D: Need For Race on Real Asphalt Speed Tracks -> C:\Program Files\WindowsApps
    \C40DCF4F.SpeedRacing3DNeedForRaceonRealAsphaltTrac_1.0.2.0_x86__b6sb9g8avsqk2 [2020-06-29] (T-Bull)
    Test_Framework_BP_052015 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBP052015_1.0.0.9_neutral__x35ns48czryn0
    [2020-06-29] (m1df_mmengesha)
    Test_Framework_win81appxneutral_061115 -> C:\Program Files\WindowsApps
    \24712m1dfmmengesha.TestFrameworkwin81appxneutral06_4.0.0.7_neutral__x35ns48czryn0 [2020-06-29] (M1DF_Mmengesha)
    Test_FrameworkBackpublish_050515 -> C:\Program Files\WindowsApps
    \24712m1dfmmengesha.TestFrameworkBackpublish050515_1.0.0.0_neutral__x35ns48czryn0 [2020-06-29] (m1df_mmengesha)
    Test_FrameworkProd_062215_01 -> C:\Program Files\WindowsApps
    \50856m1dfLL.TestFrameworkProd06221501_1.0.0.10_neutral__nwcxtg9ehxpvt [2020-06-29] (m1df_lucyll)
    TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2020-06-29]
    (vasetest101)
    Видео -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS
    Ad]
    Игри -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
    [MS Ad]
    Музика -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS
    Ad]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
    separately.)

    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05]
    (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-
    05] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware
    \mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware
    \mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05]
    (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-
    05] (win.rar GmbH -> Alexander Roshal)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\ВЕСКО\Desktop\Браузър Opera GX.lnk -> C:\Users\ВЕСКО\AppData\Local\Programs\Opera GX\launcher.exe (Opera
    Software) <==== Cyrillic
    Shortcut: C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Браузър Opera GX.lnk -> C:\Users\ВЕСКО\AppData
    \Local\Programs\Opera GX\launcher.exe (Opera Software) <==== Cyrillic
    Shortcut: C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Браузър Opera GX.lnk -> 😄
    \Users\ВЕСКО\AppData\Local\Programs\Opera GX\launcher.exe (Opera Software) <==== Cyrillic

    ==================== Loaded Modules (Whitelisted) =============


    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\webcompanion.com -> hxxp://webcompanion.com

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 16:25 - 2020-04-23 08:49 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ВЕСКО\AppData\Local\Microsoft
    \Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
    DNS Servers: 46.35.180.1 - 46.35.180.2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3)
    (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AEADIFilters => 2
    MSCONFIG\Services: AgereModemAudio => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: SafeIPS => 3
    HKLM\...\StartupApproved\Run: => "WindowsDefender"
    HKLM\...\StartupApproved\Run: => "SynTPEnh"
    HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
    HKLM\...\StartupApproved\Run32: => "QlbCtrl.exe"
    HKLM\...\StartupApproved\Run32: => "Lightshot"
    HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
    HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
    separately.)

    FirewallRules: [{90A6F7DD-E504-4409-ABEC-C48BCE0F48C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{75128495-E63B-4C18-86A2-FA3306C63C36}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not
    signed]
    FirewallRules: [UDP Query User{C5906F14-8730-4E59-AB30-06C67E9BC2EB}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not
    signed]
    FirewallRules: [{1BED8524-52DB-4260-8BBE-A881BD9D3E34}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe => No
    File
    FirewallRules: [{AA496B3E-2F6F-4807-965E-F158476BB027}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe => No
    File
    FirewallRules: [TCP Query User{D5E3E617-6558-4159-A706-840C5B334B96}C:\users\веско\appdata\local\programs\opera gx
    \67.0.3575.130\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
    FirewallRules: [UDP Query User{6D6B588E-0882-4516-BB6C-FB65FAF2ABD3}C:\users\веско\appdata\local\programs\opera gx
    \67.0.3575.130\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
    FirewallRules: [TCP Query User{E859D23C-6F07-4BE8-B41B-6C3BEB15AF7D}C:\users\веско\appdata\local\programs\opera gx
    \68.0.3618.129\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
    FirewallRules: [UDP Query User{43A95E54-B07C-45B1-8E73-66514B35824E}C:\users\веско\appdata\local\programs\opera gx
    \68.0.3618.129\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
    FirewallRules: [TCP Query User{DED12865-66D2-43F2-8879-E264ACD7BB32}C:\users\веско\appdata\local\programs\opera gx
    \68.0.3618.186\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
    FirewallRules: [UDP Query User{009FD906-4E38-4551-9D52-9D1270FB5477}C:\users\веско\appdata\local\programs\opera gx
    \68.0.3618.186\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
    FirewallRules: [TCP Query User{8F120CF3-F066-4DC6-9A81-0F244E23B59F}C:\users\веско\appdata\local\programs\opera gx
    \68.0.3618.191\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.191\opera.exe (Opera Software AS ->
    Opera Software)
    FirewallRules: [UDP Query User{5CE62F49-C29D-4716-BF99-4BE400D86415}C:\users\веско\appdata\local\programs\opera gx
    \68.0.3618.191\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.191\opera.exe (Opera Software AS ->
    Opera Software)
    FirewallRules: [TCP Query User{CCAA93CB-9818-491C-B988-427999AC0B39}C:\users\веско\appdata\local\programs\opera gx
    \68.0.3618.197\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.197\opera.exe (Opera Software AS ->
    Opera Software)
    FirewallRules: [UDP Query User{E1A68F6A-E93B-43A8-833F-AC36C3DD693D}C:\users\веско\appdata\local\programs\opera gx
    \68.0.3618.197\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.197\opera.exe (Opera Software AS ->
    Opera Software)
    FirewallRules: [{8EE4EF7B-9803-4012-A253-3F8749E6B152}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    04-07-2020 16:53:20 Installed DirectX
    12-07-2020 02:45:22 Scheduled Checkpoint
    19-07-2020 05:19:42 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices ============

    Name: Redmi
    Description: Redmi
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: 
    Description: 
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the
    instructions.

    Name: Fingerprint Sensor
    Description: Fingerprint Sensor
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the
    instructions.

    Name: Base System Device
    Description: Base System Device
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the
    instructions.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (07/23/2020 05:36:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamtray.exe, version: 4.0.0.728, time stamp: 0x5ef6345c
    Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x5e8272e4
    Exception code: 0xc0000005
    Fault offset: 0x0000000000219d05
    Faulting process id: 0x368
    Faulting application start time: 0x01d660fe9dc1e21d
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
    Report Id: f2370483-ccf1-11ea-82ba-f4ce46ad0471
    Faulting package full name: 
    Faulting package-relative application ID:

    Error: (07/21/2020 04:25:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).

    Error: (07/19/2020 05:19:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (07/16/2020 05:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: game.exe, version: 2018.4.20.34440, time stamp: 0x5e72fda9
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x6361206e
    Faulting process id: 0xe8c
    Faulting application start time: 0x01d65b79d722f88c
    Faulting application path: C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\StandAloneApps\throne\93\game.exe
    Faulting module path: unknown
    Report Id: 408ed5d9-c76d-11ea-82b8-aa8b79b0f859
    Faulting package full name: 
    Faulting package-relative application ID:

    Error: (07/12/2020 02:45:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (07/10/2020 07:56:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAPA)
    Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-
    TWinUI/Operational log for additional information.

    Error: (07/10/2020 07:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program WWAHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more
    information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 8d8

    Start Time: 01d656db02a3e61a

    Termination Time: 4294967295

    Application Path: C:\Windows\System32\WWAHost.exe

    Report Id: 4a941707-c2ce-11ea-82b4-002713343a56

    Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: Windows.Store

    Error: (07/10/2020 07:56:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PAPA)
    Description: App winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store did not launch within its allotted time.


    System errors:
    =============
    Error: (07/23/2020 06:20:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

    Error: (07/23/2020 06:19:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

    Error: (07/23/2020 06:19:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

    Error: (07/23/2020 06:18:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

    Error: (07/23/2020 06:18:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

    Error: (07/23/2020 06:14:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

    Error: (07/22/2020 06:02:49 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

    Error: (07/22/2020 06:02:49 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.


    Windows Defender:
    ===================================
    Date: 2020-06-22 17:57:38.200
    Description: 
    Windows Defender scan has been stopped before completion.
    Scan ID: {DA0F79FE-708A-413C-89DE-70AD10CBD434}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-06-19 16:09:59.096
    Description: 
    Windows Defender scan has been stopped before completion.
    Scan ID: {2C80E799-C55A-4A35-9912-1FAC112CE127}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-06-09 03:22:06.191
    Description: 
    Windows Defender scan has been stopped before completion.
    Scan ID: {8F709E50-DC9E-420C-96BF-FB4B3FDA9983}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-06-06 02:30:20.783
    Description: 
    Windows Defender scan has been stopped before completion.
    Scan ID: {0B605A47-9F65-4275-A8B0-0877E2D4757C}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-05-29 11:02:00.392
    Description: 
    Windows Defender scan has been stopped before completion.
    Scan ID: {E557884F-266F-41EC-B720-AC99CF717DE0}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-05-10 07:49:28.408
    Description: 
    Windows Defender Real-Time Protection feature has encountered an error and failed.
    Feature: Network Inspection System
    Error Code: 0x8007042c
    Error description: The dependency service or group failed to start. 
    Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and
    restart the computer.

    Date: 2020-05-08 17:55:06.166
    Description: 
    Windows Defender Real-Time Protection feature has encountered an error and failed.
    Feature: Network Inspection System
    Error Code: 0x8007042c
    Error description: The dependency service or group failed to start. 
    Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and
    restart the computer.

    Date: 2020-04-30 16:47:53.488
    Description: 
    Windows Defender Real-Time Protection feature has encountered an error and failed.
    Feature: Network Inspection System
    Error Code: 0x8007042c
    Error description: The dependency service or group failed to start. 
    Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and
    restart the computer.

    Date: 2020-04-30 16:47:07.497
    Description: 
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version: 
    Previous Signature Version: 1.313.1441.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16900.4
    Error code: 0x8007041d
    Error description: The service did not respond to the start or control request in a timely fashion. 

    Date: 2020-04-30 16:47:04.605
    Description: 
    Windows Defender Real-Time Protection feature has encountered an error and failed.
    Feature: Network Inspection System
    Error Code: 0x8007042c
    Error description: The dependency service or group failed to start. 
    Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and
    restart the computer.

    CodeIntegrity:
    ===================================

    Date: 2020-03-03 18:56:44.054
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
    \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2020-03-03 18:56:42.406
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
    \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2020-03-03 17:59:04.212
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
    \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2020-03-03 17:59:03.621
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
    \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2020-03-03 17:17:02.606
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
    \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2020-03-03 17:17:01.890
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
    \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2020-03-03 17:09:15.326
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
    \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2020-03-03 17:09:14.624
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
    \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    ==================== Memory info =========================== 

    BIOS: Hewlett-Packard 68PCU Ver. F.20 12/08/2011
    Motherboard: Hewlett-Packard 30DB
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
    Percentage of memory in use: 56%
    Total physical RAM: 3000.26 MB
    Available physical RAM: 1297.14 MB
    Total Virtual: 7000.26 MB
    Available Virtual: 4482.2 MB

    ==================== Drives ================================

    Drive 😄 () (Fixed) (Total:365.12 GB) (Free:323.1 GB) NTFS
    Drive e: () (Fixed) (Total:100.1 GB) (Free:84.29 GB) NTFS

    \\?\Volume{bce0ecb4-bba7-11e9-8250-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
    \\?\Volume{bce0ecb7-bba7-11e9-8250-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

    ==================== End of Addition.txt =======================

     

  5. След сканиране с Malwarebytes - 

    Malwarebytes
    www.malwarebytes.com

    -Детайли за регистъра-
    Дата на сканиране: 23.07.20 г.
    Час на сканиране: 17:36
    Файл на регистъра: f1d5ee08-ccf1-11ea-816a-f4ce46ad0471.json

    -Информация за софтуера-
    Версия: 4.1.2.73
    Версия на компонентите: 1.0.976
    Актуализирай версията на пакета: 1.0.27281
    Лиценз: Free

    -Системна информация-
    OS: Windows 8.1
    CPU: x64
    Файлова система: NTFS
    Потребител: PAPA\\u00d0\u0092\u00d0\u0095\u00d0\u00a1\u00d0\u009a\u00d0\u009e

    -Резюме на сканирането-
    Тип сканиране: Сканиране за заплахи
    Сканирането е стартирано от: Ръчно
    Резултат: Завършено
    Сканирани обекти: 236694
    Открити заплахи: 17
    Заплахи под карантина: 17
    Изтекло време: 11 мин, 58 сек

    -Опции за сканиране-
    Памет: Разрешено
    Стартиране: Разрешено
    Файлова система: Разрешено
    Архиви: Разрешено
    руткитове: Разрешено
    Евристика: Разрешено
    PUP: Открий
    PUM: Открий

    -Детайли за сканирането-
    Процес: 0
    (Не бяха открити зловредни елементи)

    Модул: 0
    (Не бяха открити зловредни елементи)

    Ключ на регистъра: 0
    (Не бяха открити зловредни елементи)

    Стойност на регистъра: 0
    (Не бяха открити зловредни елементи)

    Данни на регистъра: 0
    (Не бяха открити зловредни елементи)

    Поток данни: 0
    (Не бяха открити зловредни елементи)

    Папка: 3
    PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Под карантина, 203, 838273, , , , 

    Файл: 14
    PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000093.ldb, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000096.ldb, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000099.ldb, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000101.log, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000102.ldb, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Под карантина, 203, 838273, , , , 
    PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Сменен, 203, 838273, 1.0.27281, , ame, 
    PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Сменен, 203, 838273, 1.0.27281, , ame, 
    PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Сменен, 203, 838273, 1.0.27281, , ame, 

    Физически сектор: 0
    (Не бяха открити зловредни елементи)

    WMI: 0
    (Не бяха открити зловредни елементи)


    (end)

  6. Здравейте , от 4 дена ми върви работа по поддръжката (прилагам снимки)- един път ги спрях и един път рестартирах лаптопа но след около два часа пак започна .Въпроса ми е защо продължава вече 4 дена?Screenshot_47.png.85cc724c1e89f165941aeb4f33a14f3c.pngScreenshot_48.png.8425918847d91268f65651cbcbe7929a.png

  7. Програмата зависна за около 30 мин. и след това изписа програмата не отговаря и се наложи да я стартирам наново

    # Run at 3.3.2020 'г.' 19:46:43
    # KpRm (Kernel-panik) version 2.8
    # Website https://kernel-panik.me/tool/kprm/
    # Run by ВЕСКО from C:\Users\ВЕСКО\Downloads
    # Computer Name: PAPA
    # OS: Windows 8.1 X64 (9600) 
    # Number of passes: 2

    - Checked options -

        ~ Registry Backup
        ~ Delete Tools
        ~ Restore System Settings
        ~ UAC Restore
        ~ Delete Restore Points
        ~ Create Restore Point
        ~ Delete Quarantines

    - Create Registry Backup -

       ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
       ~ [OK] Hive C:\Users\ВЕСКО\NTUSER.dat backed up

         [OK] Registry Backup: C:\KPRM\backup\2020-03-03-19-46-43

    - Delete Tools -


      ## ESET Online Scanner
         [OK] C:\Users\ВЕСКО\AppData\Local\ESET\ESETOnlineScanner deleted

      ## FRST
         [OK] C:\FRST deleted

    - Restore System Settings -

         [OK] Reset WinSock
         [OK] FLUSHDNS
         [OK] Hide Hidden file.
         [OK] Show Extensions for known file types
         [OK] Hide protected operating system files

    - Restore UAC -

         [OK] Set EnableLUA with default (1) value
         [OK] Set ConsentPromptBehaviorAdmin with default (5) value
         [OK] Set ConsentPromptBehaviorUser with default (3) value
         [OK] Set EnableInstallerDetection with default (0) value
         [OK] Set EnableSecureUIAPaths with default (1) value
         [OK] Set EnableUIADesktopToggle with default (0) value
         [OK] Set EnableVirtualization with default (1) value
         [OK] Set FilterAdministratorToken with default (0) value
         [OK] Set PromptOnSecureDesktop with default (1) value
         [OK] Set ValidateAdminCodeSignatures with default (0) value

    - Clear Restore Points -

       ~ [OK] RP named KpRm created at 03/03/2020 16:57:14 deleted
         [OK] All system restore points have been successfully deleted

    - Create Restore Point -

         [OK] System Restore Point created

    - Display System Restore Point -

       ~ RP named KpRm created at 03/03/2020 17:47:13

    -- KPRM finished in 90.42s --

  8. Програмата аз съм я инсталирал , позната ми е

    https://www.virustotal.com/gui/file/9e72384e18640eca6de036541b89747e739517687c536b3348fced709a1d849c/detection

    https://www.virustotal.com/gui/file/2b3bab861ea24115fa62a6873b16197dd8a8309183ec297bf8b8fc9473bc4d86/detection

    https://www.virustotal.com/gui/file/473c7991cfcc0660f19751dc5940939b3ca8f94e234c2bd996b5aa72880b1c19/detection

    3.3.2020 г. 17:54:29
    Сканирани файлове: 372010
    Открити файлове: 3
    Почистени файлове: 3
    Общо време на сканиране 02:43:51
    Състояние на сканиране: Готово


