Hi there.
My computer was infected by at least one malware (.gerosan extension). I immediately closed all open Chrome pages as they were created and also my wi-fi connection. I tried to scan with Windows Defender, but to no avail. also not with TOTAL AV. I had to shut down. My laptop would only restart in safe mode with disc check but could not fix the errors. I had the option to restore to earlier versions, also that did not work. Only other option available to me at that stage was "Reset my PC" that did the trick, but from there on my machine is very slow. (Relatively ok to boot, byt after logging in I have a black screen for about 5 mins. before the screen "wakees up"
I installed Malwarbytes via USB, scanned, and got rid of: akafjuo, dakafjjuqz and rococo to name but 3. I also scanned with Hitman 3 to make sure there was nothing left.
After another reboot I scanned again with Malwarebytes and cleaned another 1 hit.
From there on the system seems to be clean, but is still sluggish.Windows Defender still does not start up. and the little "thinking" cirdle next to the mouse pointer keeps on flashing.
Therefore if you can please assist in analizing my system to verify whether there any remaining hidden threats, I would appreciate it greatly,
Regards
Ockert
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2019
Ran by Jana_Mostert (administrator) on DESKTOP-J7HTNHM (Dell Inc. Latitude E6400) (15-06-2019 18:07:47)
Running from C:\Users\Surgery\Desktop
Loaded Profiles: Jana_Mostert (Available Profiles: Jana_Mostert)
Platform: Windows 10 Pro Version 1803 17134.829 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> ) C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\AESTSr64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\stacsv64.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.80\Installer\chrmstp.exe [2019-06-12] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1B1DF012-CABC-4E11-87F8-45AE688A9648} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {4273051C-8B9F-4EC7-BA69-B48440F9C9D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BE49111-F682-4F4C-B496-A334F94FFBED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-12] (Google Inc -> Google LLC)
Task: {70908ABD-5746-4D49-8986-622971C9863C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF3B02EA-F668-4D41-90E4-B491690067D6} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {CC257C8F-A667-4A47-9FD6-756B0D8B9DE4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {DA35F8D8-1FF5-4856-A51F-239F22C68AE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-12] (Google Inc -> Google LLC)
Task: {E33BD8C5-35D0-471D-A7FC-D4B0A089EA65} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [393728 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{087c3745-a810-41f9-b83b-5c7bae162fd4}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-09-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-09-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-06-15]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-09-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-06-12] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-06-12] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default [2019-06-15]
CHR Extension: (Slides) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-12]
CHR Extension: (Kaspersky Protection) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2019-06-15]
CHR Extension: (YouTube) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-12]
CHR Extension: (Sheets) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-12]
CHR Extension: (Google Docs Offline) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-06-12]
CHR Extension: (Gmail) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-12]
CHR Extension: (Chrome Media Router) - C:\Users\Surgery\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-12]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R4 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [139504 2019-06-14] (SurfRight B.V. -> SurfRight B.V.)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-09] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HitmanPro38CrusaderBoot; "E:\HitmanPro_x64.exe" /crusader:boot [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BrSerIb; C:\WINDOWS\System32\drivers\BrSerIb.sys [95344 2013-11-20] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\WINDOWS\System32\drivers\BrUsbSIb.sys [21872 2013-11-20] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [40824 2019-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131904 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [73416 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [123152 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [89168 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [219744 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [197464 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1113696 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (Kaspersky Lab -> AO Kaspersky Lab)
R4 klkbdflt2; C:\WINDOWS\system32\DRIVERS\klkbdflt2.sys [48320 2018-01-14] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
S0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [245272 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_arkmon_C0AFDEE6A6307CA44878EDCF7153D5BE; C:\Users\Surgery\AppData\Local\Temp\{E982BA24-5913-4094-A80C-FE6EE4A09F8B}\C0AFDEE6A6307CA44878EDCF7153D5BE.sys [245272 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab) <==== ATTENTION
U3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
U3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [302368 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
U0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116104 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
U3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198768 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [176976 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [203968 2018-02-24] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-06-14] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-06-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-06-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-06-14] (Malwarebytes Corporation -> Malwarebytes)