    C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\updates\7.10.5_45496.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистен чрез изтриване
    C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистен чрез изтриване
    C:\Users\ВЕСКО\Downloads\BitTorrent.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение,вариант на Win32/WebCompanion.B потенциално нежелано приложение    почистен чрез изтриване

     

     

  9. Здравейте , нямам оплаквания просто искам да направя профилактична проверка

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020
    Ran by ВЕСКО (administrator) on PAPA (Hewlett-Packard HP EliteBook 6930p) (02-03-2020 14:47:25)
    Running from C:\Users\ВЕСКО\Downloads
    Loaded Profiles: ВЕСКО (Available Profiles: ВЕСКО)
    Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Avago Technologies U.S. Inc. -> LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (PLARIUM GLOBAL LTD. -> ) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\TrayPP.exe
    (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe
    (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe
    (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe
    (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe
    (SafeIP) [File not signed] C:\Program Files (x86)\SafeIP\SafeIPS.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated -> Synaptics Incorporated)
    HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
    HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] (Hewlett-Packard Company ->  Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
    HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.122\Installer\chrmstp.exe [2020-02-24] (Google LLC -> Google LLC)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {265168EC-659E-486F-A588-95AEB76ABA97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-12] (Adobe Inc. -> Adobe)
    Task: {55DBABF8-7CBC-45AD-AA41-0CDE6FC314AF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {5CB506C8-E8D6-4C56-AF40-B3D478C337CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
    Task: {6B9E0AD0-AB0C-4380-A4C4-DCAD81DBD548} - System32\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
    Task: {87935F6A-A2F4-4866-A907-C7CD2C7A0A21} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
    Task: {A843C120-2505-4293-BDFD-A29A24C02977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC)
    Task: {ACA797F2-DFAE-40E9-A1A1-F0FF47044B6A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_pepper.exe [1453624 2020-02-12] (Adobe Inc. -> Adobe)
    Task: {BC7D6B7B-03DE-4E5D-A1B5-62B9B694C8C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
    Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed]
    Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed]
    Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed]
    Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed]
    Winsock: Catalog9 16 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed]
    Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed]
    Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed]
    Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed]
    Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed]
    Winsock: Catalog9-x64 16 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed]
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{A7FF16DF-7DC1-437C-8A22-C8C6BDC82A48}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-02-16 08:34:09&bName=
    SearchScopes: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}

    Chrome: 
    =======
    CHR Profile: C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default [2020-03-02]
    CHR Notifications: Default -> hxxps://realniistorii.com
    CHR HomePage: Default -> hxxp://google.bg/
    CHR StartupUrls: Default -> "hxxps://www.google.bg/"
    CHR Extension: (Презентации) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-10]
    CHR Extension: (Документи) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-10]
    CHR Extension: (Google Диск) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-10]
    CHR Extension: (YouTube) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-10]
    CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-02-19]
    CHR Extension: (Таблици) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-10]
    CHR Extension: (Google Документи офлайн) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-09]
    CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2020-01-27]
    CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
    CHR Extension: (Gmail) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-10]
    CHR Extension: (Chrome Media Router) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-20]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-04] (Avago Technologies U.S. Inc. -> LSI Corporation)
    S3 GameforgeClientService; C:\Program Files (x86)\GameforgeClient\gfservice.exe [529568 2020-02-12] (Gameforge 4D GmbH -> )
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-01-11] (Malwarebytes Inc -> Malwarebytes)
    R3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [4606976 2015-08-03] (SafeIP) [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
    R3 HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [19000 2010-02-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr.sys [18432 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Development Company, L.P.)
    R3 RICOH SmartCard Reader; C:\Windows\system32\DRIVERS\rismcx64.sys [79488 2006-10-03] (Microsoft Windows Hardware Compatibility Publisher -> RICOH Company, Ltd.)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2019-08-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2019-08-11] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2019-08-11] (Microsoft Windows -> Microsoft Corporation)
    R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [221376 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)
    S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-03-02 14:47 - 2020-03-02 14:48 - 000011911 _____ C:\Users\ВЕСКО\Downloads\FRST.txt
    2020-03-02 14:47 - 2020-03-02 14:48 - 000000000 ____D C:\FRST
    2020-03-02 14:37 - 2020-03-02 14:38 - 002279424 _____ (Farbar) C:\Users\ВЕСКО\Downloads\FRST64.exe
    2020-02-22 06:34 - 2020-02-22 06:35 - 000000000 ____D C:\Program Files\CCleaner
    2020-02-22 06:34 - 2020-02-22 06:34 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
    2020-02-22 06:34 - 2020-02-22 06:34 - 000002800 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
    2020-02-22 06:34 - 2020-02-22 06:34 - 000000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2020-02-22 06:34 - 2020-02-22 06:34 - 000000834 _____ C:\ProgramData\Desktop\CCleaner.lnk
    2020-02-22 06:34 - 2020-02-22 06:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2020-02-22 06:33 - 2020-02-22 06:34 - 024581800 _____ (Piriform Software Ltd) C:\Users\ВЕСКО\Downloads\cctrialsetup.exe
    2020-02-21 04:37 - 2020-02-21 04:56 - 000002456 _____ C:\Windows\SysWOW64\SafeIPSOff.ini
    2020-02-21 04:37 - 2020-02-21 04:56 - 000002456 _____ C:\Windows\system32\SafeIPSOff.ini
    2020-02-21 04:28 - 2020-02-21 04:28 - 000000995 _____ C:\Users\ВЕСКО\Desktop\SafeIP.lnk
    2020-02-21 04:28 - 2020-02-21 04:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeIP
    2020-02-21 04:28 - 2020-02-21 04:28 - 000000000 ____D C:\Program Files (x86)\SafeIP
    2020-02-21 04:28 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\SysWOW64\SafeIPs.dll
    2020-02-16 12:58 - 2020-02-16 12:58 - 000000000 ____D C:\Users\ВЕСКО\Downloads\Collection
    2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\WinRAR
    2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Program Files\WinRAR
    2020-02-16 12:46 - 2020-02-16 12:46 - 003205888 _____ (Alexander Roshal) C:\Users\ВЕСКО\Downloads\winrar-x64-580.exe
    2020-02-16 12:37 - 2020-02-16 12:37 - 000000000 ____D C:\Users\Public\Documents\Steam
    2020-02-16 12:37 - 2020-02-16 12:37 - 000000000 ____D C:\ProgramData\Documents\Steam
    2020-02-16 12:33 - 2020-02-16 12:33 - 000016499 _____ C:\Users\ВЕСКО\Downloads\Collection.torrent
    2020-02-16 12:21 - 2020-02-16 12:33 - 000000000 ____D C:\Windows\SysWOW64\directx
    2020-02-16 12:21 - 2020-02-16 12:21 - 000000000 ___HD C:\Windows\msdownld.tmp
    2020-02-16 11:45 - 2020-02-16 11:45 - 000000000 ____D C:\Users\ВЕСКО\Documents\Lightshot
    2020-02-16 11:43 - 2020-03-02 12:45 - 000000398 _____ C:\Windows\Tasks\update-sys.job
    2020-02-16 11:43 - 2020-03-02 11:07 - 000000398 _____ C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job
    2020-02-16 11:43 - 2020-02-16 11:43 - 000003268 _____ C:\Windows\system32\Tasks\update-sys
    2020-02-16 11:43 - 2020-02-16 11:43 - 000003246 _____ C:\Windows\system32\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001
    2020-02-16 11:43 - 2020-02-16 11:43 - 000000424 _____ C:\Users\ВЕСКО\AppData\Local\UserProducts.xml
    2020-02-16 11:43 - 2020-02-16 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
    2020-02-16 11:43 - 2020-02-16 11:43 - 000000000 ____D C:\Program Files (x86)\Skillbrains
    2020-02-16 11:41 - 2020-02-16 11:41 - 002784344 _____ (Skillbrains ) C:\Users\ВЕСКО\Downloads\setup-lightshot.exe
    2020-02-16 11:00 - 2020-02-16 14:38 - 000000000 ____D C:\Games
    2020-02-16 10:32 - 2020-02-22 06:37 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\BitTorrent
    2020-02-16 10:32 - 2020-02-16 10:32 - 000000913 _____ C:\Users\ВЕСКО\Desktop\BitTorrent.lnk
    2020-02-16 10:32 - 2020-02-16 10:32 - 000000893 _____ C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
    2020-02-16 10:30 - 2020-02-16 10:31 - 005077120 _____ (BitTorrent Inc.) C:\Users\ВЕСКО\Downloads\BitTorrent.exe
    2020-02-16 10:29 - 2020-02-16 10:30 - 000018355 _____ C:\Users\ВЕСКО\Downloads\Euro Truck Simulator 2 v1.36.2.2s.torrent
    2020-02-16 09:56 - 2020-02-16 10:13 - 2092624032 _____ C:\Users\ВЕСКО\Downloads\EuroTruckSimulator2_1_28_1_3_patch.exe
    2020-02-14 17:23 - 2020-02-14 17:24 - 001018988 _____ C:\Users\ВЕСКО\Downloads\QTranslate.6.7.4.exe
    2020-02-09 11:43 - 2020-02-09 11:43 - 001031213 _____ C:\Users\ВЕСКО\Downloads\05.02.2020_Списък_на_подлежащите_на_запечатване_търговски_обекти_и_тяхното_местонахождение.pdf
    2020-02-09 07:55 - 2020-02-09 07:55 - 003045838 _____ C:\Users\ВЕСКО\Downloads\1dad5ad69c6d5c9593aff6de7ce2ae91.mp4
    2020-02-09 07:55 - 2020-02-09 07:55 - 002747301 _____ C:\Users\ВЕСКО\Downloads\b073f119aaf0f65be906afc679159766.mp4
    2020-02-09 07:54 - 2020-02-09 07:55 - 003781947 _____ C:\Users\ВЕСКО\Downloads\a4e3ac7ac21e72da14d0550abe14d173.mp4
    2020-02-07 19:31 - 2020-02-07 19:31 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\ElevatedDiagnostics

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-03-02 14:45 - 2019-08-10 22:00 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2076816696-1300689269-2899885506-1001
    2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\Users\Public\Desktop\Gameforge Client.url
    2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Gameforge Client.url
    2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\ProgramData\Desktop\Gameforge Client.url
    2020-03-02 14:39 - 2019-12-01 14:43 - 000000000 ____D C:\Program Files (x86)\GameforgeClient
    2020-03-02 08:40 - 2019-08-10 22:08 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{54DC4300-FD57-426E-B02E-B8CE96343A01}
    2020-02-28 12:39 - 2019-08-10 22:03 - 000000000 ___DO C:\Users\ВЕСКО\SkyDrive
    2020-02-28 12:38 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2020-02-28 12:37 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
    2020-02-28 01:00 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
    2020-02-25 18:01 - 2020-01-04 20:07 - 000000065 _____ C:\Users\ВЕСКО\Downloads\uopilot.ini
    2020-02-24 21:44 - 2019-08-10 22:13 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-02-24 21:44 - 2019-08-10 22:13 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2020-02-24 21:44 - 2019-08-10 22:13 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2020-02-22 06:37 - 2019-10-10 03:14 - 000000000 ____D C:\Windows\Minidump
    2020-02-22 06:37 - 2019-08-11 08:47 - 000000000 ____D C:\Windows\Panther
    2020-02-16 12:33 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2020-02-14 17:24 - 2020-01-15 20:02 - 000001047 _____ C:\Users\ВЕСКО\Desktop\QTranslate.lnk
    2020-02-12 04:05 - 2019-10-13 11:30 - 000004424 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
    2020-02-12 04:05 - 2019-10-13 11:30 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
    2020-02-12 04:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2020-02-12 04:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed
    2020-02-05 02:36 - 2019-08-10 22:11 - 000003434 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
    2020-02-05 02:36 - 2019-08-10 22:11 - 000003306 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
    2020-02-01 06:12 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF
    2020-02-01 03:03 - 2019-08-12 01:06 - 000000000 ____D C:\Users\ВЕСКО\AppData\LocalLow\Unity

    ==================== Files in the root of some directories ========

    2019-10-27 11:08 - 2019-10-27 11:08 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
    2019-10-27 11:08 - 2019-10-27 11:08 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
    2019-10-27 11:08 - 2019-10-27 11:08 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
    2019-10-27 11:08 - 2019-10-27 11:08 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
    2019-10-13 11:25 - 2019-10-13 11:24 - 051823104 _____ () C:\Program Files\Macromedia Captivate.msi
    2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\AtStart.txt
    2019-10-27 11:08 - 2019-10-27 11:08 - 000000556 _____ () C:\Users\ВЕСКО\AppData\Local\bowsakkdestx.txt
    2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\DSwitch.txt
    2019-08-10 22:45 - 2019-12-12 16:42 - 000039733 _____ () C:\Users\ВЕСКО\AppData\Local\PlariumPlay.log
    2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\QSwitch.txt
    2020-02-16 11:43 - 2020-02-16 11:43 - 000000003 _____ () C:\Users\ВЕСКО\AppData\Local\updater.log
    2020-02-16 11:43 - 2020-02-16 11:43 - 000000424 _____ () C:\Users\ВЕСКО\AppData\Local\UserProducts.xml

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2020-02-28 01:00
    ==================== End of FRST.txt ========================

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020
    Ran by ВЕСКО (02-03-2020 14:49:23)
    Running from C:\Users\ВЕСКО\Downloads
    Windows 8.1 Pro (Update) (X64) (2019-08-10 19:55:10)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2076816696-1300689269-2899885506-500 - Administrator - Disabled)
    Guest (S-1-5-21-2076816696-1300689269-2899885506-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2076816696-1300689269-2899885506-1003 - Limited - Enabled)
    ВЕСКО (S-1-5-21-2076816696-1300689269-2899885506-1001 - Administrator - Enabled) => C:\Users\ВЕСКО

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.330 - Adobe)
    BitTorrent (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\BitTorrent) (Version: 7.10.5.45496 - BitTorrent Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
    Gameforge Client (HKLM-x32\...\{d3b2a0c1-f0d0-4888-ae0b-1c5e1febdafb}_is1) (Version: 2.0.51.124 - Gameforge)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.122 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
    HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
    Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
    LINE (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\LINE) (Version: 5.22.0.2111 - LINE Corporation)
    LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
    Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
    Metin2 ru-RU (HKLM-x32\...\{fab180a3-cd65-4b7e-bd0e-2ef77fd0c258.ru-RU}) (Version:  - Gameforge)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
    Plarium Play (HKLM-x32\...\{4EE55C89-1180-4702-86C0-0E999BF691FD}) (Version: 5.1.0 - Plarium) Hidden
    Plarium Play (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\{1077884f-6e6c-4848-8a7c-9dec58d99637}) (Version: 5.1.0 - Plarium)
    QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
    QTranslate 6.7.4 (HKLM-x32\...\QTranslate) (Version: 6.7.4 - QuestSoft)
    SafeIP (HKLM-x32\...\SAFEIP_is1) (Version:  - SafeIP)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
    WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)

    Packages:
    =========
    Frameworkuapbase -> C:\Program Files\WindowsApps\48682KiddoTest.Frameworkuapbase_1.0.0.2_neutral__81ffpr532s7pc [2019-08-11] (KiddoTest)
    Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
    Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
    Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
    Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
    Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
    Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
    Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions Internal)
    Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions Internal)
    Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview.Internal_1.0.9385.3_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions)
    Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions)
    Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions)
    MSN Време -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.322_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]
    MSN Кулинария -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]
    MSN Пътуване -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]
    mxtest2 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.mxtest2_2.0.0.0_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha)
    Test_Framework_BP_052015 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBP052015_1.0.0.9_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha)
    Test_Framework_win81appxneutral_061115 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkwin81appxneutral06_4.0.0.7_neutral__x35ns48czryn0 [2019-08-11] (M1DF_Mmengesha)
    Test_FrameworkBackpublish_050515 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBackpublish050515_1.0.0.0_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha)
    Test_FrameworkProd_062215_01 -> C:\Program Files\WindowsApps\50856m1dfLL.TestFrameworkProd06221501_1.0.0.10_neutral__nwcxtg9ehxpvt [2019-08-11] (m1df_lucyll)
    TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2019-08-11] (vasetest101)
    Видео -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.802.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]
    Игри -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]
    Музика -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.2.800.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2019-08-15 04:28 - 2015-08-03 08:54 - 000547328 _____ (SafeIP) [File not signed] C:\Windows\system32\SafeIPs64.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\webcompanion.com -> hxxp://webcompanion.com

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 15:25 - 2019-12-06 18:21 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ВЕСКО\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run: => "WindowsDefender"
    HKLM\...\StartupApproved\Run: => "SynTPEnh"
    HKLM\...\StartupApproved\Run32: => "QlbCtrl.exe"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{90A6F7DD-E504-4409-ABEC-C48BCE0F48C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{75128495-E63B-4C18-86A2-FA3306C63C36}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not signed]
    FirewallRules: [UDP Query User{C5906F14-8730-4E59-AB30-06C67E9BC2EB}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not signed]
    FirewallRules: [{1BED8524-52DB-4260-8BBE-A881BD9D3E34}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
    FirewallRules: [{AA496B3E-2F6F-4807-965E-F158476BB027}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
    FirewallRules: [{A809C2BA-1C3A-4ECC-A381-6678FB2DAD54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    21-12-2019 21:54:55 Scheduled Checkpoint
    20-01-2020 02:26:46 Scheduled Checkpoint
    27-01-2020 03:35:29 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices ============

    Name: 
    Description: 
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Fingerprint Sensor
    Description: Fingerprint Sensor
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Base System Device
    Description: Base System Device
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (03/02/2020 06:15:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAPA)
    Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/02/2020 06:15:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program WWAHost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: d24

    Start Time: 01d5f0493947cd5c

    Termination Time: 4294967295

    Application Path: C:\Windows\System32\WWAHost.exe

    Report Id: 810a4bbc-5c3c-11ea-828f-002713343a56

    Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: Windows.Store

    Error: (03/02/2020 06:15:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PAPA)
    Description: App winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store did not launch within its allotted time.

    Error: (02/28/2020 12:39:52 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (02/27/2020 04:18:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: skydrive.exe, version: 6.3.9600.17484, time stamp: 0x545d76bd
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x00000000
    Fault offset: 0x0000000000000000
    Faulting process id: 0x1114
    Faulting application start time: 0x01d5ed78bd3cd471
    Faulting application path: C:\Windows\System32\skydrive.exe
    Faulting module path: unknown
    Report Id: fccfc0d4-596b-11ea-828e-002713343a56
    Faulting package full name: 
    Faulting package-relative application ID:

    Error: (02/26/2020 04:20:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: skydrive.exe, version: 6.3.9600.17484, time stamp: 0x545d76bd
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x00000000
    Fault offset: 0x0000000000000000
    Faulting process id: 0x1614
    Faulting application start time: 0x01d5ecafd3283424
    Faulting application path: C:\Windows\System32\skydrive.exe
    Faulting module path: unknown
    Report Id: 134ef253-58a3-11ea-828e-002713343a56
    Faulting package full name: 
    Faulting package-relative application ID:

    Error: (02/26/2020 04:58:58 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (02/26/2020 04:58:51 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.


    System errors:
    =============
    Error: (02/27/2020 04:27:58 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server:
    {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (02/27/2020 04:27:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Услуга на Google Актуализация (gupdate) service failed to start due to the following error: 
    The service did not respond to the start or control request in a timely fashion.

    Error: (02/27/2020 04:27:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Услуга на Google Актуализация (gupdate) service to connect.

    Error: (02/27/2020 04:18:47 PM) (Source: DCOM) (EventID: 10010) (User: PAPA)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

    Error: (02/26/2020 04:21:21 PM) (Source: DCOM) (EventID: 10010) (User: PAPA)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

    Error: (02/25/2020 04:19:39 PM) (Source: DCOM) (EventID: 10010) (User: PAPA)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

    Error: (02/21/2020 04:23:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Peer Name Resolution Protocol service, but this action failed with the following error: 
    An instance of the service is already running.

    Error: (02/21/2020 04:21:26 PM) (Source: DCOM) (EventID: 10010) (User: PAPA)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


    Windows Defender:
    ===================================
    Date: 2020-03-02 14:49:21.815
    Description: 
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:BAT/AutoKms.S!MTB&threatid=2147743496&enterprise=0
    Name: HackTool:BAT/AutoKms.S!MTB
    ID: 2147743496
    Severity: High
    Category: Tool
    Path: file:_C:\Users\ВЕСКО\Documents\windows8.cmd
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Users\ВЕСКО\Downloads\FRST64.exe
    Signature Version: AV: 1.311.394.0, AS: 1.311.394.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.16800.2, NIS: 2.1.14600.4

    Date: 2020-02-24 16:49:50.613
    Description: 
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0
    Name: Program:Win32/Vigram.A
    ID: 232718
    Severity: Severe
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.309.1602.0, AS: 1.309.1602.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4

    Date: 2020-02-21 04:27:22.929
    Description: 
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0
    Name: Program:Win32/Vigram.A
    ID: 232718
    Severity: Severe
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP (1).exe;file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP (1).exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4

    Date: 2020-02-21 04:27:20.517
    Description: 
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0
    Name: Program:Win32/Vigram.A
    ID: 232718
    Severity: Severe
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4

    Date: 2020-02-21 04:24:18.037
    Description: 
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0
    Name: Program:Win32/Vigram.A
    ID: 232718
    Severity: Severe
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4

    Date: 2020-03-02 12:48:53.550
    Description: 
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version: 
    Previous Signature Version: 1.311.300.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16800.2
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

    Date: 2020-02-29 12:48:53.098
    Description: 
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version: 
    Previous Signature Version: 1.311.96.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16800.2
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

    Date: 2020-02-27 16:25:58.491
    Description: 
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version: 
    Previous Signature Version: 1.311.51.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16800.2
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

    Date: 2020-02-26 02:54:12.140
    Description: 
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version: 
    Previous Signature Version: 1.309.1602.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16700.3
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

    Date: 2020-02-24 16:32:59.871
    Description: 
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version: 
    Previous Signature Version: 1.309.1475.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16700.3
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

    CodeIntegrity:
    ===================================

    Date: 2020-03-02 14:42:10.317
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2020-03-02 14:42:09.709
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-12-01 14:45:58.203
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-12-01 14:45:57.468
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-10-27 11:05:31.653
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-10-27 11:05:30.955
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-10-15 17:13:52.723
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-10-15 17:13:51.566
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    ==================== Memory info =========================== 

    BIOS: Hewlett-Packard 68PCU Ver. F.20 12/08/2011
    Motherboard: Hewlett-Packard 30DB
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
    Percentage of memory in use: 57%
    Total physical RAM: 3000.26 MB
    Available physical RAM: 1289.71 MB
    Total Virtual: 7000.26 MB
    Available Virtual: 5244.19 MB

    ==================== Drives ================================

    Drive 😄 () (Fixed) (Total:365.12 GB) (Free:324.76 GB) NTFS
    Drive e: () (Fixed) (Total:100.1 GB) (Free:80.41 GB) NTFS

    \\?\Volume{bce0ecb4-bba7-11e9-8250-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
    \\?\Volume{bce0ecb7-bba7-11e9-8250-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

    ==================== End of Addition.txt =======================

  10. # Run at 4.8.2019 'г.' 20:29:45
    # KpRm (Kernel-panik) version 1.7.3
    # Website https://kernel-panik.me/tool/kprm/
    # Run by Beco from C:\Users\Beco\Downloads
    # Computer Name: BECO-PC
    # OS: Windows 10 X86 (18362) 

    - Create Registry Backup -

      [OK] Registry Backup: C:\KPRM\backup\2019-08-04-20-29

    - Search Tools -


      ## AdwCleaner
         [OK] C:\Users\Beco\Downloads\adwcleaner_7.1.1.exe deleted (1)
         [OK] C:\AdwCleaner deleted (1)

      ## ESET Online Scanner
         [OK] HKLM\SOFTWARE\ESET\ESET Online Scanner deleted (1)

      ## FRST
         [OK] C:\Users\Beco\Downloads\Addition.txt deleted (1)
         [OK] C:\Users\Beco\Downloads\Addition_04-08-2019 17.09.48.txt deleted (1)
         [OK] C:\Users\Beco\Downloads\Fixlog.txt deleted (1)
         [OK] C:\Users\Beco\Downloads\FRST.exe deleted (1)
         [OK] C:\Users\Beco\Downloads\FRST.txt deleted (1)
         [OK] C:\FRST deleted (1)

      ## SecurityCheck
         [OK] C:\Users\Beco\Downloads\SecurityCheck.exe deleted (1)

    - Restore Default System Settings -

      [OK] Flush DNS
      [OK] Reset WinSock
      [OK] Hide Hidden file.
      [OK] Show Extensions for known file types
      [OK] Hide protected operating system files

    - Restore UAC Default Value -

      [OK] Set ConsentPromptBehaviorAdmin with default (5) value
      [OK] Set ConsentPromptBehaviorUser with default (3) value
      [OK] Set EnableInstallerDetection with default (0) value
      [OK] Set EnableLUA with default (1) value
      [OK] Set EnableSecureUIAPaths with default (1) value
      [OK] Set EnableUIADesktopToggle with default (0) value
      [OK] Set EnableVirtualization with default (1) value
      [OK] Set FilterAdministratorToken with default (0) value
      [OK] Set PromptOnSecureDesktop with default (1) value
      [OK] Set ValidateAdminCodeSignatures with default (0) value

    - Clear All System Restore Points -

        ~ [OK] RP named Windows Update created at 08/01/2019 10:54:17 deleted
        ~ [OK] RP named Driver Booster : Microsoft ACPI-Compliant Control Method Battery created at 08/03/2019 15:20:34 deleted

      [OK] All system restore points have been successfully deleted

    - Create New System Restore Point -

      [OK] Enable System Restore
      [OK] System Restore Point created

    - Display All System Restore Point -

        ~ RP named KpRm created at 08/04/2019 17:31:23 found
     

  11. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-08-2019
    Ran by Beco (administrator) on BECO-PC (Hewlett-Packard HP EliteBook 6930p) (04-08-2019 19:42:13)
    Running from C:\Users\Beco\Downloads
    Loaded Profiles: Beco (Available Profiles: Beco)
    Platform: Microsoft Windows 10 Pro Version 1903 18362.267 (X86) Language: Английски (Съединени щати)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Hewlett-Packard Company -> HP Inc.) C:\Program Files\HP\HP System Event\HPMSGSVC.exe
    (Hewlett-Packard Company -> HP Inc.) C:\Program Files\HP\HP System Event\HPWMISVC.exe
    (HP Inc. -> HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (LSI Corporation -> LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [349240 2010-01-11] (Hewlett-Packard Company ->  Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [HPMessageService] => C:\Program Files\HP\HP System Event\HPMSGSVC.exe [664848 2016-04-26] (Hewlett-Packard Company -> HP Inc.)
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\76.0.3809.87\Installer\chrmstp.exe [2019-08-01] (Google LLC -> Google LLC)
    HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {007EB50E-306C-4243-A051-E9CD96BD6478} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {02368336-6FC1-4641-AC1C-AF3E2FBAFA41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [243576 2019-07-23] (HP Inc. -> HP Inc.)
    Task: {09CD826E-432A-424E-9075-D474750087E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-12] (HP Inc. -> HP Inc.)
    Task: {0AC7D9DD-906E-4B7B-847E-273A28E54C7F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {0CD5E731-3C97-48A0-89D3-4BE6DE9D3197} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-12] (HP Inc. -> HP Inc.)
    Task: {10F238F1-61B3-4FF4-B5F0-8DDC8322392A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
    Task: {1B3EB7B5-BC28-4B91-AE3A-F9EED593562F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [137592 2019-06-12] (HP Inc. -> HP Inc.)
    Task: {1ECBFDA8-5C75-484C-9609-D69F88A27FC2} - System32\Tasks\{C5F4DFD8-894D-40BF-9817-EDD70197CF73} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\LeagueOfAngels3-gtarcade-5c84c94d5b7d1.exe -d C:\Users\Beco\Downloads
    Task: {2237D89C-8BA2-4D66-8621-5F8040BA7EE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [156968 2019-02-24] (Google Inc -> Google Inc.)
    Task: {23C30DE0-3363-4410-9EB8-2B31B3D0ECEE} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
    Task: {25AB2260-9353-403C-90EC-CC7BD098D295} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
    Task: {2BDBC731-7714-481B-B2BC-27EC77EACFFB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
    Task: {36942695-8A2A-42ED-A030-4B8E54984C38} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe)
    Task: {36FF84BD-F80B-4AC0-A3CD-CEA552F511CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {3B8B0FF6-5976-4CD4-868A-6EFD55AC20EE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {3CC255DE-9A77-4339-B257-97BEED1F30CB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {3D8A7ED4-7E07-4834-9592-460518EE157F} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
    Task: {43CBF981-9207-415B-A43F-EA808D674483} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {5286E90C-81E4-4622-9F35-2E63C86A789E} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files\PrivaZer\PrivaZer.exe [17307864 2019-07-31] (Goversoft LLC -> Goversoft LLC)
    Task: {5CCA8EB2-1044-43C2-83EF-14AFD88A23FB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {6247CC29-3BAC-4EB6-AD0A-8D6CF73982B7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6927372A-A3E3-4697-84F8-4492DE198CAE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {70D1EB0E-4134-4D8A-B28B-71D12D891637} - System32\Tasks\{55AAC5B5-BEF5-4E5F-BF9A-95DAFA22D058} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\SharewareOnSale_Giveaway_IObit_Uninstaller_8_PRO_hub.exe -d C:\Users\Beco\Downloads
    Task: {70D4EC4B-4DC4-4743-8A18-19650406D2DF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {76A1CED5-E44E-41BC-88E4-53FFAC64AC3F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {7DF081FE-AF3E-4B1F-A713-015169C165F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
    Task: {7E391591-2447-4B71-8C46-9F851D3C62B9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {8573BFA5-38FD-40AC-9800-8EC04403FFEC} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {863D0715-8EC5-4308-B25B-A1A49453A5E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
    Task: {9E9DB093-650D-4AC1-AE74-EFF09DAA28AF} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
    Task: {A00C8D46-8534-4496-96EE-C950CC0D41C6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {A37D69BB-3628-4340-9743-AC2FA5585724} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
    Task: {B265CC37-CE62-4823-8496-5957A29C4EED} - System32\Tasks\HPCeeScheduleForBeco => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2019-05-17] (HP Inc. -> HP Inc.)
    Task: {B9FB55F4-5977-4236-9F75-7569B987B420} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {BB75632B-EC31-4185-A0E7-CE9618974674} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {BC00F4DF-2168-4200-B664-82D78875D451} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
    Task: {BE834CB4-A940-4395-A30D-42B461E75614} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {C118C4DD-2CC4-42CB-BA9E-FA5E7EE07C24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {C8C95506-2926-45B9-B2BC-6D645180D789} - System32\Tasks\{B4FF3079-1C8A-4E12-8782-220F860F7F4E} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\EraOfCelestials-gtarcade-5c839784bff81.exe -d C:\Users\Beco\Downloads
    Task: {CB047417-746E-40BA-902A-815AC8FA6C7D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {D3D93664-7AD4-4496-BF89-348597AE5BC6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {D83BAE58-18BB-4010-9F0E-054149DAE465} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [156968 2019-02-24] (Google Inc -> Google Inc.)
    Task: {D988B398-1B45-483C-AA40-86B6646D65A8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe)
    Task: {DB531726-7852-4C5C-8C8E-7E643191E42A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {E0E8C45C-FE64-4087-8E0C-2193CDC81717} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {E7356B7D-5DD6-4890-B4AF-6B1E94A3EF8F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Beco\Downloads\esetonlinescanner_enu.exe [7969304 2019-08-04] (ESET, spol. s r.o. -> ESET spol. s r.o.)
    Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
    Task: {EC15E52E-DA43-4DCC-A275-1158D0C511BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {F153981F-F55F-4D98-B828-A6E1A197FAF3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {FF8FD040-EFED-4F3F-B025-E7200A94FA01} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForBeco.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{338C8A04-E5A4-41C0-A592-06F731151E59}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{50FBF5F3-CB8C-4AC9-A764-9C2251E7FE43}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{c92b2e9a-dca7-4503-a7ab-bc7c831445cd}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{f048b2a6-1866-46e6-b7f4-e6a65c07e85b}: [DhcpNameServer] 192.168.42.129

    Internet Explorer:
    ==================

    Edge: 
    ======
    Edge HomeButtonPage: HKU\S-1-5-21-2920239448-2505446405-2311763162-1001 -> hxxp://google.bg/

    FireFox:
    ========
    FF DefaultProfile: oytl87x0.default
    FF ProfilePath: C:\Users\Beco\AppData\Roaming\K-Meleon\oytl87x0.default [2019-07-16]
    FF user.js: detected! => C:\Users\Beco\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06]
    FF Homepage: K-Meleon\oytl87x0.default -> google.bg
    FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )

    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://google.bg/
    CHR StartupUrls: Default -> "hxxps://www.google.bg/"
    CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default [2019-08-04]
    CHR Extension: (Презентации) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-24]
    CHR Extension: (Документи) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-24]
    CHR Extension: (Google Диск) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-05]
    CHR Extension: (YouTube) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-05]
    CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-02]
    CHR Extension: (Таблици) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-24]
    CHR Extension: (Google Документи офлайн) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-24]
    CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-07-29]
    CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-24]
    CHR Extension: (Gmail) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
    CHR Extension: (Chrome Media Router) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-01]
    CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-08-04]
    CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-04]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AEADIFilters; C:\WINDOWS\system32\AEADISRV.EXE [90112 2008-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
    R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation -> LSI Corporation)
    S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [357240 2019-07-05] (HP Inc. -> HP Inc.)
    R2 HPWMISVC; C:\Program Files\HP\HP System Event\HPWMISVC.exe [606224 2016-04-18] (Hewlett-Packard Company -> HP Inc.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3735832 2019-08-01] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [304680 2018-05-22] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [1879960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [82984 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [37696 2019-01-06] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R3 ADIHdAudAddService; C:\WINDOWS\system32\drivers\ADIHdAud.sys [381440 2009-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
    R3 AgereSoftModem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [1163328 2010-01-26] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
    S3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [199608 2019-02-20] (BayHub Technology Inc. -> BayHubTech/O2Micro )
    R3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [47504 2019-08-03] (IVT CORPORATION -> IVT Corporation.)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-05-31] (Malwarebytes Corporation -> Malwarebytes)
    R3 HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [15544 2010-02-25] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [27968 2019-01-06] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr.sys [15872 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Development Company, L.P.)
    R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2019-01-06] (Martin Malik - REALiX -> REALiX(tm))
    S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [106144 2019-01-11] (Malwarebytes Corporation -> Malwarebytes)
    S3 MBAMProtection; C:\WINDOWS\System32\DRIVERS\mbam.sys [63760 2019-01-11] (Malwarebytes Corporation -> Malwarebytes)
    S3 MBAMWebProtection; C:\WINDOWS\System32\DRIVERS\mwac.sys [83648 2019-01-12] (Malwarebytes Corporation -> Malwarebytes)
    R1 MEmuDrv; C:\WINDOWS\System32\DRIVERS\MEmuDrv.sys [257512 2019-03-14] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
    R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [18448 2019-08-03] (Microsoft Windows Hardware Compatibility Publisher -> NEC Personal Computers, Ltd.)
    S3 NETw5s32; C:\WINDOWS\System32\DRIVERS\NETw5s32.sys [6755840 2010-01-13] (Intel Corporation) [File not signed]
    R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7530736 2019-01-06] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
    R2 rimmptsk; C:\WINDOWS\System32\drivers\rimmptsk.sys [48128 2019-01-06] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
    R3 rismc32; C:\WINDOWS\system32\DRIVERS\rismc32.sys [49152 2019-01-06] (Microsoft Windows Hardware Compatibility Publisher -> RICOH Company, Ltd.)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [24688 2019-08-04] (Adlice -> )
    S3 vjoy; C:\WINDOWS\System32\DRIVERS\vjoy.sys [50224 2016-02-03] (Shaul Eizikovich -> Shaul Eizikovich)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38280 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [269024 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [39136 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
    S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [207360 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
    S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-08-04 19:18 - 2019-08-04 19:19 - 000000000 ____D C:\AdwCleaner
    2019-08-04 19:18 - 2019-08-04 19:18 - 007277776 _____ (Malwarebytes) C:\Users\Beco\Downloads\adwcleaner_7.1.1.exe
    2019-08-04 18:54 - 2019-08-04 18:54 - 000000000 ____D C:\SecurityCheck
    2019-08-04 18:53 - 2019-08-04 18:53 - 000528638 _____ (glax24 (safezone.cc)) C:\Users\Beco\Downloads\SecurityCheck.exe
    2019-08-04 18:21 - 2019-08-04 18:21 - 000000008 __RSH C:\ProgramData\ntuser.pol
    2019-08-04 18:16 - 2019-08-04 18:19 - 000007694 _____ C:\Users\Beco\Downloads\Fixlog.txt
    2019-08-04 17:49 - 2019-08-04 17:49 - 000029543 _____ C:\Users\Beco\Downloads\Addition_04-08-2019 17.09.48.txt
    2019-08-04 17:07 - 2019-08-04 18:34 - 000025876 _____ C:\Users\Beco\Downloads\Addition.txt
    2019-08-04 17:04 - 2019-08-04 19:43 - 000023644 _____ C:\Users\Beco\Downloads\FRST.txt
    2019-08-04 17:02 - 2019-08-04 19:42 - 000000000 ____D C:\FRST
    2019-08-04 17:01 - 2019-08-04 17:01 - 001447936 _____ (Farbar) C:\Users\Beco\Downloads\FRST.exe
    2019-08-04 16:54 - 2019-08-04 16:54 - 000000299 _____ C:\Users\Beco\Documents\zemana.txt
    2019-08-04 16:51 - 2019-08-04 18:11 - 001496275 _____ C:\WINDOWS\ZAM.krnl.trace
    2019-08-04 16:51 - 2019-08-04 16:51 - 000000000 ____D C:\Users\Beco\AppData\Local\Zemana
    2019-08-04 16:50 - 2019-08-04 18:11 - 000000000 ____D C:\Users\Beco\AppData\Local\AMSDK
    2019-08-04 16:50 - 2019-08-04 16:50 - 012664512 _____ (Zemana Ltd. ) C:\Users\Beco\Downloads\AntiMalware_Setup.exe
    2019-08-04 16:45 - 2019-08-04 16:45 - 000000078 _____ C:\Users\Beco\Downloads\137bdc50b1.json
    2019-08-04 15:45 - 2019-08-04 15:45 - 000008066 _____ C:\Users\Beco\Documents\Rogue killer.txt
    2019-08-04 15:19 - 2019-08-04 15:19 - 000024688 _____ C:\WINDOWS\system32\Drivers\truesight.sys
    2019-08-04 15:17 - 2019-08-04 15:17 - 030667800 _____ (Adlice Software ) C:\Users\Beco\Downloads\RogueKiller_setup.exe
    2019-08-04 15:09 - 2019-08-04 15:09 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2019-08-04 13:11 - 2019-08-04 13:12 - 000001894 _____ C:\Users\Beco\Desktop\Rkill.txt
    2019-08-04 13:10 - 2019-08-04 13:10 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Beco\Downloads\rkill-unsigned.exe
    2019-08-04 12:29 - 2019-08-04 14:00 - 000000681 _____ C:\Users\Beco\Desktop\ESET Online Scanner.lnk
    2019-08-04 12:29 - 2019-08-04 12:29 - 000000780 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
    2019-08-04 12:29 - 2019-08-04 12:29 - 000000000 ____D C:\Users\Beco\AppData\Local\ESET
    2019-08-04 12:28 - 2019-08-04 12:29 - 007969304 _____ (ESET spol. s r.o.) C:\Users\Beco\Downloads\esetonlinescanner_enu.exe
    2019-08-04 11:17 - 2019-08-04 15:19 - 001146190 _____ C:\WINDOWS\ntbtlog.txt
    2019-08-04 09:57 - 2019-08-04 09:57 - 000002856 _____ C:\Users\Beco\Unigine_Heaven_Benchmark_4.0_20190804_0957.html
    2019-08-04 09:49 - 2019-08-04 09:59 - 000000000 ____D C:\Users\Beco\Heaven
    2019-08-04 09:48 - 2019-08-04 09:48 - 001065984 _____ C:\Users\Beco\AppData\Local\file__0.localstorage
    2019-08-04 09:25 - 2019-08-04 10:14 - 000002217 _____ C:\Users\Beco\Desktop\Plarium Play.lnk
    2019-08-04 09:13 - 2019-08-04 09:13 - 001159992 _____ (Plarium) C:\Users\Beco\Downloads\PlariumPlaySetup (1).exe
    2019-08-03 18:21 - 2019-08-03 18:21 - 000047504 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\btcusb.sys
    2019-08-03 18:21 - 2019-08-03 18:21 - 000018448 _____ (NEC Personal Computers, Ltd.) C:\WINDOWS\system32\Drivers\necbatt.sys
    2019-08-01 13:55 - 2019-05-31 06:13 - 000835688 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerApp.exe
    2019-08-01 13:55 - 2019-05-31 06:13 - 000179816 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2019-08-01 09:04 - 2019-08-01 09:04 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2019-08-01 08:59 - 2019-08-01 08:59 - 000000020 ___SH C:\Users\Beco\ntuser.ini
    2019-08-01 08:57 - 2019-08-04 19:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-08-01 08:57 - 2019-08-01 08:57 - 000007623 _____ C:\WINDOWS\diagwrn.xml
    2019-08-01 08:57 - 2019-08-01 08:57 - 000007623 _____ C:\WINDOWS\diagerr.xml
    2019-08-01 08:53 - 2019-08-04 19:27 - 000912284 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-08-01 08:40 - 2019-08-01 08:40 - 000000000 ____D C:\ProgramData\USOShared
    2019-08-01 08:36 - 2019-08-04 14:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-08-01 08:36 - 2019-08-01 09:37 - 000264440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-08-01 08:03 - 2019-08-01 19:35 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2019-08-01 08:03 - 2019-08-01 08:03 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
    2019-08-01 08:02 - 2019-08-04 11:32 - 000000000 ____D C:\Users\Beco
    2019-08-01 08:02 - 2019-03-19 05:41 - 000001105 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-08-01 08:01 - 2019-08-01 08:03 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2019-08-01 07:50 - 2019-08-01 07:50 - 005083352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 004306432 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 003635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 002314440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001866064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001652536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001555688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001273176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001106288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001039872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2019-08-01 07:50 - 2019-08-01 07:50 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 000838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 000759808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000700928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
    2019-08-01 07:50 - 2019-08-01 07:50 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2019-08-01 07:50 - 2019-08-01 07:50 - 000650552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2019-08-01 07:50 - 2019-08-01 07:50 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000463272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000418816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 000413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000075480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
    2019-08-01 07:50 - 2019-08-01 07:50 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 018017792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 007008768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 006515592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 006218752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 005919744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 005753728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 002863104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2019-08-01 07:49 - 2019-08-01 07:49 - 002398720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 002040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001783808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001612600 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001505080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001501496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001399296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet40.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001297720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001251640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001219072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001102648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000995800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000916280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\opengl32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000826680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CBDHSvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000769336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000739328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000736056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000733136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000625464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000568336 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000566072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000522552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000478520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000446224 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiagn.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2019-08-01 07:49 - 2019-08-01 07:49 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourceMapper.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspbde40.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000363832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd3x40.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000319376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000279864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000258056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\provplatformdesktop.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000249656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\glu32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msltus40.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000213776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityUxHost.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2019-08-01 07:49 - 2019-08-01 07:49 - 000183096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000180536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Gpu.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000152888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000145720 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000145720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000135480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwclientres.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000118584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000111416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVfs.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000091960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000086528 _____ C:\WINDOWS\system32\ResBParser.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000058825 _____ C:\WINDOWS\system32\srms.dat
    2019-08-01 07:49 - 2019-08-01 07:49 - 000054792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000051512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000030008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000021816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScriptRunner.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwstreamingux.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 007067448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 003120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002991104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002777600 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002712072 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 002586608 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002458112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002245432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 002204472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 002074224 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001790976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001690624 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001611416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001473488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001468728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001429096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001392968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-08-01 07:48 - 2019-08-01 07:48 - 001283584 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001178608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001111992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-08-01 07:48 - 2019-08-01 07:48 - 001077632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001007160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000980792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000892488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000811160 _____ C:\WINDOWS\system32\locale.nls
    2019-08-01 07:48 - 2019-08-01 07:48 - 000772656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000700912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000699304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000672944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000645632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000636696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000602640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000588256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000588088 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000554720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000553144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000540680 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000500992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000478800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000451896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000441584 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000440256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000404392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000398648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000395064 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000395064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000389432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000385808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000374800 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000361784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000331064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2019-08-01 07:48 - 2019-08-01 07:48 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000309048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000301880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000277520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000265744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000220984 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000206136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000199176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000161592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000158736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000142856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000138552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000136504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000135000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000134760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000108048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000104976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000098592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Display.BrightnessOverride.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000066872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000061448 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000056008 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds_ps.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000039224 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000033592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsldr.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnlsres.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDJPN.DLL
    2019-08-01 07:48 - 2019-08-01 07:48 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKOR.DLL
    2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 006070920 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 004679168 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 003042816 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002798592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-08-01 07:47 - 2019-08-01 07:47 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002490712 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002306048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001893888 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001651848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001562640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001537624 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001535288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001515008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001334064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdrecordcpu.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001213456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001123840 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConstraintIndex.Search.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001101312 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001079296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsf3gip.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000800048 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000777528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000773680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000738304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2019-08-01 07:47 - 2019-08-01 07:47 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000667272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2019-08-01 07:47 - 2019-08-01 07:47 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000602224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000531464 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\webauthn.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2019-08-01 07:47 - 2019-08-01 07:47 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2019-08-01 07:47 - 2019-08-01 07:47 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000284536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000283472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdwriter.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\directxdatabaseupdater.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000187920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ManagePhone.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgiadaptercache.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000149512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000149304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2019-08-01 07:47 - 2019-08-01 07:47 - 000120352 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000116728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000105384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000091664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2019-08-01 07:47 - 2019-08-01 07:47 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000090128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
    2019-08-01 07:47 - 2019-08-01 07:47 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\coloradapterclient.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaproxystub.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000028672 _____ C:\WINDOWS\system32\usocoreps.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 014814208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 005941760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 005087744 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 004867400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 004572016 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 003915536 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 003735264 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 002763576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 002600960 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 002373120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 002200576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 002066944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001912576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001881400 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001531992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001497088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001452032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001432064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001331976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001304888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001244672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001154960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001097528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001086464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 001063944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000889888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000724480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Signals.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000690488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_9.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000564240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000550200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000506232 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000425488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2019-08-01 07:46 - 2019-08-01 07:46 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2019-08-01 07:46 - 2019-08-01 07:46 - 000414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000400232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000375512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000344376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000336928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000321848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000284176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000279624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000268216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000245544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000235536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000222008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000191288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\regapi.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000166712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000159544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000158736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000156472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viac7.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000142648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000140304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000134424 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000103224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapistub.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapi32.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameChatTranscription.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000096208 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000095184 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
    2019-08-01 07:46 - 2019-08-01 07:46 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000047928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000045384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000042792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidspi.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
    2019-08-01 07:46 - 2019-08-01 07:46 - 000023736 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000016696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fixmapi.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
    2019-08-01 07:45 - 2019-08-01 07:45 - 000603448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2019-08-01 07:45 - 2019-08-01 07:45 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2019-08-01 07:45 - 2019-08-01 07:45 - 000244712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
    2019-08-01 07:45 - 2019-08-01 07:45 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio2.sys
    2019-08-01 07:45 - 2019-08-01 07:45 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
    2019-08-01 07:45 - 2019-08-01 07:45 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\devauthe.sys
    2019-08-01 07:29 - 2019-08-01 07:29 - 000000000 ____D C:\WINDOWS\system32\bg
    2019-08-01 07:23 - 2019-08-01 07:23 - 004164608 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0002.dll
    2019-08-01 07:23 - 2019-08-01 07:23 - 001875968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS2.dll
    2019-08-01 07:23 - 2019-08-01 07:23 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0002.dll
    2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\WINDOWS\system32\msmq
    2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\WINDOWS\system32\BestPractices
    2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\inetpub
    2019-08-01 07:22 - 2019-08-01 07:22 - 000778912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2019-08-01 07:22 - 2019-08-01 07:22 - 000103072 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2019-08-01 07:22 - 2019-08-01 07:22 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2019-08-01 07:22 - 2019-08-01 07:22 - 000000000 ____D C:\Program Files\Reference Assemblies
    2019-08-01 07:22 - 2019-08-01 07:22 - 000000000 ____D C:\Program Files\MSBuild
    2019-08-01 07:20 - 2019-08-01 07:20 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
    2019-08-01 07:20 - 2019-08-01 07:20 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
    2019-08-01 07:20 - 2019-08-01 07:20 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
    2019-08-01 07:15 - 2019-08-01 07:15 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
    2019-08-01 07:08 - 2019-08-01 07:08 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2019-08-01 04:44 - 2019-08-01 08:59 - 000000000 ___DC C:\WINDOWS\Panther
    2019-07-31 19:53 - 2019-07-31 19:53 - 025776848 _____ (Goversoft LLC) C:\Users\Beco\Downloads\PrivaZer_free (2).exe
    2019-07-31 15:21 - 2019-07-31 15:23 - 000000000 ____D C:\Users\Beco\Documents\hermes_global_images_V9.6.3.0.LHMMIFD_20180801.0000.00_5.0_global_0dc0ffff2c
    2019-07-31 10:46 - 2019-07-31 10:46 - 000000000 ____D C:\ProgramData\Thunder Network
    2019-07-31 10:45 - 2019-08-01 10:06 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xiaomi
    2019-07-31 10:45 - 2019-07-31 10:45 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Xiaomi
    2019-07-31 10:42 - 2019-08-04 11:02 - 000000332 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBeco.job
    2019-07-31 10:18 - 2019-07-31 10:34 - 1390856692 _____ C:\Users\Beco\Downloads\hermes_global_images_V9.6.3.0.LHMMIFD_20180801.0000.00_5.0_global_0dc0ffff2c.tgz
    2019-07-29 11:31 - 2019-07-29 11:31 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2019-07-28 09:45 - 2019-07-28 09:45 - 000000000 ____D C:\Users\Beco\AppData\Roaming\AndroidTbox
    2019-07-28 09:36 - 2019-07-28 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
    2019-07-28 09:35 - 2019-07-28 09:35 - 000000000 ____D C:\Temp
    2019-07-21 16:47 - 2019-07-21 16:47 - 004196408 _____ C:\Users\Beco\Downloads\2019-07-10_16-29-20.861.bmp
    2019-07-18 17:34 - 2019-07-31 19:53 - 000000000 ____D C:\Program Files\PrivaZer
    2019-07-11 13:08 - 2019-07-11 13:22 - 000000775 _____ C:\Users\Beco\Documents\new tournament.txt
    2019-07-11 12:23 - 2019-07-11 12:23 - 000000000 ____D C:\Users\Beco\.QtWebEngineProcess
    2019-07-11 12:23 - 2019-07-11 12:23 - 000000000 ____D C:\Users\Beco\.LINE
    2019-07-07 11:09 - 2019-07-07 11:09 - 000000000 ____D C:\Users\Beco\AppData\Local\HP_Inc
    2019-07-07 11:05 - 2019-08-01 19:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2019-07-07 11:05 - 2019-07-07 11:05 - 000002262 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
    2019-07-07 11:05 - 2019-07-07 11:05 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Hewlett-Packard
    2019-07-07 11:05 - 2019-07-07 11:05 - 000000000 ____D C:\Users\Beco\AppData\Local\Hewlett-Packard
    2019-07-07 10:44 - 2019-07-07 10:45 - 039926088 _____ (Hewlett Packard ) C:\Users\Beco\Downloads\sp54177.exe
    2019-07-07 10:37 - 2019-07-07 11:04 - 000000000 ____D C:\ProgramData\Hewlett-Packard
    2019-07-07 10:37 - 2019-07-07 10:37 - 000000000 ____D C:\Users\Beco\AppData\Local\HP
    2019-07-07 10:36 - 2019-07-07 10:36 - 003510048 _____ (Oleg N. Scherbakov) C:\Users\Beco\Downloads\HPSupportSolutionsFramework-12.11.24.11.exe