R2 rimmptsk; C:\WINDOWS\System32\drivers\rimmpx64.sys [52224 2006-11-17] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64832 2018-12-12] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [505856 2010-03-09] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-06-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [337632 2019-06-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-13] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-06-15 18:07 - 2019-06-15 18:13 - 000020154 _____ C:\Users\Surgery\Desktop\FRST.txt
2019-06-15 16:14 - 2019-06-15 18:07 - 000000000 ____D C:\FRST
2019-06-15 16:13 - 2019-06-15 16:10 - 002418688 _____ (Farbar) C:\Users\Surgery\Desktop\FRST64.exe
2019-06-15 16:10 - 2019-06-15 16:10 - 002418688 _____ (Farbar) C:\Users\Surgery\Downloads\FRST64.exe
2019-06-15 14:53 - 2019-06-15 14:54 - 000000780 __RSH C:\ProgramData\ntuser.pol
2019-06-15 14:41 - 2019-06-15 14:41 - 000302368 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-06-15 14:32 - 2019-06-15 14:32 - 000003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2019-06-15 14:32 - 2019-06-15 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2019-06-15 14:32 - 2019-06-15 14:32 - 000000000 ____D C:\Program Files\Common Files\AV
2019-06-15 14:31 - 2019-06-15 14:31 - 000245272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-06-15 14:31 - 2019-06-15 14:31 - 000198768 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-06-15 14:31 - 2019-06-15 14:31 - 000116104 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-06-15 14:31 - 2019-06-15 14:31 - 000099152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-06-15 14:29 - 2019-06-15 14:29 - 000002108 _____ C:\Users\Public\Desktop\Kaspersky Free.lnk
2019-06-15 14:29 - 2019-06-15 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
2019-06-15 14:28 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2019-06-15 14:27 - 2019-06-15 16:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-06-15 14:27 - 2019-06-15 14:31 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-06-15 14:26 - 2019-06-15 14:26 - 001214752 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2019-06-15 14:26 - 2019-06-15 14:26 - 001113696 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2019-06-15 14:26 - 2019-06-15 14:26 - 000219744 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2019-06-15 14:26 - 2019-06-15 14:26 - 000152960 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2019-06-15 14:14 - 2019-06-15 14:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-06-15 14:13 - 2019-06-15 14:14 - 002623360 _____ (Kaspersky Lab) C:\Users\Surgery\Downloads\startup_14441.exe
2019-06-15 14:02 - 2019-06-15 14:07 - 158361496 _____ (Microsoft Corporation) C:\Users\Surgery\Downloads\msert Microsoft Security Scanner.exe
2019-06-15 13:53 - 2019-06-15 13:54 - 046683168 _____ (Microsoft Corporation) C:\Users\Surgery\Downloads\Windows-KB890830-x64-V5.73 Windows Malicious Software Removal Tool.exe
2019-06-14 13:53 - 2019-06-15 18:09 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-06-14 13:53 - 2019-06-14 13:53 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-06-14 13:53 - 2019-06-14 13:53 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-06-14 13:52 - 2019-06-14 13:52 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-14 11:35 - 2019-06-14 11:56 - 000000000 ____D C:\Program Files\Recuva
2019-06-14 11:35 - 2019-06-14 11:35 - 000001699 _____ C:\Users\Public\Desktop\Recuva.lnk
2019-06-14 11:35 - 2019-06-14 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2019-06-14 11:25 - 2019-06-14 11:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-14 11:24 - 2019-06-15 14:44 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-14 10:49 - 2019-06-14 10:52 - 000000000 ____D C:\AdwCleaner
2019-06-14 10:49 - 2019-06-14 10:51 - 000073232 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\NTAgent.exe
2019-06-14 10:47 - 2019-06-14 10:49 - 063765280 _____ (Malwarebytes ) C:\Users\Surgery\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.11017.exe
2019-06-14 10:47 - 2019-06-14 10:48 - 007025360 _____ (Malwarebytes) C:\Users\Surgery\Downloads\adwcleaner_7.3.exe
2019-06-14 09:01 - 2019-06-14 09:01 - 000000000 ____D C:\Users\Surgery\AppData\Local\PeerDistRepub
2019-06-14 06:58 - 2019-06-14 06:58 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2019-06-14 06:58 - 2019-06-14 06:58 - 000000318 _____ C:\WINDOWS\system32\.crusader
2019-06-14 06:50 - 2019-06-14 17:34 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-06-14 06:50 - 2019-06-14 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-06-14 06:50 - 2019-06-14 06:50 - 000000000 ____D C:\Program Files\HitmanPro
2019-06-14 06:49 - 2019-06-14 06:58 - 000000000 ____D C:\ProgramData\HitmanPro
2019-06-14 06:41 - 2019-06-14 06:41 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-06-13 22:52 - 2019-06-13 22:52 - 000000000 ____D C:\Users\Surgery\AppData\Local\DBG
2019-06-13 22:17 - 2019-06-13 22:17 - 000000000 ____D C:\Users\Surgery\AppData\Roaming\www.shadowexplorer.com
2019-06-13 15:13 - 2019-06-13 15:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-06-13 15:04 - 2019-06-13 15:04 - 000002668 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype для бизнеса 2016.lnk
2019-06-13 15:03 - 2019-06-13 15:04 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Средства Microsoft Office 2016
2019-06-13 14:57 - 2019-06-13 14:58 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-06-13 14:57 - 2019-06-13 14:57 - 000000000 ____D C:\WINDOWS\PCHEALTH
2019-06-13 14:36 - 2019-06-13 15:02 - 000000000 ____D C:\WINDOWS\SHELLNEW
2019-06-13 14:32 - 2019-06-13 14:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-06-13 14:31 - 2019-06-13 14:31 - 000000000 ____D C:\Users\Surgery\AppData\Local\Microsoft Help
2019-06-13 14:30 - 2019-06-13 14:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-06-13 14:29 - 2019-06-13 14:29 - 000000000 ____D C:\Program Files\Microsoft Office
2019-06-13 14:04 - 2019-06-13 14:04 - 000000000 ____D C:\Users\Surgery\AppData\Local\D3DSCache
2019-06-13 10:12 - 2019-06-13 10:13 - 005208720 _____ (Krzysztof Kowalczyk) C:\Users\Surgery\Downloads\SumatraPDF-3.1.2-64-install.exe
2019-06-13 09:47 - 2019-06-13 10:15 - 000000000 ____D C:\Users\Surgery\Desktop\Studiegidse
2019-06-13 09:04 - 2019-06-13 09:01 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-06-13 09:03 - 2019-06-13 09:03 - 000000000 ____D C:\Program Files\rempl
2019-06-13 07:20 - 2019-06-15 12:44 - 000000000 ____D C:\Windows.old
2019-06-13 07:20 - 2019-06-13 07:20 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-06-13 07:20 - 2019-06-12 21:42 - 000000000 ____D C:\WINDOWS\Panther