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-08-04 19:36 - 2019-03-19 05:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-08-04 19:27 - 2019-03-19 05:44 - 000000000 ____D C:\WINDOWS\INF
    2019-08-04 19:20 - 2019-03-19 05:35 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2019-08-04 19:19 - 2019-01-06 19:32 - 000000000 ____D C:\Program Files\Common Files\IObit
    2019-08-04 19:19 - 2019-01-06 07:53 - 000000000 ____D C:\Users\Beco\AppData\LocalLow\IObit
    2019-08-04 19:19 - 2019-01-06 07:53 - 000000000 ____D C:\Program Files\IObit
    2019-08-04 19:19 - 2019-01-06 07:52 - 000000000 ____D C:\Users\Beco\AppData\Roaming\IObit
    2019-08-04 19:19 - 2019-01-06 07:52 - 000000000 ____D C:\ProgramData\IObit
    2019-08-04 19:17 - 2019-04-13 13:26 - 000000000 ____D C:\Users\Beco\AppData\Local\Unity
    2019-08-04 19:17 - 2019-01-06 10:16 - 000000000 ____D C:\Users\Beco\AppData\LocalLow\Unity
    2019-08-04 18:26 - 2019-01-06 07:56 - 000000000 ____D C:\ProgramData\ProductData
    2019-08-04 18:17 - 2009-07-14 05:37 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2019-08-04 18:14 - 2019-01-06 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-08-04 16:43 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\System
    2019-08-04 16:43 - 2019-03-19 05:35 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-08-04 10:14 - 2019-04-13 12:35 - 000002131 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Plarium Play.lnk
    2019-08-04 10:14 - 2019-01-06 00:54 - 000000000 ____D C:\Users\Beco\AppData\Local\Plarium
    2019-08-04 10:14 - 2019-01-06 00:54 - 000000000 ____D C:\Users\Beco\AppData\Local\Package Cache
    2019-08-04 07:29 - 2019-03-19 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-08-03 23:50 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-08-02 04:34 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\appcompat
    2019-08-01 19:35 - 2019-06-19 04:27 - 000000000 ____D C:\Program Files\UNP
    2019-08-01 19:35 - 2019-06-02 18:07 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
    2019-08-01 19:35 - 2019-04-03 05:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX H.264 decoder
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\spool
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\NDF
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\IME
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ServiceState
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\schemas
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\Registration
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2019-08-01 19:35 - 2019-03-19 05:43 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2019-08-01 19:35 - 2019-03-17 15:10 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2019-08-01 19:35 - 2019-03-17 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2019-08-01 19:35 - 2019-02-24 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2019-08-01 19:35 - 2019-01-06 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8K Player
    2019-08-01 19:35 - 2019-01-06 07:51 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed
    2019-08-01 19:35 - 2019-01-05 21:52 - 000000000 ____D C:\Program Files\Intel
    2019-08-01 19:35 - 2018-09-15 08:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2019-08-01 19:35 - 2018-09-15 08:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
    2019-08-01 15:17 - 2019-04-19 19:53 - 000000000 ____D C:\Users\Beco\AppData\Local\Packages
    2019-08-01 10:28 - 2019-02-24 13:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-08-01 10:28 - 2019-02-24 13:31 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-08-01 09:18 - 2019-03-19 05:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2019-08-01 09:00 - 2019-04-19 19:54 - 000000000 __RHD C:\Users\Public\AccountPictures
    2019-08-01 09:00 - 2019-04-19 19:54 - 000000000 ___RD C:\Users\Beco\3D Objects
    2019-08-01 08:59 - 2019-03-19 05:46 - 000000000 ____D C:\ProgramData\USOPrivate
    2019-08-01 08:58 - 2019-03-19 05:35 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2019-08-01 08:57 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Windows Defender
    2019-08-01 08:40 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugins
    2019-08-01 08:40 - 2019-01-05 22:05 - 000000000 ____D C:\Program Files\LSI SoftModem
    2019-08-01 08:39 - 2019-01-05 22:00 - 000000000 ____D C:\WINDOWS\QLB
    2019-08-01 08:32 - 2019-03-19 05:49 - 000000000 ____D C:\WINDOWS\Setup
    2019-08-01 08:16 - 2019-03-19 05:46 - 000000000 __RHD C:\Users\Public\Libraries
    2019-08-01 08:03 - 2019-04-13 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    2019-08-01 08:03 - 2019-01-12 14:52 - 000000000 ____D C:\Program Files\Synaptics
    2019-08-01 08:03 - 2019-01-06 07:59 - 000000000 ____D C:\Program Files\AuthenTec
    2019-08-01 08:03 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Microsoft Games
    2019-08-01 07:57 - 2019-03-19 06:40 - 000000000 ___SD C:\WINDOWS\system32\AppV
    2019-08-01 07:57 - 2019-03-19 06:40 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\TextInput
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\SystemResources
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\oobe
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ShellComponents
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-08-01 07:29 - 2019-03-19 06:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2019-08-01 07:29 - 2019-03-19 06:38 - 000000000 ____D C:\WINDOWS\system32\WCN
    2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ___SD C:\WINDOWS\system32\F12
    2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\IME
    2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Common Files\System
    2019-08-01 07:29 - 2019-03-19 05:35 - 000000000 ____D C:\WINDOWS\servicing
    2019-08-01 07:23 - 2019-03-19 06:39 - 000000000 ____D C:\WINDOWS\OCR
    2019-08-01 07:23 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\inetsrv
    2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\lv-LV
    2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\lt-LT
    2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\et-EE
    2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\es-MX
    2019-08-01 04:23 - 2019-01-05 20:39 - 000000000 ____D C:\Users\Beco\AppData\Local\ElevatedDiagnostics
    2019-07-31 20:16 - 2019-06-02 18:07 - 000000000 ____D C:\Users\Beco\AppData\Local\PrivaZer
    2019-07-31 20:01 - 2019-04-18 03:25 - 000000000 ____D C:\Users\Beco\AppData\Local\CrashDumps
    2019-07-31 19:53 - 2019-06-02 18:07 - 000001916 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
    2019-07-31 19:53 - 2019-06-02 18:07 - 000001904 _____ C:\Users\Public\Desktop\PrivaZer.lnk
    2019-07-26 16:30 - 2019-04-19 19:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-07-11 12:23 - 2019-01-05 19:50 - 000000000 ____D C:\Users\Beco\AppData\Local\VirtualStore
    2019-07-11 12:21 - 2019-04-19 20:32 - 000000000 ____D C:\ProgramData\Packages
    2019-07-11 12:21 - 2019-04-19 20:02 - 000000000 ____D C:\Users\Beco\AppData\Local\PlaceholderTileLogoFolder
    2019-07-11 05:03 - 2019-04-19 21:24 - 000000000 ___RD C:\Users\Beco\OneDrive
    2019-07-10 19:32 - 2019-01-05 21:56 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-07-10 19:26 - 2019-01-05 21:56 - 133475400 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-07-10 12:28 - 2019-01-05 20:17 - 000606264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2019-07-07 11:05 - 2019-01-05 22:00 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
    2019-07-07 11:04 - 2019-05-04 17:11 - 000000000 ____D C:\Program Files\HP
    2019-07-07 11:04 - 2019-04-19 19:43 - 000000000 ____D C:\Users\Beco\AppData\Roaming\hpqLog
    2019-07-07 11:04 - 2019-01-05 22:00 - 000000000 ____D C:\Program Files\Hewlett-Packard
    2019-07-07 10:45 - 2019-05-04 17:09 - 000000000 ____D C:\SWSetup

    ==================== Files in the root of some directories ================

    2019-08-04 09:48 - 2019-08-04 09:48 - 001065984 _____ () C:\Users\Beco\AppData\Local\file__0.localstorage
    2019-08-04 09:14 - 2019-08-04 10:14 - 000061590 _____ () C:\Users\Beco\AppData\Local\PlariumPlay.log
    2019-01-05 22:44 - 2019-01-05 22:44 - 000000000 _____ () C:\Users\Beco\AppData\Local\QSwitch.txt
    2019-01-26 19:23 - 2019-01-26 19:23 - 000007605 _____ () C:\Users\Beco\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-08-2019
    Ran by Beco (04-08-2019 19:44:51)
    Running from C:\Users\Beco\Downloads
    Microsoft Windows 10 Pro Version 1903 18362.267 (X86) (2019-08-01 05:59:11)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2920239448-2505446405-2311763162-500 - Administrator - Disabled)
    Beco (S-1-5-21-2920239448-2505446405-2311763162-1001 - Administrator - Enabled) => C:\Users\Beco
    DefaultAccount (S-1-5-21-2920239448-2505446405-2311763162-503 - Limited - Disabled)
    Guest (S-1-5-21-2920239448-2505446405-2311763162-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2920239448-2505446405-2311763162-1002 - Limited - Enabled)
    WDAGUtilityAccount (S-1-5-21-2920239448-2505446405-2311763162-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    8K Player version 4.4.0 (HKLM\...\842F0D80-2EC4-4903-9798-714D9927DCA1_is1) (Version: 4.4.0 - DimoSoft, Inc.)
    Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
    Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
    DivX H.264 decoder 8.2.0.26 (HKLM\...\divxh264_is1) (Version: 8.2.0.26 - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 76.0.3809.87 - Google LLC)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM\...\{A2926515-9BCE-4785-AFAD-98233D52C3AE}) (Version: 12.11.27.1 - HP Inc.)
    HP System Event Utility (HKLM\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.)
    K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
    LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Plarium Play (HKLM\...\{12D4088C-8ED7-4218-B9FF-10E8FA3D7B57}) (Version: 3.1.0.0 - Plarium) Hidden
    Plarium Play (HKLM\...\{FBD9CDDD-13B0-406B-BDFA-79703D34C153}) (Version: 3.1.0 - Plarium) Hidden
    Plarium Play (HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\{b06aff34-801f-46e9-9690-9d16b8f33092}) (Version: 3.1.0 - Plarium)
    PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.75.0 - Goversoft LLC)
    QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
    Skype, версия 8.45 (HKLM\...\Skype_is1) (Version: 8.45 - Skype Technologies S.A.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.69 - Synaptics Incorporated)
    WinRAR 5.70 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

    Packages:
    =========
    LINE -> C:\Program Files\WindowsApps\NAVER.LINEwin8_5.18.2.0_x86__8ptj331gd3tyt [2019-07-31] (LINE Corporation)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-19] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x86__8wekyb3d8bbwe [2019-06-17] (Microsoft Studios) [MS Ad]
    Torrex Lite - Torrent Downloader -> C:\Program Files\WindowsApps\BooStudioLLC.TorrexLite-TorrentDownloader_1.3.97.0_x86__b6e429xa66pga [2019-06-21] (Finebits OÜ) [MS Ad]
    Добавка за „Снимки“ -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x86__8wekyb3d8bbwe [2019-04-20] (Microsoft Corporation)
    Поща и календар -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x86__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation) [MS Ad]

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>  -> No File
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>  -> No File
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
    WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
    WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

    Shortcut: C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer\Деинсталирай Privazer.lnk -> C:\Program Files\PrivaZer\privazer_remover.exe (Goversoft LLC) <==== Cyrillic
    Shortcut: C:\Users\Beco\AppData\Roaming\Microsoft\Windows\SendTo\Прехвърляне на файлове с Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic

    ==================== Loaded Modules (Whitelisted) ==============


    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKCU\Environment\\Path -> ;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps
    HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\Control Panel\Desktop\\Wallpaper -> c:\users\beco\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\diy.jpg
    DNS Servers: 192.168.0.1
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    MSCONFIG\Services: SafeDNS Agent => 2
    HKLM\...\StartupApproved\Run: => "QlbCtrl.exe"
    HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
    HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\Run: => "SafeDNS Agent"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{155B760F-5E54-482B-8365-6665EC03CC2C}C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
    FirewallRules: [TCP Query User{44B11955-F926-4A9B-AA9D-6B5A18DAAF61}C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
    FirewallRules: [{90A20652-3E5F-405C-B8E5-AF6D9A4EC0E7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{612CBEB6-20A2-448D-99E9-FCB1F2B34F23}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{AF4C1CD7-FED9-470D-B329-7F50331D7D0B}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [UDP Query User{77363016-8846-4DB7-AD51-2B727580DA68}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe () [File not signed]
    FirewallRules: [TCP Query User{45A74C76-06A8-4563-9550-548C167DE0D2}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe () [File not signed]
    FirewallRules: [UDP Query User{340FE0D8-F433-4684-8EEE-555FA3D5CC3D}C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe] => (Allow) C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe No File
    FirewallRules: [TCP Query User{353B7826-2A8F-493D-A1F1-2AC837AF0B3C}C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe] => (Allow) C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe No File
    FirewallRules: [UDP Query User{24C96F24-BD78-4B3B-8CC8-CCD439113A9E}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{F80ACAFA-F1DD-447C-8EF2-F8CFE0A3F99F}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{06598060-8173-4526-85B1-326A8EADE9B1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    01-08-2019 13:54:17 Windows Update
    03-08-2019 18:20:34 Driver Booster : Microsoft ACPI-Compliant Control Method Battery

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/04/2019 07:41:57 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (7388,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (08/04/2019 07:26:56 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (3124,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (08/04/2019 07:19:50 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (08/04/2019 07:19:50 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (08/04/2019 07:19:50 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (08/04/2019 07:19:50 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (08/04/2019 07:00:18 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (8184,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (08/04/2019 06:53:27 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (7556,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


    System errors:
    =============
    Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Услуга SynTPEnh Caller Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).

    Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Услуга Andrea ADI Filters Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).

    Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Услуга Message Queuing беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 120000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.

    Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).

    Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Услуга HPWMISVC беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).

    Error: (08/04/2019 07:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Услуга Agere Modem Call Progress Audio беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).

    Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


    Windows Defender:
    ===================================
    Date: 2019-08-04 16:39:23.995
    Description: 
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
    Name: Trojan:Win32/Wacatac.B!ml
    ID: 2147735505
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/18e663c4b0|pid:4648,ProcessStart:132093995403375033
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0
    Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

    Date: 2019-08-04 16:35:34.363
    Description: 
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0
    Name: Trojan:Win32/Conteban.B!ml
    ID: 2147735507
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/78834792cf|pid:2452,ProcessStart:132093992524073237
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0
    Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

    Date: 2019-08-04 16:35:16.939
    Description: 
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0
    Name: Trojan:Win32/Conteban.B!ml
    ID: 2147735507
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/459d5f08a7|pid:2452,ProcessStart:132093992524073237
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0
    Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

    Date: 2019-08-04 16:34:50.615
    Description: 
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0
    Name: Trojan:Win32/Conteban.B!ml
    ID: 2147735507
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/3e4192f681|pid:2452,ProcessStart:132093992524073237
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0
    Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

    Date: 2019-08-04 16:31:18.836
    Description: 
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0
    Name: Trojan:Win32/Conteban.B!ml
    ID: 2147735507
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/d814e79dee|pid:7088,ProcessStart:132093990433000700
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0
    Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

    Date: 2019-08-04 15:19:12.432
    Description: 
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version: 
    Previous security intelligence Version: 1.299.1222.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16200.1
    Error code: 0x8007043c
    Error description: This service cannot be started in Safe Mode 

    Date: 2019-08-04 15:09:07.516
    Description: 
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode 
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Date: 2019-08-04 12:37:18.611
    Description: 
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version: 
    Previous security intelligence Version: 1.299.1222.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16200.1
    Error code: 0x8007043c
    Error description: This service cannot be started in Safe Mode 

    Date: 2019-08-04 12:27:12.471
    Description: 
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode 
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Date: 2019-08-04 11:52:30.958
    Description: 
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode 
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    ==================== Memory info =========================== 

    BIOS: Hewlett-Packard 68PCU Ver. F.20 12/08/2011
    Motherboard: Hewlett-Packard 30DB
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
    Percentage of memory in use: 62%
    Total physical RAM: 3000.26 MB
    Available physical RAM: 1115.69 MB
    Total Virtual: 5542.26 MB
    Available Virtual: 3518.26 MB

    ==================== Drives ================================

    Drive 😄 () (Fixed) (Total:365.12 GB) (Free:312.39 GB) NTFS
    Drive d: () (Fixed) (Total:100.1 GB) (Free:85.36 GB) NTFS

    \\?\Volume{35691345-1108-11e9-812b-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
    \\?\Volume{35691348-1108-11e9-812b-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

    ==================== End of Addition.txt ============================

    Определено всичко вече е наред и Chrome зарежда по-бързо

  12. # Malwarebytes AdwCleaner 7.1.1.0
    # -------------------------------
    # Build:    04-24-2018
    # Database: 
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start:    08-04-2019
    # Duration: 00:00:04
    # OS:       Windows 10 Pro
    # Cleaned:  18
    # Failed:   0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    Deleted       C:\Program Files\Common Files\IObit\Advanced SystemCare
    Deleted       C:\Users\Beco\AppData\LocalLow\IObit\Advanced SystemCare
    Deleted       C:\Users\Beco\AppData\Roaming\IObit\Advanced SystemCare
    Deleted       C:\ProgramData\IOBIT\Driver Booster
    Deleted       C:\Program Files\IOBIT\Driver Booster
    Deleted       C:\Users\Beco\AppData\Roaming\IOBIT\Driver Booster
    Deleted       C:\Users\Beco\AppData\Roaming\DRPSu
    Deleted       C:\ProgramData\Tencent
    Deleted       C:\Users\Beco\AppData\Local\Tencent
    Deleted       C:\Users\Beco\AppData\Roaming\Tencent

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted       HKLM\Software\IObit\RealTimeProtector
    Deleted       HKLM\Software\IObit\Advanced SystemCare
    Deleted       HKLM\Software\IOBIT\ASC
    Deleted       HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    Deleted       HKLM\Software\IObit\Driver Booster
    Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B0A739B5-4232-4958-9C1D-486DC1047518}
    Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{08CAA098-8E08-4DD6-AB80-2885F8050FD9}
    Deleted       HKLM\Software\Classes\METNSD

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************


    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
     

  13. Системата се държи по добре , ето и резултата от сканирането:

    SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
    WebSite: www.safezone.cc
    DateLog: 04.08.2019 18:54:10
    Path starting: C:\Users\Beco\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
    Log directory: C:\SecurityCheck\
    IsAdmin: True
    User: Beco
    VersionXML: 6.67is-31.07.2019
    ___________________________________________________________________________

    Windows 10(6.3.18362) (x86) Professional Release: 1903 Lang: English(0409)
    Installation date OS: 01.08.2019 05:59:11
    LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
    Boot Mode: Normal
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    SystemDrive: 😄 FS: [NTFS] Capacity: [365.1 Gb] Used: [52.6 Gb] Free: [312.5 Gb]
    ------------------------------- [ Windows ] -------------------------------
    Internet Explorer 11.239.18362.0
    User Account Control enabled (Level 3)
    Never check for updates
    Security Center (wscsvc) - The service is running
    Remote Registry (RemoteRegistry) - The service has stopped
    SSDP Discovery (SSDPSRV) - The service is running
    Remote Desktop Services (TermService) - The service has stopped
    Windows Remote Management (WS-Management) (WinRM) - The service has stopped
    ---------------------------- [ Antivirus_WMI ] ----------------------------
    Windows Defender (enabled and up to date)
    --------------------------- [ FirewallWindows ] ---------------------------
    Защитна стена на Windows Defender (mpssvc) - The service is running
    --------------------------- [ AntiSpyware_WMI ] ---------------------------
    Windows Defender (enabled and up to date)
    --------------------------- [ OtherUtilities ] ----------------------------
    Microsoft .NET Framework 4.7.2 v.4.7.03062
    -------------------------------- [ Arch ] ---------------------------------
    WinRAR 5.70 (32-bit) v.5.70.0 Warning! Download Update
    --------------------------------- [ IM ] ----------------------------------
    Skype, версия 8.45 v.8.45 Warning! Download Update
    --------------------------- [ AdobeProduction ] ---------------------------
    Adobe Flash Player 32 NPAPI v.32.0.0.223
    Adobe Flash Player 32 PPAPI v.32.0.0.223
    ------------------------------- [ Browser ] -------------------------------
    Google Chrome v.76.0.3809.87
    K-Meleon 75.0 (x86 en-US) v.75.0
    ------------------ [ AntivirusFirewallProcessServices ] -------------------
    Malwarebytes Service (MBAMService) - The service has stopped
    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe v.4.18.1907.4
    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe v.4.18.1907.4
    Услуга Windows Defender Antivirus (WinDefend) - The service is running
    Услуга за мрежова проверка на Windows Defender Antivirus (WdNisSvc) - The service is running
    Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - The service has stopped
    ---------------------------- [ UnwantedApps ] -----------------------------
    IObit Uninstaller 8 v.8.4.0.11 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
    Unity Web Player v.5.3.8f2 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
    IObit Uninstaller Service (IObitUnSvr) - The service has stopped
    ----------------------------- [ End of Log ] ------------------------------
     

  14. Днес писах с колегата ви  B-boy/StyLe/     защото не можех да изтегля Farbar , браузърите го блокираха като вирус и накрая реших да правя опити сам за което знам че не е редно

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-08-2019
    Ran by Beco (administrator) on BECO-PC (Hewlett-Packard HP EliteBook 6930p) (04-08-2019 18:28:47)
    Running from C:\Users\Beco\Downloads
    Loaded Profiles: Beco (Available Profiles: Beco)
    Platform: Microsoft Windows 10 Pro Version 1903 18362.267 (X86) Language: Английски (Съединени щати)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Hewlett-Packard Company -> HP Inc.) C:\Program Files\HP\HP System Event\HPMSGSVC.exe
    (Hewlett-Packard Company -> HP Inc.) C:\Program Files\HP\HP System Event\HPWMISVC.exe
    (HP Inc. -> HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (IObit Information Technology -> IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
    (LSI Corporation -> LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [349240 2010-01-11] (Hewlett-Packard Company ->  Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [HPMessageService] => C:\Program Files\HP\HP System Event\HPMSGSVC.exe [664848 2016-04-26] (Hewlett-Packard Company -> HP Inc.)
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\76.0.3809.87\Installer\chrmstp.exe [2019-08-01] (Google LLC -> Google LLC)
    HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {007EB50E-306C-4243-A051-E9CD96BD6478} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {02368336-6FC1-4641-AC1C-AF3E2FBAFA41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [243576 2019-07-23] (HP Inc. -> HP Inc.)
    Task: {09CD826E-432A-424E-9075-D474750087E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-12] (HP Inc. -> HP Inc.)
    Task: {0AC7D9DD-906E-4B7B-847E-273A28E54C7F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {0CD5E731-3C97-48A0-89D3-4BE6DE9D3197} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-12] (HP Inc. -> HP Inc.)
    Task: {10F238F1-61B3-4FF4-B5F0-8DDC8322392A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
    Task: {1B3EB7B5-BC28-4B91-AE3A-F9EED593562F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [137592 2019-06-12] (HP Inc. -> HP Inc.)
    Task: {1ECBFDA8-5C75-484C-9609-D69F88A27FC2} - System32\Tasks\{C5F4DFD8-894D-40BF-9817-EDD70197CF73} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\LeagueOfAngels3-gtarcade-5c84c94d5b7d1.exe -d C:\Users\Beco\Downloads
    Task: {2237D89C-8BA2-4D66-8621-5F8040BA7EE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [156968 2019-02-24] (Google Inc -> Google Inc.)
    Task: {23C30DE0-3363-4410-9EB8-2B31B3D0ECEE} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
    Task: {25AB2260-9353-403C-90EC-CC7BD098D295} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
    Task: {2671536C-6AFE-4BA9-B77B-1D42B06C7FB1} - System32\Tasks\Uninstaller_SkipUac_Beco => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [5293328 2019-03-19] (IObit Information Technology -> IObit)
    Task: {2BDBC731-7714-481B-B2BC-27EC77EACFFB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
    Task: {36942695-8A2A-42ED-A030-4B8E54984C38} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe)
    Task: {36FF84BD-F80B-4AC0-A3CD-CEA552F511CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {3B8B0FF6-5976-4CD4-868A-6EFD55AC20EE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {3CC255DE-9A77-4339-B257-97BEED1F30CB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {3D8A7ED4-7E07-4834-9592-460518EE157F} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
    Task: {43CBF981-9207-415B-A43F-EA808D674483} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {5286E90C-81E4-4622-9F35-2E63C86A789E} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files\PrivaZer\PrivaZer.exe [17307864 2019-07-31] (Goversoft LLC -> Goversoft LLC)
    Task: {5CCA8EB2-1044-43C2-83EF-14AFD88A23FB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {6247CC29-3BAC-4EB6-AD0A-8D6CF73982B7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6927372A-A3E3-4697-84F8-4492DE198CAE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {70D1EB0E-4134-4D8A-B28B-71D12D891637} - System32\Tasks\{55AAC5B5-BEF5-4E5F-BF9A-95DAFA22D058} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\SharewareOnSale_Giveaway_IObit_Uninstaller_8_PRO_hub.exe -d C:\Users\Beco\Downloads
    Task: {70D4EC4B-4DC4-4743-8A18-19650406D2DF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {76A1CED5-E44E-41BC-88E4-53FFAC64AC3F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {7DF081FE-AF3E-4B1F-A713-015169C165F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
    Task: {7E391591-2447-4B71-8C46-9F851D3C62B9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {8573BFA5-38FD-40AC-9800-8EC04403FFEC} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {863D0715-8EC5-4308-B25B-A1A49453A5E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
    Task: {9E9DB093-650D-4AC1-AE74-EFF09DAA28AF} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
    Task: {A00C8D46-8534-4496-96EE-C950CC0D41C6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {A37D69BB-3628-4340-9743-AC2FA5585724} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
    Task: {B265CC37-CE62-4823-8496-5957A29C4EED} - System32\Tasks\HPCeeScheduleForBeco => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2019-05-17] (HP Inc. -> HP Inc.)
    Task: {B9FB55F4-5977-4236-9F75-7569B987B420} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {BB75632B-EC31-4185-A0E7-CE9618974674} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {BC00F4DF-2168-4200-B664-82D78875D451} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
    Task: {BE834CB4-A940-4395-A30D-42B461E75614} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {C118C4DD-2CC4-42CB-BA9E-FA5E7EE07C24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {C8C95506-2926-45B9-B2BC-6D645180D789} - System32\Tasks\{B4FF3079-1C8A-4E12-8782-220F860F7F4E} => C:\Windows\system32\pcalua.exe -a C:\Users\Beco\Downloads\EraOfCelestials-gtarcade-5c839784bff81.exe -d C:\Users\Beco\Downloads
    Task: {CB047417-746E-40BA-902A-815AC8FA6C7D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {D3D93664-7AD4-4496-BF89-348597AE5BC6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {D83BAE58-18BB-4010-9F0E-054149DAE465} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [156968 2019-02-24] (Google Inc -> Google Inc.)
    Task: {D988B398-1B45-483C-AA40-86B6646D65A8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe)
    Task: {DB531726-7852-4C5C-8C8E-7E643191E42A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {E0E8C45C-FE64-4087-8E0C-2193CDC81717} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {E7356B7D-5DD6-4890-B4AF-6B1E94A3EF8F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Beco\Downloads\esetonlinescanner_enu.exe [7969304 2019-08-04] (ESET, spol. s r.o. -> ESET spol. s r.o.)
    Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
    Task: {EC15E52E-DA43-4DCC-A275-1158D0C511BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [396608 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {F153981F-F55F-4D98-B828-A6E1A197FAF3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {FF8FD040-EFED-4F3F-B025-E7200A94FA01} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForBeco.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{338C8A04-E5A4-41C0-A592-06F731151E59}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{50FBF5F3-CB8C-4AC9-A764-9C2251E7FE43}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{c92b2e9a-dca7-4503-a7ab-bc7c831445cd}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{f048b2a6-1866-46e6-b7f4-e6a65c07e85b}: [DhcpNameServer] 192.168.42.129

    Internet Explorer:
    ==================
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)

    Edge: 
    ======
    Edge HomeButtonPage: HKU\S-1-5-21-2920239448-2505446405-2311763162-1001 -> hxxp://google.bg/

    FireFox:
    ========
    FF DefaultProfile: oytl87x0.default
    FF ProfilePath: C:\Users\Beco\AppData\Roaming\K-Meleon\oytl87x0.default [2019-07-16]
    FF user.js: detected! => C:\Users\Beco\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06]
    FF Homepage: K-Meleon\oytl87x0.default -> google.bg
    FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
    FF Plugin HKU\S-1-5-21-2920239448-2505446405-2311763162-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Beco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://google.bg/
    CHR StartupUrls: Default -> "hxxps://www.google.bg/"
    CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default [2019-08-04]
    CHR Extension: (Презентации) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-24]
    CHR Extension: (Документи) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-24]
    CHR Extension: (Google Диск) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-05]
    CHR Extension: (YouTube) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-05]
    CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-02]
    CHR Extension: (Таблици) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-24]
    CHR Extension: (Google Документи офлайн) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-24]
    CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-07-29]
    CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-24]
    CHR Extension: (Gmail) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
    CHR Extension: (Chrome Media Router) - C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-01]
    CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-08-04]
    CHR Profile: C:\Users\Beco\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-04]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AEADIFilters; C:\WINDOWS\system32\AEADISRV.EXE [90112 2008-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
    R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation -> LSI Corporation)
    S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [357240 2019-07-05] (HP Inc. -> HP Inc.)
    R2 HPWMISVC; C:\Program Files\HP\HP System Event\HPWMISVC.exe [606224 2016-04-18] (Hewlett-Packard Company -> HP Inc.)
    S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit Information Technology -> IObit)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3735832 2019-08-01] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [304680 2018-05-22] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [1879960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [82984 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [37696 2019-01-06] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R3 ADIHdAudAddService; C:\WINDOWS\system32\drivers\ADIHdAud.sys [381440 2009-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
    R3 AgereSoftModem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [1163328 2010-01-26] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
    S3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [199608 2019-02-20] (BayHub Technology Inc. -> BayHubTech/O2Micro )
    R3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [47504 2019-08-03] (IVT CORPORATION -> IVT Corporation.)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-05-31] (Malwarebytes Corporation -> Malwarebytes)
    R3 HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [15544 2010-02-25] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [27968 2019-01-06] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr.sys [15872 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Development Company, L.P.)
    R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2019-01-06] (Martin Malik - REALiX -> REALiX(tm))
    R3 IUProcessFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win10_x86\IUProcessFilter.sys [35136 2018-10-16] (IObit Information Technology -> IObit)
    R3 IURegistryFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win10_x86\IURegistryFilter.sys [41336 2018-10-16] (IObit Information Technology -> IObit)
    S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [106144 2019-01-11] (Malwarebytes Corporation -> Malwarebytes)
    S3 MBAMProtection; C:\WINDOWS\System32\DRIVERS\mbam.sys [63760 2019-01-11] (Malwarebytes Corporation -> Malwarebytes)
    S3 MBAMWebProtection; C:\WINDOWS\System32\DRIVERS\mwac.sys [83648 2019-01-12] (Malwarebytes Corporation -> Malwarebytes)
    R1 MEmuDrv; C:\WINDOWS\System32\DRIVERS\MEmuDrv.sys [257512 2019-03-14] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
    R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [18448 2019-08-03] (Microsoft Windows Hardware Compatibility Publisher -> NEC Personal Computers, Ltd.)
    S3 NETw5s32; C:\WINDOWS\System32\DRIVERS\NETw5s32.sys [6755840 2010-01-13] (Intel Corporation) [File not signed]
    R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7530736 2019-01-06] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
    R2 rimmptsk; C:\WINDOWS\System32\drivers\rimmptsk.sys [48128 2019-01-06] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
    R3 rismc32; C:\WINDOWS\system32\DRIVERS\rismc32.sys [49152 2019-01-06] (Microsoft Windows Hardware Compatibility Publisher -> RICOH Company, Ltd.)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [24688 2019-08-04] (Adlice -> )
    S3 vjoy; C:\WINDOWS\System32\DRIVERS\vjoy.sys [50224 2016-02-03] (Shaul Eizikovich -> Shaul Eizikovich)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38280 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [269024 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [39136 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
    S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [207360 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
    S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-08-04 18:21 - 2019-08-04 18:21 - 000000008 __RSH C:\ProgramData\ntuser.pol
    2019-08-04 18:16 - 2019-08-04 18:19 - 000007694 _____ C:\Users\Beco\Downloads\Fixlog.txt
    2019-08-04 17:49 - 2019-08-04 17:49 - 000029543 _____ C:\Users\Beco\Downloads\Addition_04-08-2019 17.09.48.txt
    2019-08-04 17:07 - 2019-08-04 17:09 - 000029543 _____ C:\Users\Beco\Downloads\Addition.txt
    2019-08-04 17:04 - 2019-08-04 18:30 - 000024833 _____ C:\Users\Beco\Downloads\FRST.txt
    2019-08-04 17:02 - 2019-08-04 18:28 - 000000000 ____D C:\FRST
    2019-08-04 17:01 - 2019-08-04 17:01 - 001447936 _____ (Farbar) C:\Users\Beco\Downloads\FRST.exe
    2019-08-04 16:54 - 2019-08-04 16:54 - 000000299 _____ C:\Users\Beco\Documents\zemana.txt
    2019-08-04 16:51 - 2019-08-04 18:11 - 001496275 _____ C:\WINDOWS\ZAM.krnl.trace
    2019-08-04 16:51 - 2019-08-04 16:51 - 000000000 ____D C:\Users\Beco\AppData\Local\Zemana
    2019-08-04 16:50 - 2019-08-04 18:11 - 000000000 ____D C:\Users\Beco\AppData\Local\AMSDK
    2019-08-04 16:50 - 2019-08-04 16:50 - 012664512 _____ (Zemana Ltd. ) C:\Users\Beco\Downloads\AntiMalware_Setup.exe
    2019-08-04 16:45 - 2019-08-04 16:45 - 000000078 _____ C:\Users\Beco\Downloads\137bdc50b1.json
    2019-08-04 15:45 - 2019-08-04 15:45 - 000008066 _____ C:\Users\Beco\Documents\Rogue killer.txt
    2019-08-04 15:19 - 2019-08-04 15:19 - 000024688 _____ C:\WINDOWS\system32\Drivers\truesight.sys
    2019-08-04 15:17 - 2019-08-04 15:17 - 030667800 _____ (Adlice Software ) C:\Users\Beco\Downloads\RogueKiller_setup.exe
    2019-08-04 15:09 - 2019-08-04 15:09 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2019-08-04 13:11 - 2019-08-04 13:12 - 000001894 _____ C:\Users\Beco\Desktop\Rkill.txt
    2019-08-04 13:10 - 2019-08-04 13:10 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Beco\Downloads\rkill-unsigned.exe
    2019-08-04 12:29 - 2019-08-04 14:00 - 000000681 _____ C:\Users\Beco\Desktop\ESET Online Scanner.lnk
    2019-08-04 12:29 - 2019-08-04 12:29 - 000000780 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
    2019-08-04 12:29 - 2019-08-04 12:29 - 000000000 ____D C:\Users\Beco\AppData\Local\ESET
    2019-08-04 12:28 - 2019-08-04 12:29 - 007969304 _____ (ESET spol. s r.o.) C:\Users\Beco\Downloads\esetonlinescanner_enu.exe
    2019-08-04 11:17 - 2019-08-04 15:19 - 001146190 _____ C:\WINDOWS\ntbtlog.txt
    2019-08-04 09:57 - 2019-08-04 09:57 - 000002856 _____ C:\Users\Beco\Unigine_Heaven_Benchmark_4.0_20190804_0957.html
    2019-08-04 09:49 - 2019-08-04 09:59 - 000000000 ____D C:\Users\Beco\Heaven
    2019-08-04 09:48 - 2019-08-04 09:48 - 001065984 _____ C:\Users\Beco\AppData\Local\file__0.localstorage
    2019-08-04 09:25 - 2019-08-04 10:14 - 000002217 _____ C:\Users\Beco\Desktop\Plarium Play.lnk
    2019-08-04 09:13 - 2019-08-04 09:13 - 001159992 _____ (Plarium) C:\Users\Beco\Downloads\PlariumPlaySetup (1).exe
    2019-08-03 18:21 - 2019-08-03 18:21 - 000047504 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\btcusb.sys
    2019-08-03 18:21 - 2019-08-03 18:21 - 000018448 _____ (NEC Personal Computers, Ltd.) C:\WINDOWS\system32\Drivers\necbatt.sys
    2019-08-01 13:55 - 2019-05-31 06:13 - 000835688 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerApp.exe
    2019-08-01 13:55 - 2019-05-31 06:13 - 000179816 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2019-08-01 09:04 - 2019-08-01 09:04 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2019-08-01 08:59 - 2019-08-01 08:59 - 000000020 ___SH C:\Users\Beco\ntuser.ini
    2019-08-01 08:57 - 2019-08-04 18:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-08-01 08:57 - 2019-08-01 08:57 - 000007623 _____ C:\WINDOWS\diagwrn.xml
    2019-08-01 08:57 - 2019-08-01 08:57 - 000007623 _____ C:\WINDOWS\diagerr.xml
    2019-08-01 08:53 - 2019-08-04 18:27 - 000912284 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-08-01 08:40 - 2019-08-01 08:40 - 000000000 ____D C:\ProgramData\USOShared
    2019-08-01 08:36 - 2019-08-04 14:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-08-01 08:36 - 2019-08-01 09:37 - 000264440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-08-01 08:03 - 2019-08-01 19:35 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2019-08-01 08:03 - 2019-08-01 08:03 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
    2019-08-01 08:02 - 2019-08-04 11:32 - 000000000 ____D C:\Users\Beco
    2019-08-01 08:02 - 2019-03-19 05:41 - 000001105 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-08-01 08:01 - 2019-08-01 08:03 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2019-08-01 07:50 - 2019-08-01 07:50 - 005083352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 004306432 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 003635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 002314440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001866064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001652536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001555688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001273176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001106288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 001039872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2019-08-01 07:50 - 2019-08-01 07:50 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 000838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 000759808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000700928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
    2019-08-01 07:50 - 2019-08-01 07:50 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2019-08-01 07:50 - 2019-08-01 07:50 - 000650552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2019-08-01 07:50 - 2019-08-01 07:50 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000463272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000418816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 000413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000075480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
    2019-08-01 07:50 - 2019-08-01 07:50 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
    2019-08-01 07:50 - 2019-08-01 07:50 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
    2019-08-01 07:50 - 2019-08-01 07:50 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 018017792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 007008768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 006515592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 006218752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 005919744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 005753728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 002863104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2019-08-01 07:49 - 2019-08-01 07:49 - 002398720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 002040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001783808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001612600 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001505080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001501496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001399296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet40.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001297720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001251640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001219072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001102648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000995800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000916280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\opengl32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000826680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CBDHSvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000769336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000739328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000736056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000733136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000625464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000568336 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000566072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000522552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000478520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000446224 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiagn.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2019-08-01 07:49 - 2019-08-01 07:49 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourceMapper.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspbde40.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000363832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd3x40.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000319376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000279864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000258056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\provplatformdesktop.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000249656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\glu32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msltus40.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000213776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityUxHost.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2019-08-01 07:49 - 2019-08-01 07:49 - 000183096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000180536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Gpu.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000152888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000145720 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000145720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000135480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwclientres.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000118584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000111416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVfs.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000091960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000086528 _____ C:\WINDOWS\system32\ResBParser.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000058825 _____ C:\WINDOWS\system32\srms.dat
    2019-08-01 07:49 - 2019-08-01 07:49 - 000054792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000051512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000030008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000021816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScriptRunner.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
    2019-08-01 07:49 - 2019-08-01 07:49 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwstreamingux.dll
    2019-08-01 07:49 - 2019-08-01 07:49 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
    2019-08-01 07:49 - 2019-08-01 07:49 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 007067448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 003120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002991104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002777600 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002712072 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 002586608 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002458112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 002245432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 002204472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 002074224 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001790976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001690624 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001611416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001473488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001468728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001429096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001392968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-08-01 07:48 - 2019-08-01 07:48 - 001283584 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001178608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001111992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-08-01 07:48 - 2019-08-01 07:48 - 001077632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 001007160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000980792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000892488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000811160 _____ C:\WINDOWS\system32\locale.nls
    2019-08-01 07:48 - 2019-08-01 07:48 - 000772656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000700912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000699304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000672944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000645632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000636696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000602640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000588256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000588088 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000554720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000553144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000540680 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000500992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000478800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000451896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000441584 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000440256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000404392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000398648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000395064 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000395064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000389432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000385808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000374800 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000361784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000331064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2019-08-01 07:48 - 2019-08-01 07:48 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000309048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000301880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000277520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000265744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000220984 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000206136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000199176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000161592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000158736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000142856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000138552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000136504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000135000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000134760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000108048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000104976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000098592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Display.BrightnessOverride.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000066872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000061448 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000056008 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds_ps.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000039224 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000033592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsldr.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnlsres.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDJPN.DLL
    2019-08-01 07:48 - 2019-08-01 07:48 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys
    2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKOR.DLL
    2019-08-01 07:48 - 2019-08-01 07:48 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
    2019-08-01 07:48 - 2019-08-01 07:48 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
    2019-08-01 07:48 - 2019-08-01 07:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 006070920 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 004679168 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 003042816 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002798592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-08-01 07:47 - 2019-08-01 07:47 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002490712 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 002306048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001893888 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001651848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001562640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001537624 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001535288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001515008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001334064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdrecordcpu.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001213456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001123840 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConstraintIndex.Search.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001101312 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001079296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsf3gip.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000800048 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000777528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000773680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000738304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2019-08-01 07:47 - 2019-08-01 07:47 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000667272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2019-08-01 07:47 - 2019-08-01 07:47 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000602224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000531464 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\webauthn.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2019-08-01 07:47 - 2019-08-01 07:47 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2019-08-01 07:47 - 2019-08-01 07:47 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000284536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000283472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdwriter.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\directxdatabaseupdater.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000187920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ManagePhone.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgiadaptercache.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000149512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000149304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2019-08-01 07:47 - 2019-08-01 07:47 - 000120352 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000116728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000105384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000091664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2019-08-01 07:47 - 2019-08-01 07:47 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000090128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
    2019-08-01 07:47 - 2019-08-01 07:47 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\coloradapterclient.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaproxystub.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
    2019-08-01 07:47 - 2019-08-01 07:47 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000028672 _____ C:\WINDOWS\system32\usocoreps.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
    2019-08-01 07:47 - 2019-08-01 07:47 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 014814208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 005941760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 005087744 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 004867400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 004572016 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 003915536 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 003735264 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 002763576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 002600960 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 002373120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 002200576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 002066944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001912576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001881400 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001531992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001497088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001452032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001432064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001331976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001304888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001244672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001154960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001097528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001086464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 001063944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000889888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000724480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Signals.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000690488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_9.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000564240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000550200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000506232 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000425488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2019-08-01 07:46 - 2019-08-01 07:46 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2019-08-01 07:46 - 2019-08-01 07:46 - 000414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000400232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000375512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000344376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000336928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000321848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000284176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000279624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000268216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000245544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000235536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000222008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000191288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\regapi.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000166712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000159544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000158736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000156472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viac7.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000142648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000140304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000134424 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000103224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapistub.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapi32.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameChatTranscription.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000096208 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000095184 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
    2019-08-01 07:46 - 2019-08-01 07:46 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000047928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000045384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000042792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidspi.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
    2019-08-01 07:46 - 2019-08-01 07:46 - 000023736 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000016696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
    2019-08-01 07:46 - 2019-08-01 07:46 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
    2019-08-01 07:46 - 2019-08-01 07:46 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fixmapi.exe
    2019-08-01 07:46 - 2019-08-01 07:46 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
    2019-08-01 07:45 - 2019-08-01 07:45 - 000603448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2019-08-01 07:45 - 2019-08-01 07:45 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2019-08-01 07:45 - 2019-08-01 07:45 - 000244712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
    2019-08-01 07:45 - 2019-08-01 07:45 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio2.sys
    2019-08-01 07:45 - 2019-08-01 07:45 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
    2019-08-01 07:45 - 2019-08-01 07:45 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\devauthe.sys
    2019-08-01 07:29 - 2019-08-01 07:29 - 000000000 ____D C:\WINDOWS\system32\bg
    2019-08-01 07:23 - 2019-08-01 07:23 - 004164608 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0002.dll
    2019-08-01 07:23 - 2019-08-01 07:23 - 001875968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS2.dll
    2019-08-01 07:23 - 2019-08-01 07:23 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0002.dll
    2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\WINDOWS\system32\msmq
    2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\WINDOWS\system32\BestPractices
    2019-08-01 07:23 - 2019-08-01 07:23 - 000000000 ____D C:\inetpub
    2019-08-01 07:22 - 2019-08-01 07:22 - 000778912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2019-08-01 07:22 - 2019-08-01 07:22 - 000103072 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2019-08-01 07:22 - 2019-08-01 07:22 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2019-08-01 07:22 - 2019-08-01 07:22 - 000000000 ____D C:\Program Files\Reference Assemblies
    2019-08-01 07:22 - 2019-08-01 07:22 - 000000000 ____D C:\Program Files\MSBuild
    2019-08-01 07:20 - 2019-08-01 07:20 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
    2019-08-01 07:20 - 2019-08-01 07:20 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
    2019-08-01 07:20 - 2019-08-01 07:20 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
    2019-08-01 07:15 - 2019-08-01 07:15 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
    2019-08-01 07:08 - 2019-08-01 07:08 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2019-08-01 04:44 - 2019-08-01 08:59 - 000000000 ___DC C:\WINDOWS\Panther
    2019-07-31 19:53 - 2019-07-31 19:53 - 025776848 _____ (Goversoft LLC) C:\Users\Beco\Downloads\PrivaZer_free (2).exe
    2019-07-31 15:21 - 2019-07-31 15:23 - 000000000 ____D C:\Users\Beco\Documents\hermes_global_images_V9.6.3.0.LHMMIFD_20180801.0000.00_5.0_global_0dc0ffff2c
    2019-07-31 10:46 - 2019-07-31 10:46 - 000000000 ____D C:\ProgramData\Thunder Network
    2019-07-31 10:45 - 2019-08-01 10:06 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xiaomi
    2019-07-31 10:45 - 2019-07-31 10:45 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Xiaomi
    2019-07-31 10:42 - 2019-08-04 11:02 - 000000332 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBeco.job
    2019-07-31 10:18 - 2019-07-31 10:34 - 1390856692 _____ C:\Users\Beco\Downloads\hermes_global_images_V9.6.3.0.LHMMIFD_20180801.0000.00_5.0_global_0dc0ffff2c.tgz
    2019-07-29 11:31 - 2019-07-29 11:31 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2019-07-28 09:45 - 2019-07-28 09:45 - 000000000 ____D C:\Users\Beco\AppData\Roaming\AndroidTbox
    2019-07-28 09:36 - 2019-07-28 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
    2019-07-28 09:36 - 2019-07-28 09:43 - 000000000 ____D C:\ProgramData\Tencent
    2019-07-28 09:36 - 2019-07-28 09:36 - 000000000 ____D C:\Users\Beco\AppData\Local\Tencent
    2019-07-28 09:35 - 2019-07-28 10:25 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Tencent
    2019-07-28 09:35 - 2019-07-28 09:35 - 000000000 ____D C:\Temp
    2019-07-21 16:47 - 2019-07-21 16:47 - 004196408 _____ C:\Users\Beco\Downloads\2019-07-10_16-29-20.861.bmp
    2019-07-18 17:34 - 2019-07-31 19:53 - 000000000 ____D C:\Program Files\PrivaZer
    2019-07-11 13:08 - 2019-07-11 13:22 - 000000775 _____ C:\Users\Beco\Documents\new tournament.txt
    2019-07-11 12:23 - 2019-07-11 12:23 - 000000000 ____D C:\Users\Beco\.QtWebEngineProcess
    2019-07-11 12:23 - 2019-07-11 12:23 - 000000000 ____D C:\Users\Beco\.LINE
    2019-07-07 11:09 - 2019-07-07 11:09 - 000000000 ____D C:\Users\Beco\AppData\Local\HP_Inc
    2019-07-07 11:05 - 2019-08-01 19:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2019-07-07 11:05 - 2019-07-07 11:05 - 000002262 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
    2019-07-07 11:05 - 2019-07-07 11:05 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Hewlett-Packard
    2019-07-07 11:05 - 2019-07-07 11:05 - 000000000 ____D C:\Users\Beco\AppData\Local\Hewlett-Packard
    2019-07-07 10:44 - 2019-07-07 10:45 - 039926088 _____ (Hewlett Packard ) C:\Users\Beco\Downloads\sp54177.exe
    2019-07-07 10:37 - 2019-07-07 11:04 - 000000000 ____D C:\ProgramData\Hewlett-Packard
    2019-07-07 10:37 - 2019-07-07 10:37 - 000000000 ____D C:\Users\Beco\AppData\Local\HP
    2019-07-07 10:36 - 2019-07-07 10:36 - 003510048 _____ (Oleg N. Scherbakov) C:\Users\Beco\Downloads\HPSupportSolutionsFramework-12.11.24.11.exe