2019-06-13 07:19 - 2019-06-13 07:19 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-06-13 07:17 - 2019-06-13 07:17 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-06-13 07:16 - 2019-06-13 07:16 - 000000000 ____D C:\WINDOWS\Setup
2019-06-13 07:15 - 2019-06-13 07:20 - 000000000 ____D C:\WINDOWS\containers
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\te-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\or-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\km-KH
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\is-IS
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\id-ID
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\be-BY
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\as-IN
2019-06-13 07:10 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\Program Files\MSBuild
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-06-13 07:10 - 2019-06-13 07:10 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-06-13 07:10 - 2019-06-12 22:03 - 000000000 ____D C:\WINDOWS\OCR
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\0409
2019-06-13 07:09 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\DigitalLocker
2019-06-13 07:05 - 2019-05-31 03:57 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-06-13 07:05 - 2019-05-31 03:57 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-06-13 07:02 - 2019-06-13 07:20 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-06-13 07:02 - 2019-06-13 06:58 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2019-06-13 07:02 - 2019-06-13 06:58 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2019-06-13 07:02 - 2019-06-13 06:58 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2019-06-13 07:02 - 2019-06-13 06:58 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2019-06-13 07:02 - 2019-06-13 06:58 - 000027136 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2019-06-13 07:02 - 2019-06-13 06:58 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2019-06-13 07:02 - 2019-06-13 06:58 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-06-13 07:02 - 2019-06-13 06:58 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2019-06-13 07:02 - 2019-06-13 06:58 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2019-06-13 07:02 - 2019-06-13 06:58 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2019-06-13 07:02 - 2019-06-13 06:58 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2019-06-13 07:02 - 2019-06-13 06:58 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2019-06-13 07:01 - 2019-06-15 14:27 - 000000000 ___RD C:\Program Files (x86)
2019-06-13 07:01 - 2019-06-15 14:27 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-06-13 07:01 - 2019-06-15 14:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-06-13 07:01 - 2019-06-15 12:23 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-13 07:01 - 2019-06-14 18:05 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-13 07:01 - 2019-06-14 18:05 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-13 07:01 - 2019-06-13 14:40 - 000000167 _____ C:\WINDOWS\win.ini
2019-06-13 07:01 - 2019-06-13 14:30 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-06-13 07:01 - 2019-06-13 09:04 - 000000000 ____D C:\Program Files\Windows Defender
2019-06-13 07:01 - 2019-06-13 08:58 - 000000000 ____D C:\WINDOWS\appcompat
2019-06-13 07:01 - 2019-06-13 07:20 - 000000000 __RHD C:\Users\Public\Libraries
2019-06-13 07:01 - 2019-06-13 07:20 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-06-13 07:01 - 2019-06-13 07:20 - 000000000 ____D C:\WINDOWS\CSC
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\TextInput
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ta-in
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\si-lk
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\setup
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\system32\am-et
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\Provisioning
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-06-13 07:01 - 2019-06-13 07:15 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ___SD C:\WINDOWS\system32\dsc
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\system32\com
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\IME
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\Help
2019-06-13 07:01 - 2019-06-13 07:09 - 000000000 ____D C:\Program Files\Common Files\system
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ___SD C:\WINDOWS\system32\Nui
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ___SD C:\WINDOWS\system32\AppV
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\my-mm
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\icsxml
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\ias
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\downlevel
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\DDFs
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2019-06-13 07:01 - 2019-06-13 07:02 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 __RSD C:\WINDOWS\media
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Web
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\WaaS
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Vss
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\tracing
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\TAPI
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SystemResources
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SystemApps
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\winevt
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\ras
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\IME
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\DriverState
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\System
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SKB
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\ServiceState
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\security
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\schemas
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\SchCache
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Resources
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\rescache
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\RemotePackages
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Registration
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\PLA
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Performance
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\L2Schemas
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\InputMethod
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\IdentityCRL
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Globalization
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Cursors
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\Branding
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\addins
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files\Windows Security
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files\Windows Portable Devices
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files\windows nt
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files\Common Files\Services
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files (x86)\windows nt
2019-06-13 07:01 - 2019-06-13 07:01 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2019-06-13 07:01 - 2019-06-13 06:58 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2019-06-13 07:01 - 2019-06-13 06:58 - 000000219 _____ C:\WINDOWS\system.ini
2019-06-13 07:01 - 2019-06-12 21:39 - 000000000 ____D C:\WINDOWS\system32\spool
2019-06-13 07:01 - 2019-06-12 21:39 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-06-13 07:01 - 2019-06-12 21:29 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-06-13 07:01 - 2019-06-12 21:29 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-06-13 07:01 - 2019-06-12 21:26 - 000000000 ____D C:\ProgramData\USOPrivate
2019-06-13 06:59 - 2019-06-15 14:32 - 000000000 ____D C:\WINDOWS\INF
2019-06-13 06:50 - 2019-06-13 09:33 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-13 06:41 - 2019-06-15 14:29 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-06-13 06:41 - 2019-06-14 13:50 - 085458944 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-06-13 06:41 - 2019-06-14 13:50 - 014680064 _____ C:\WINDOWS\system32\config\SYSTEM
2019-06-13 06:41 - 2019-06-14 13:50 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2019-06-13 06:41 - 2019-06-14 13:50 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2019-06-13 06:41 - 2019-06-14 13:50 - 000049152 _____ C:\WINDOWS\system32\config\SECURITY
2019-06-13 06:41 - 2019-06-14 13:50 - 000032768 _____ C:\WINDOWS\system32\config\SAM
2019-06-13 06:41 - 2019-06-13 07:21 - 000000000 ___HD C:\$SysReset
2019-06-13 06:41 - 2019-06-13 07:09 - 000000000 ____D C:\WINDOWS\servicing
2019-06-13 06:41 - 2019-06-13 07:01 - 000000000 ____D C:\WINDOWS\system32\SMI
2019-06-12 22:58 - 2019-06-12 22:58 - 000000000 ____D C:\Users\Surgery\AppData\Roaming\vlc
2019-06-12 22:56 - 2019-06-12 22:56 - 000000000 ____D C:\Program Files\VideoLAN
2019-06-12 22:54 - 2019-06-12 22:55 - 041846888 _____ C:\Users\Surgery\Downloads\vlc-3.0.6-win64.exe
2019-06-12 22:44 - 2019-06-12 22:44 - 000000000 ____D C:\Users\Surgery\AppData\Local\Publishers
2019-06-12 22:36 - 2019-06-12 22:36 - 000000000 ____D C:\Program Files\7-Zip
2019-06-12 22:35 - 2019-06-12 22:36 - 001447178 _____ (Igor Pavlov) C:\Users\Surgery\Downloads\7z1900-x64 (1).exe
2019-06-12 22:31 - 2019-06-13 10:03 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-06-12 22:31 - 2019-06-12 22:32 - 001447178 _____ (Igor Pavlov) C:\Users\Surgery\Downloads\7z1900-x64.exe
2019-06-12 22:30 - 2019-06-12 22:30 - 007411912 _____ (VS Revo Group ) C:\Users\Surgery\Downloads\revosetup (1).exe
2019-06-12 22:30 - 2019-06-12 22:30 - 000000000 ____D C:\Program Files\VS Revo Group
2019-06-12 22:27 - 2019-06-12 22:28 - 007411912 _____ (VS Revo Group ) C:\Users\Surgery\Downloads\revosetup.exe
2019-06-12 22:26 - 2019-06-12 22:26 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-06-12 22:24 - 2019-06-12 22:34 - 000000000 ____D C:\ProgramData\Adobe
2019-06-12 22:20 - 2019-06-12 22:20 - 000000000 ____D C:\ProgramData\Packages
2019-06-12 22:16 - 2019-06-12 22:32 - 000000000 ____D C:\Users\Surgery\AppData\Local\Adobe
2019-06-12 22:04 - 2019-06-13 09:43 - 000000000 ____D C:\Users\Surgery\AppData\Local\Google
2019-06-12 22:04 - 2019-06-12 22:07 - 000000000 ____D C:\Program Files (x86)\Google
2019-06-12 22:04 - 2019-06-12 22:04 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-12 22:04 - 2019-06-12 22:04 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-12 21:56 - 2019-06-12 21:56 - 000000000 ____D C:\Users\Surgery\AppData\Local\mbamtray
2019-06-12 21:56 - 2019-06-12 21:56 - 000000000 ____D C:\Users\Surgery\AppData\Local\mbam
2019-06-12 21:55 - 2019-06-12 21:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-12 21:55 - 2019-06-12 21:55 - 000000000 ____D C:\Program Files\Malwarebytes
2019-06-12 21:55 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-06-12 21:55 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-06-12 21:53 - 2019-06-12 21:53 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-06-12 21:50 - 2019-06-12 22:46 - 000000000 ____D C:\Users\Surgery\AppData\Local\PlaceholderTileLogoFolder
2019-06-12 21:49 - 2019-06-12 21:49 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-107219719-2777607667-2193668656-1001
2019-06-12 21:47 - 2019-06-12 22:00 - 000000000 ____D C:\Users\Surgery\AppData\Local\MicrosoftEdge
2019-06-12 21:47 - 2019-06-12 21:47 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-06-12 21:45 - 2019-06-13 06:29 - 000000000 ____D C:\Users\Surgery\AppData\Local\Packages
2019-06-12 21:45 - 2019-06-12 22:32 - 000000000 ____D C:\Users\Surgery\AppData\Roaming\Adobe
2019-06-12 21:45 - 2019-06-12 21:45 - 000000000 ____D C:\Users\Surgery\AppData\Local\VirtualStore
2019-06-12 21:44 - 2019-06-13 06:29 - 000000000 ____D C:\Users\Surgery\AppData\Local\ConnectedDevicesPlatform
2019-06-12 21:44 - 2019-06-12 21:44 - 000000020 ___SH C:\Users\Surgery\ntuser.ini
2019-06-12 21:43 - 2019-06-13 13:50 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-12 21:41 - 2019-06-12 21:41 - 000000000 _SHDL C:\Users\Default User
2019-06-12 21:41 - 2019-06-12 21:41 - 000000000 _SHDL C:\Users\All Users
2019-06-12 21:40 - 2019-06-14 13:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-12 21:40 - 2019-06-13 09:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-06-12 21:40 - 2019-06-12 21:40 - 000011516 _____ C:\Users\Surgery\Desktop\Removed Apps.html
2019-06-12 21:34 - 2019-06-15 14:01 - 000000000 ____D C:\Users\Surgery
2019-06-12 21:34 - 2019-06-12 21:49 - 000002369 _____ C:\Users\Surgery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-12 21:27 - 2019-06-12 21:27 - 000000000 ____D C:\ProgramData\USOShared
2019-06-12 21:27 - 2019-06-12 21:27 - 000000000 ____D C:\Program Files\IDT
2019-06-12 21:27 - 2018-04-12 01:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-06-12 21:27 - 2010-01-26 18:30 - 000162816 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAC64.dll
2019-06-12 21:27 - 2009-10-09 16:45 - 000442368 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTEC64.dll
2019-06-12 21:27 - 2009-03-02 17:58 - 000068608 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAR64.dll
2019-06-12 21:26 - 2019-06-12 21:26 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2019-06-12 21:26 - 2010-03-09 15:56 - 012772352 _____ (IDT, Inc.) C:\WINDOWS\system32\idtcpl64.cpl
2019-06-12 21:26 - 2010-03-09 15:56 - 003348480 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2019-06-12 21:26 - 2009-03-02 17:47 - 000090624 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTCo64.dll
2019-06-12 21:24 - 2019-06-14 11:05 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.dll
2019-06-12 21:23 - 2019-06-15 18:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-12 21:22 - 2019-06-14 11:06 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.exe
2019-06-12 21:22 - 2019-06-14 11:04 - 000017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2019-06-12 21:22 - 2019-06-13 15:58 - 000403008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-12 19:03 - 2019-06-12 21:55 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-06-12 19:03 - 2019-06-12 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-06-12 16:42 - 2019-06-12 16:42 - 000001146 _____ C:\Users\Surgery\_readme.txt
2019-06-12 16:42 - 2019-06-12 16:42 - 000001146 _____ C:\_readme.txt
2019-06-12 16:41 - 2019-06-12 16:41 - 000000000 ____D C:\SystemID
2019-06-12 12:47 - 2019-06-07 13:04 - 021388752 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-12 12:47 - 2019-06-07 12:45 - 012756480 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-12 12:47 - 2019-06-07 12:42 - 003613696 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-12 12:47 - 2019-06-07 12:19 - 020383832 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-12 12:47 - 2019-06-07 12:07 - 011942400 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-12 12:47 - 2019-06-07 12:04 - 002881536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-12 12:47 - 2019-06-07 08:01 - 001035040 ____N (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-12 12:47 - 2019-06-07 07:57 - 007519896 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 12:47 - 2019-06-07 07:57 - 007436536 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-12 12:47 - 2019-06-07 07:57 - 002811192 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-12 12:47 - 2019-06-07 07:56 - 009084216 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-12 12:47 - 2019-06-07 07:46 - 006569344 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 12:47 - 2019-06-07 07:46 - 006043496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-12 12:47 - 2019-06-07 07:38 - 025857536 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-12 12:47 - 2019-06-07 07:37 - 022019584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-12 12:47 - 2019-06-07 07:31 - 019372544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-12 12:47 - 2019-06-07 07:27 - 022718976 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-12 12:47 - 2019-06-07 07:24 - 005784064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-12 12:47 - 2019-06-07 07:24 - 003400704 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-12 12:47 - 2019-06-07 07:21 - 007588864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-12 12:47 - 2019-06-07 07:21 - 004866048 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-12 12:47 - 2019-06-07 07:21 - 001778688 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-12 12:47 - 2019-05-17 14:27 - 006586880 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-12 12:47 - 2019-05-17 14:26 - 004393984 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-12 12:47 - 2019-05-17 14:25 - 004718080 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-12 12:47 - 2019-05-17 14:00 - 005658112 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-12 12:47 - 2019-05-17 08:42 - 005625160 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-06-12 12:47 - 2019-05-17 08:42 - 004789944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-12 12:47 - 2019-05-17 08:30 - 013878784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 12:47 - 2019-05-17 08:19 - 004515840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-12 12:47 - 2019-05-17 08:07 - 004404720 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-12 12:47 - 2019-05-17 08:07 - 002768960 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-12 12:47 - 2019-05-17 08:04 - 001826816 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-06-12 12:47 - 2019-05-17 07:44 - 016597504 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 12:47 - 2019-05-17 07:38 - 004709376 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-12 12:47 - 2019-05-17 07:37 - 004385280 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-12 12:47 - 2019-05-17 07:33 - 003091456 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-12 12:47 - 2019-05-17 07:31 - 004937216 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-12 12:47 - 2019-05-17 07:31 - 003376640 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 12:46 - 2019-06-07 13:04 - 001633136 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-12 12:46 - 2019-06-07 12:47 - 000059904 ____N (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-12 12:46 - 2019-06-07 12:41 - 004055552 ____N (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-12 12:46 - 2019-06-07 12:40 - 001663488 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-12 12:46 - 2019-06-07 12:40 - 001364992 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 12:46 - 2019-06-07 12:23 - 001453920 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-12 12:46 - 2019-06-07 12:10 - 000046080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-12 12:46 - 2019-06-07 12:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-12 12:46 - 2019-06-07 12:04 - 001471488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-12 12:46 - 2019-06-07 08:07 - 000707384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-12 12:46 - 2019-06-07 07:58 - 001220112 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-12 12:46 - 2019-06-07 07:58 - 001027384 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-12 12:46 - 2019-06-07 07:58 - 000568320 ____N (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-12 12:46 - 2019-06-07 07:58 - 000422416 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 12:46 - 2019-06-07 07:58 - 000135176 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-12 12:46 - 2019-06-07 07:58 - 000076304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 002719032 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 001934808 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-12 12:46 - 2019-06-07 07:57 - 001209696 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-12 12:46 - 2019-06-07 07:57 - 000792888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 000709728 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 000594024 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-12 12:46 - 2019-06-07 07:57 - 000435000 ____N (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-12 12:46 - 2019-06-07 07:57 - 000413720 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-12 12:46 - 2019-06-07 07:57 - 000412984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 000383504 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 000170296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-12 12:46 - 2019-06-07 07:57 - 000148280 ____N (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-12 12:46 - 2019-06-07 07:56 - 000713272 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-12 12:46 - 2019-06-07 07:47 - 000380432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-12 12:46 - 2019-06-07 07:46 - 001805656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-12 12:46 - 2019-06-07 07:46 - 001011872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-12 12:46 - 2019-06-07 07:46 - 000581048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-06-12 12:46 - 2019-06-07 07:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-12 12:46 - 2019-06-07 07:23 - 000608768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-12 12:46 - 2019-06-07 07:23 - 000561152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-06-12 12:46 - 2019-06-07 07:22 - 005307392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-06-12 12:46 - 2019-06-07 07:22 - 003710976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-12 12:46 - 2019-06-07 07:21 - 000808448 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-12 12:46 - 2019-06-07 07:21 - 000473600 ____N (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-12 12:46 - 2019-06-07 07:20 - 002610688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-12 12:46 - 2019-06-07 07:20 - 000894464 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-12 12:46 - 2019-06-07 07:19 - 003212288 ____N (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-12 12:46 - 2019-06-07 07:19 - 002175488 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 12:46 - 2019-06-07 07:19 - 001560576 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 12:46 - 2019-06-07 07:19 - 001549824 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-12 12:46 - 2019-06-07 07:19 - 000778240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-12 12:46 - 2019-06-07 07:18 - 002166784 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-12 12:46 - 2019-06-07 07:18 - 000686592 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 12:46 - 2019-06-07 07:18 - 000531968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-12 12:46 - 2019-06-07 07:17 - 001920000 ____N (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-12 12:46 - 2019-06-07 07:17 - 000961024 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-12 12:46 - 2019-06-07 07:17 - 000889344 ____N (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-12 12:46 - 2019-06-07 07:16 - 000900096 ____N (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-12 12:46 - 2019-06-07 07:16 - 000544768 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-12 12:46 - 2019-06-07 07:16 - 000478720 ____N (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-12 12:46 - 2019-05-19 00:12 - 000353280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-12 12:46 - 2019-05-19 00:12 - 000341504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-12 12:46 - 2019-05-17 14:44 - 000348160 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 12:46 - 2019-05-17 14:40 - 002394960 ____N (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-06-12 12:46 - 2019-05-17 14:40 - 000280888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-12 12:46 - 2019-05-17 14:25 - 004491264 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-12 12:46 - 2019-05-17 14:23 - 000182272 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2019-06-12 12:46 - 2019-05-17 14:22 - 000392192 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 12:46 - 2019-05-17 14:22 - 000182784 ____N (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 12:46 - 2019-05-17 14:21 - 001180672 ____N (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-06-12 12:46 - 2019-05-17 14:21 - 000878592 ____N (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-06-12 12:46 - 2019-05-17 14:21 - 000274944 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-06-12 12:46 - 2019-05-17 14:20 - 002084864 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-12 12:46 - 2019-05-17 14:20 - 001970688 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2019-06-12 12:46 - 2019-05-17 14:20 - 000725504 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2019-06-12 12:46 - 2019-05-17 14:20 - 000424448 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2019-06-12 12:46 - 2019-05-17 14:20 - 000224256 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2019-06-12 12:46 - 2019-05-17 14:19 - 000757248 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-12 12:46 - 2019-05-17 14:07 - 002206424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-06-12 12:46 - 2019-05-17 13:58 - 003397632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-12 12:46 - 2019-05-17 13:55 - 000704000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-06-12 12:46 - 2019-05-17 13:55 - 000668160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-12 12:46 - 2019-05-17 13:55 - 000352256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2019-06-12 12:46 - 2019-05-17 09:07 - 000105272 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-06-12 12:46 - 2019-05-17 08:44 - 000829960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-06-12 12:46 - 2019-05-17 08:44 - 000550520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-06-12 12:46 - 2019-05-17 08:43 - 000297688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 001989552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 001980256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 001620264 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 001380096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 001130568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-06-12 12:46 - 2019-05-17 08:42 - 000129088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-06-12 12:46 - 2019-05-17 08:26 - 002969600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-12 12:46 - 2019-05-17 08:21 - 000333824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-06-12 12:46 - 2019-05-17 08:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-12 12:46 - 2019-05-17 08:19 - 001110528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-12 12:46 - 2019-05-17 08:19 - 000835584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-12 12:46 - 2019-05-17 08:18 - 002796032 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-12 12:46 - 2019-05-17 08:18 - 001006592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-12 12:46 - 2019-05-17 08:08 - 001063224 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-12 12:46 - 2019-05-17 08:08 - 000723432 ____N (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-12 12:46 - 2019-05-17 08:08 - 000491200 ____N (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-12 12:46 - 2019-05-17 08:08 - 000401328 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-06-12 12:46 - 2019-05-17 08:07 - 002571640 ____N (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-12 12:46 - 2019-05-17 08:07 - 002467320 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-12 12:46 - 2019-05-17 08:07 - 001459120 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-12 12:46 - 2019-05-17 08:07 - 001288712 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-12 12:46 - 2019-05-17 08:07 - 001260272 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-12 12:46 - 2019-05-17 08:07 - 000930616 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-06-12 12:46 - 2019-05-17 08:07 - 000275768 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-12 12:46 - 2019-05-17 08:07 - 000260800 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-06-12 12:46 - 2019-05-17 08:06 - 001943136 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-12 12:46 - 2019-05-17 08:06 - 001784696 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-12 12:46 - 2019-05-17 08:06 - 001307648 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-06-12 12:46 - 2019-05-17 08:06 - 001140992 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-12 12:46 - 2019-05-17 08:06 - 001098056 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-12 12:46 - 2019-05-17 08:06 - 000983424 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-12 12:46 - 2019-05-17 08:06 - 000151888 ____N (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 12:46 - 2019-05-17 08:00 - 001295360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-06-12 12:46 - 2019-05-17 07:36 - 000096768 ____N (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-12 12:46 - 2019-05-17 07:35 - 000433152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-06-12 12:46 - 2019-05-17 07:35 - 000362496 ____N (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-12 12:46 - 2019-05-17 07:35 - 000322560 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-12 12:46 - 2019-05-17 07:34 - 001804288 ____N (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-12 12:46 - 2019-05-17 07:34 - 000916480 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-12 12:46 - 2019-05-17 07:34 - 000671744 ____N (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 12:46 - 2019-05-17 07:34 - 000141312 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-06-12 12:46 - 2019-05-17 07:33 - 002912256 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-12 12:46 - 2019-05-17 07:33 - 002370560 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-12 12:46 - 2019-05-17 07:33 - 001487360 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-12 12:46 - 2019-05-17 07:33 - 001214464 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-12 12:46 - 2019-05-17 07:33 - 000787968 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-06-12 12:46 - 2019-05-17 07:32 - 001070080 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-12 12:46 - 2019-05-17 07:32 - 000815104 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 003293184 ____N (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001854976 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001805312 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001383424 ____N (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001215488 ____N (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001211904 ____N (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 001027584 ____N (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 000620032 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 12:46 - 2019-05-17 07:31 - 000466432 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-12 12:46 - 2019-05-17 07:30 - 000917504 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-12 12:46 - 2019-05-17 07:30 - 000507392 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-06-12 12:46 - 2019-05-17 07:30 - 000276992 ____N (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-12 12:45 - 2019-06-07 12:48 - 000064000 ____N (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-06-12 12:45 - 2019-06-07 07:57 - 000494304 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-12 12:45 - 2019-06-07 07:57 - 000137448 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-06-12 12:45 - 2019-06-07 07:47 - 000097272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-06-12 12:45 - 2019-06-07 07:46 - 000357072 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-12 12:45 - 2019-06-07 07:24 - 001361408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-06-12 12:45 - 2019-06-07 07:23 - 000209408 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-12 12:45 - 2019-06-07 07:22 - 000578560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-12 12:45 - 2019-06-07 07:22 - 000233984 ____N (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-12 12:45 - 2019-06-07 07:22 - 000216064 ____N (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-12 12:45 - 2019-06-07 07:21 - 000154112 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 12:45 - 2019-06-07 07:20 - 001708544 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-06-12 12:45 - 2019-06-07 07:20 - 000726528 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-06-12 12:45 - 2019-06-07 07:19 - 000369664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-12 12:45 - 2019-06-07 06:00 - 000001308 ____N C:\WINDOWS\system32\tcbres.wim
2019-06-12 12:45 - 2019-05-19 00:12 - 001311744 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-12 12:45 - 2019-05-19 00:12 - 000241152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-12 12:45 - 2019-05-17 14:25 - 000039424 ____N (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-12 12:45 - 2019-05-17 14:24 - 000122368 ____N (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-12 12:45 - 2019-05-17 14:23 - 000223744 ____N (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2019-06-12 12:45 - 2019-05-17 14:23 - 000110080 ____N (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 12:45 - 2019-05-17 14:21 - 001121792 ____N (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-06-12 12:45 - 2019-05-17 14:21 - 000221184 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 12:45 - 2019-05-17 13:58 - 000184320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2019-06-12 12:45 - 2019-05-17 13:56 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-12 12:45 - 2019-05-17 13:56 - 000240640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-06-12 12:45 - 2019-05-17 13:55 - 000470528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-06-12 12:45 - 2019-05-17 13:54 - 002016768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-12 12:45 - 2019-05-17 13:54 - 000908288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-06-12 12:45 - 2019-05-17 11:33 - 001008640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-12 12:45 - 2019-05-17 10:52 - 000868864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-12 12:45 - 2019-05-17 08:42 - 000125504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-12 12:45 - 2019-05-17 08:23 - 000074240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-06-12 12:45 - 2019-05-17 08:23 - 000068096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-12 12:45 - 2019-05-17 08:23 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-12 12:45 - 2019-05-17 08:22 - 000142848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-12 12:45 - 2019-05-17 08:22 - 000031232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 12:45 - 2019-05-17 08:21 - 000326144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-12 12:45 - 2019-05-17 08:21 - 000224768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-12 12:45 - 2019-05-17 08:20 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-12 12:45 - 2019-05-17 08:20 - 000118272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-06-12 12:45 - 2019-05-17 08:19 - 001073664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-12 12:45 - 2019-05-17 08:19 - 000873472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-06-12 12:45 - 2019-05-17 08:18 - 000251904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-06-12 12:45 - 2019-05-17 07:37 - 000185344 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-12 12:45 - 2019-05-17 07:37 - 000108544 ____N (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-06-12 12:45 - 2019-05-17 07:36 - 000228864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-12 12:45 - 2019-05-17 07:36 - 000115200 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-06-12 12:45 - 2019-05-17 07:36 - 000067584 ____N (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-12 12:45 - 2019-05-17 07:36 - 000040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-12 12:45 - 2019-05-17 07:36 - 000034816 ____N (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-12 12:45 - 2019-05-17 07:36 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-12 12:45 - 2019-05-17 07:34 - 000275456 ____N (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-12 12:45 - 2019-05-17 07:34 - 000270336 ____N (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-12 12:45 - 2019-05-17 07:34 - 000175104 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-12 12:45 - 2019-05-17 07:34 - 000047616 ____N (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-06-12 12:45 - 2019-05-17 07:33 - 000270336 ____N (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-09 22:03 - 2019-06-12 16:42 - 000000238 _____ C:\Users\Surgery\Documents\debug.log.gerosan
2019-06-06 17:47 - 2019-06-12 16:42 - 000022074 _____ C:\Users\Surgery\Desktop\LO OPSOMMINGS.docx.gerosan
2019-06-06 10:54 - 2019-06-13 07:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-06-04 18:03 - 2019-06-04 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-06-03 11:47 - 2019-06-12 16:42 - 003480552 _____ C:\Users\Surgery\Desktop\Geografie-Gr11-Studiegids.pdf.gerosan
2019-05-31 14:37 - 2019-06-12 16:42 - 000000000 ____D C:\Users\Surgery\Desktop\High.School.Musical.3-Senior.Year[2008]DvDrip-aXXo
2019-05-28 21:59 - 2019-06-12 16:42 - 000000000 ___RD C:\Users\Surgery\Documents\Scanned Documents
2019-05-28 21:59 - 2019-05-28 21:59 - 000000000 ____D C:\Users\Surgery\Documents\Fax
2019-05-27 17:59 - 2019-06-12 16:42 - 000000000 ____D C:\Users\Surgery\Desktop\RTTgr10T4MostertWian
2019-05-26 16:47 - 2019-06-12 16:42 - 000014731 _____ C:\Users\Surgery\Desktop\RTT Opsomming.xlsx.gerosan
2019-05-26 12:51 - 2019-06-12 16:42 - 000039889 _____ C:\Users\Surgery\Documents\OM PERSONAL MONTHLY BUDGET.xlsx.gerosan
2019-05-18 14:07 - 2019-06-13 07:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Shaper Free
2019-05-18 14:07 - 2019-05-18 14:07 - 000001130 _____ C:\Users\Public\Desktop\PDF Shaper Free.lnk
2019-05-16 22:12 - 2019-02-13 07:47 - 001909560 ____N (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-05-16 18:26 - 2019-05-16 18:26 - 000081744 _____ C:\Users\Surgery\Desktop\Classic.pdf
2019-05-16 17:12 - 2019-05-03 08:01 - 008189440 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-16 17:12 - 2019-05-03 08:00 - 006661632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-16 17:12 - 2019-04-19 06:35 - 001458688 ____N (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-16 17:12 - 2019-04-19 06:35 - 001175552 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-16 17:11 - 2019-05-03 14:14 - 000790208 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-16 17:11 - 2019-05-03 14:14 - 000304144 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-16 17:11 - 2019-05-03 14:13 - 001376472 ____N (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-16 17:11 - 2019-05-03 14:