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-08-04 18:27 - 2019-03-19 05:44 - 000000000 ____D C:\WINDOWS\INF
    2019-08-04 18:26 - 2019-01-06 07:56 - 000000000 ____D C:\ProgramData\ProductData
    2019-08-04 18:21 - 2019-03-19 05:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-08-04 18:20 - 2019-03-19 05:35 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2019-08-04 18:17 - 2009-07-14 05:37 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2019-08-04 18:14 - 2019-01-06 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-08-04 18:09 - 2019-01-06 07:52 - 000000000 ____D C:\Users\Beco\AppData\Roaming\IObit
    2019-08-04 16:43 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\System
    2019-08-04 16:43 - 2019-03-19 05:35 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-08-04 10:14 - 2019-04-13 12:35 - 000002131 _____ C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Plarium Play.lnk
    2019-08-04 10:14 - 2019-01-06 00:54 - 000000000 ____D C:\Users\Beco\AppData\Local\Plarium
    2019-08-04 10:14 - 2019-01-06 00:54 - 000000000 ____D C:\Users\Beco\AppData\Local\Package Cache
    2019-08-04 09:30 - 2019-01-06 10:16 - 000000000 ____D C:\Users\Beco\AppData\LocalLow\Unity
    2019-08-04 07:29 - 2019-03-19 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-08-03 23:50 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-08-02 04:34 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\appcompat
    2019-08-01 19:35 - 2019-06-19 04:27 - 000000000 ____D C:\Program Files\UNP
    2019-08-01 19:35 - 2019-06-02 18:07 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
    2019-08-01 19:35 - 2019-04-03 05:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX H.264 decoder
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\spool
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\NDF
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\IME
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ServiceState
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\schemas
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\Registration
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2019-08-01 19:35 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2019-08-01 19:35 - 2019-03-19 05:43 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2019-08-01 19:35 - 2019-03-17 15:10 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2019-08-01 19:35 - 2019-03-17 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2019-08-01 19:35 - 2019-02-24 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2019-08-01 19:35 - 2019-01-06 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
    2019-08-01 19:35 - 2019-01-06 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8K Player
    2019-08-01 19:35 - 2019-01-06 07:51 - 000000000 ____D C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed
    2019-08-01 19:35 - 2019-01-05 21:52 - 000000000 ____D C:\Program Files\Intel
    2019-08-01 19:35 - 2018-09-15 08:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2019-08-01 19:35 - 2018-09-15 08:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
    2019-08-01 15:17 - 2019-04-19 19:53 - 000000000 ____D C:\Users\Beco\AppData\Local\Packages
    2019-08-01 10:28 - 2019-02-24 13:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-08-01 10:28 - 2019-02-24 13:31 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-08-01 09:18 - 2019-03-19 05:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2019-08-01 09:00 - 2019-04-19 19:54 - 000000000 __RHD C:\Users\Public\AccountPictures
    2019-08-01 09:00 - 2019-04-19 19:54 - 000000000 ___RD C:\Users\Beco\3D Objects
    2019-08-01 08:59 - 2019-03-19 05:46 - 000000000 ____D C:\ProgramData\USOPrivate
    2019-08-01 08:58 - 2019-03-19 05:35 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2019-08-01 08:57 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Windows Defender
    2019-08-01 08:40 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugins
    2019-08-01 08:40 - 2019-01-05 22:05 - 000000000 ____D C:\Program Files\LSI SoftModem
    2019-08-01 08:39 - 2019-01-05 22:00 - 000000000 ____D C:\WINDOWS\QLB
    2019-08-01 08:32 - 2019-03-19 05:49 - 000000000 ____D C:\WINDOWS\Setup
    2019-08-01 08:16 - 2019-03-19 05:46 - 000000000 __RHD C:\Users\Public\Libraries
    2019-08-01 08:03 - 2019-04-13 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    2019-08-01 08:03 - 2019-01-12 14:52 - 000000000 ____D C:\Program Files\Synaptics
    2019-08-01 08:03 - 2019-01-06 07:59 - 000000000 ____D C:\Program Files\AuthenTec
    2019-08-01 08:03 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Microsoft Games
    2019-08-01 07:57 - 2019-03-19 06:40 - 000000000 ___SD C:\WINDOWS\system32\AppV
    2019-08-01 07:57 - 2019-03-19 06:40 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\TextInput
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\SystemResources
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\oobe
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\ShellComponents
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2019-08-01 07:57 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-08-01 07:29 - 2019-03-19 06:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2019-08-01 07:29 - 2019-03-19 06:38 - 000000000 ____D C:\WINDOWS\system32\WCN
    2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ___SD C:\WINDOWS\system32\F12
    2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\IME
    2019-08-01 07:29 - 2019-03-19 05:46 - 000000000 ____D C:\Program Files\Common Files\System
    2019-08-01 07:29 - 2019-03-19 05:35 - 000000000 ____D C:\WINDOWS\servicing
    2019-08-01 07:23 - 2019-03-19 06:39 - 000000000 ____D C:\WINDOWS\OCR
    2019-08-01 07:23 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\inetsrv
    2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\lv-LV
    2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\lt-LT
    2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\et-EE
    2019-08-01 07:20 - 2019-03-19 05:46 - 000000000 ____D C:\WINDOWS\system32\es-MX
    2019-08-01 04:23 - 2019-01-05 20:39 - 000000000 ____D C:\Users\Beco\AppData\Local\ElevatedDiagnostics
    2019-07-31 20:16 - 2019-06-02 18:07 - 000000000 ____D C:\Users\Beco\AppData\Local\PrivaZer
    2019-07-31 20:01 - 2019-04-18 03:25 - 000000000 ____D C:\Users\Beco\AppData\Local\CrashDumps
    2019-07-31 19:53 - 2019-06-02 18:07 - 000001916 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
    2019-07-31 19:53 - 2019-06-02 18:07 - 000001904 _____ C:\Users\Public\Desktop\PrivaZer.lnk
    2019-07-26 16:30 - 2019-04-19 19:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-07-11 12:23 - 2019-01-05 19:50 - 000000000 ____D C:\Users\Beco\AppData\Local\VirtualStore
    2019-07-11 12:21 - 2019-04-19 20:32 - 000000000 ____D C:\ProgramData\Packages
    2019-07-11 12:21 - 2019-04-19 20:02 - 000000000 ____D C:\Users\Beco\AppData\Local\PlaceholderTileLogoFolder
    2019-07-11 05:03 - 2019-04-19 21:24 - 000000000 ___RD C:\Users\Beco\OneDrive
    2019-07-10 19:32 - 2019-01-05 21:56 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-07-10 19:26 - 2019-01-05 21:56 - 133475400 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-07-10 12:28 - 2019-01-05 20:17 - 000606264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2019-07-07 11:05 - 2019-01-05 22:00 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
    2019-07-07 11:04 - 2019-05-04 17:11 - 000000000 ____D C:\Program Files\HP
    2019-07-07 11:04 - 2019-04-19 19:43 - 000000000 ____D C:\Users\Beco\AppData\Roaming\hpqLog
    2019-07-07 11:04 - 2019-01-05 22:00 - 000000000 ____D C:\Program Files\Hewlett-Packard
    2019-07-07 10:45 - 2019-05-04 17:09 - 000000000 ____D C:\SWSetup

    ==================== Files in the root of some directories ================

    2019-08-04 09:48 - 2019-08-04 09:48 - 001065984 _____ () C:\Users\Beco\AppData\Local\file__0.localstorage
    2019-08-04 09:14 - 2019-08-04 10:14 - 000061590 _____ () C:\Users\Beco\AppData\Local\PlariumPlay.log
    2019-01-05 22:44 - 2019-01-05 22:44 - 000000000 _____ () C:\Users\Beco\AppData\Local\QSwitch.txt
    2019-01-26 19:23 - 2019-01-26 19:23 - 000007605 _____ () C:\Users\Beco\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-08-2019
    Ran by Beco (04-08-2019 18:31:23)
    Running from C:\Users\Beco\Downloads
    Microsoft Windows 10 Pro Version 1903 18362.267 (X86) (2019-08-01 05:59:11)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2920239448-2505446405-2311763162-500 - Administrator - Disabled)
    Beco (S-1-5-21-2920239448-2505446405-2311763162-1001 - Administrator - Enabled) => C:\Users\Beco
    DefaultAccount (S-1-5-21-2920239448-2505446405-2311763162-503 - Limited - Disabled)
    Guest (S-1-5-21-2920239448-2505446405-2311763162-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2920239448-2505446405-2311763162-1002 - Limited - Enabled)
    WDAGUtilityAccount (S-1-5-21-2920239448-2505446405-2311763162-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    8K Player version 4.4.0 (HKLM\...\842F0D80-2EC4-4903-9798-714D9927DCA1_is1) (Version: 4.4.0 - DimoSoft, Inc.)
    Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
    Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
    DivX H.264 decoder 8.2.0.26 (HKLM\...\divxh264_is1) (Version: 8.2.0.26 - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 76.0.3809.87 - Google LLC)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM\...\{A2926515-9BCE-4785-AFAD-98233D52C3AE}) (Version: 12.11.27.1 - HP Inc.)
    HP System Event Utility (HKLM\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.)
    IObit Uninstaller 8 (HKLM\...\IObitUninstall) (Version: 8.4.0.11 - IObit)
    K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
    LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Plarium Play (HKLM\...\{12D4088C-8ED7-4218-B9FF-10E8FA3D7B57}) (Version: 3.1.0.0 - Plarium) Hidden
    Plarium Play (HKLM\...\{FBD9CDDD-13B0-406B-BDFA-79703D34C153}) (Version: 3.1.0 - Plarium) Hidden
    Plarium Play (HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\{b06aff34-801f-46e9-9690-9d16b8f33092}) (Version: 3.1.0 - Plarium)
    PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.75.0 - Goversoft LLC)
    QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
    Skype, версия 8.45 (HKLM\...\Skype_is1) (Version: 8.45 - Skype Technologies S.A.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.69 - Synaptics Incorporated)
    Unity Web Player (HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
    WinRAR 5.70 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

    Packages:
    =========
    LINE -> C:\Program Files\WindowsApps\NAVER.LINEwin8_5.18.2.0_x86__8ptj331gd3tyt [2019-07-31] (LINE Corporation)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-19] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x86__8wekyb3d8bbwe [2019-06-17] (Microsoft Studios) [MS Ad]
    Torrex Lite - Torrent Downloader -> C:\Program Files\WindowsApps\BooStudioLLC.TorrexLite-TorrentDownloader_1.3.97.0_x86__b6e429xa66pga [2019-06-21] (Finebits OÜ) [MS Ad]
    Добавка за „Снимки“ -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x86__8wekyb3d8bbwe [2019-04-20] (Microsoft Corporation)
    Поща и календар -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x86__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation) [MS Ad]

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2920239448-2505446405-2311763162-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Beco\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies SF -> Unity Technologies ApS)
    ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>  -> No File
    ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>  -> No File
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
    WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
    WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

    Shortcut: C:\Users\Beco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer\Деинсталирай Privazer.lnk -> C:\Program Files\PrivaZer\privazer_remover.exe (Goversoft LLC) <==== Cyrillic
    Shortcut: C:\Users\Beco\AppData\Roaming\Microsoft\Windows\SendTo\Прехвърляне на файлове с Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic

    ==================== Loaded Modules (Whitelisted) ==============


    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKCU\Environment\\Path -> ;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps
    HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\Control Panel\Desktop\\Wallpaper -> c:\users\beco\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\diy.jpg
    DNS Servers: 192.168.0.1
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    MSCONFIG\Services: SafeDNS Agent => 2
    HKLM\...\StartupApproved\Run: => "QlbCtrl.exe"
    HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
    HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2920239448-2505446405-2311763162-1001\...\StartupApproved\Run: => "SafeDNS Agent"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{155B760F-5E54-482B-8365-6665EC03CC2C}C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
    FirewallRules: [TCP Query User{44B11955-F926-4A9B-AA9D-6B5A18DAAF61}C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\beco\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
    FirewallRules: [{08CAA098-8E08-4DD6-AB80-2885F8050FD9}] => (Allow) C:\Users\Beco\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
    FirewallRules: [{B0A739B5-4232-4958-9C1D-486DC1047518}] => (Allow) C:\Users\Beco\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
    FirewallRules: [{90A20652-3E5F-405C-B8E5-AF6D9A4EC0E7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{612CBEB6-20A2-448D-99E9-FCB1F2B34F23}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{AF4C1CD7-FED9-470D-B329-7F50331D7D0B}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [UDP Query User{77363016-8846-4DB7-AD51-2B727580DA68}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe () [File not signed]
    FirewallRules: [TCP Query User{45A74C76-06A8-4563-9550-548C167DE0D2}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe () [File not signed]
    FirewallRules: [UDP Query User{340FE0D8-F433-4684-8EEE-555FA3D5CC3D}C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe] => (Allow) C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe No File
    FirewallRules: [TCP Query User{353B7826-2A8F-493D-A1F1-2AC837AF0B3C}C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe] => (Allow) C:\users\beco\appdata\local\temp\rar$exa5360.11617\sdi_r1904.exe No File
    FirewallRules: [UDP Query User{24C96F24-BD78-4B3B-8CC8-CCD439113A9E}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{F80ACAFA-F1DD-447C-8EF2-F8CFE0A3F99F}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{06598060-8173-4526-85B1-326A8EADE9B1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    01-08-2019 13:54:17 Windows Update
    03-08-2019 18:20:34 Driver Booster : Microsoft ACPI-Compliant Control Method Battery

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/04/2019 06:26:50 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (2400,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (08/04/2019 06:20:06 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (08/04/2019 06:20:06 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (08/04/2019 06:20:06 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (08/04/2019 06:20:06 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (08/04/2019 06:17:33 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
    .


    Operation:
       Executing Asynchronous Operation

    Context:
       Current State: DoSnapshotSet

    Error: (08/04/2019 06:16:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Грешка в услугата "Криптографски услуги" при обработка на обръщение на OnIdentity() към обекта System Writer.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (08/04/2019 06:16:49 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
       Gathering Writer Data

    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {73ac7222-9583-4e9c-aeca-ddf782586332}


    System errors:
    =============
    Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (08/04/2019 06:20:01 PM) (Source: DCOM) (EventID: 10010) (User: BECO-PC)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (08/04/2019 06:17:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Услуга Windows Search беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.

    Error: (08/04/2019 06:17:23 PM) (Source: WAS) (EventID: 5175) (User: )
    Description: The listener adapter serving the 'net.msmq' protocol disconnected unexpectedly.

    Error: (08/04/2019 06:17:23 PM) (Source: WAS) (EventID: 5175) (User: )
    Description: The listener adapter serving the 'net.pipe' protocol disconnected unexpectedly.


    Windows Defender:
    ===================================
    Date: 2019-08-04 16:39:23.995
    Description: 
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
    Name: Trojan:Win32/Wacatac.B!ml
    ID: 2147735505
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/18e663c4b0|pid:4648,ProcessStart:132093995403375033
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0
    Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

    Date: 2019-08-04 16:35:34.363
    Description: 
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0
    Name: Trojan:Win32/Conteban.B!ml
    ID: 2147735507
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/78834792cf|pid:2452,ProcessStart:132093992524073237
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0
    Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

    Date: 2019-08-04 16:35:16.939
    Description: 
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0
    Name: Trojan:Win32/Conteban.B!ml
    ID: 2147735507
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/459d5f08a7|pid:2452,ProcessStart:132093992524073237
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0
    Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

    Date: 2019-08-04 16:34:50.615
    Description: 
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0
    Name: Trojan:Win32/Conteban.B!ml
    ID: 2147735507
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/3e4192f681|pid:2452,ProcessStart:132093992524073237
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0
    Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

    Date: 2019-08-04 16:31:18.836
    Description: 
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0
    Name: Trojan:Win32/Conteban.B!ml
    ID: 2147735507
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Beco\Downloads\ALABALA.exe; webfile:_C:\Users\Beco\Downloads\ALABALA.exe|https://dox.abv.bg/api/guest/download/d814e79dee|pid:7088,ProcessStart:132093990433000700
    Detection Origin: Internet
    Detection Type: FastPath
    Detection Source: Downloads and attachments
    Process Name: Unknown
    Security intelligence Version: AV: 1.299.1235.0, AS: 1.299.1235.0, NIS: 1.299.1235.0
    Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

    Date: 2019-08-04 15:19:12.432
    Description: 
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version: 
    Previous security intelligence Version: 1.299.1222.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16200.1
    Error code: 0x8007043c
    Error description: This service cannot be started in Safe Mode 

    Date: 2019-08-04 15:09:07.516
    Description: 
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode 
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Date: 2019-08-04 12:37:18.611
    Description: 
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version: 
    Previous security intelligence Version: 1.299.1222.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version: 
    Previous Engine Version: 1.1.16200.1
    Error code: 0x8007043c
    Error description: This service cannot be started in Safe Mode 

    Date: 2019-08-04 12:27:12.471
    Description: 
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode 
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Date: 2019-08-04 11:52:30.958
    Description: 
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode 
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    ==================== Memory info =========================== 

    BIOS: Hewlett-Packard 68PCU Ver. F.20 12/08/2011
    Motherboard: Hewlett-Packard 30DB
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
    Percentage of memory in use: 63%
    Total physical RAM: 3000.26 MB
    Available physical RAM: 1096.62 MB
    Total Virtual: 5542.26 MB
    Available Virtual: 3503.47 MB

    ==================== Drives ================================

    Drive 😄 () (Fixed) (Total:365.12 GB) (Free:312.59 GB) NTFS
    Drive d: () (Fixed) (Total:100.1 GB) (Free:85.36 GB) NTFS

    \\?\Volume{35691345-1108-11e9-812b-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
    \\?\Volume{35691348-1108-11e9-812b-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

    ==================== End of Addition.txt ============================

    Не видях че сте писали погоре - потърсих съвет от него защото не можех да изтегля Farbar и да направя сканиране и да пусна тема , а не по тази тема

  15. Напоследък Chrome зарежда бавно имам чувството че сякаш системата е тромава , днес при опитите да изтегля Farbar страницата се зареждаше около 1:30 минути докато започне самото изтегляне и то неуспешно

    Addition_04-08-2019 17.09.48.txt FRST_04-08-2019 17.09.48.txt

  • Разглеждащи това в момента   0 потребители

    • Няма регистрирани потребители разглеждащи тази страница.
×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване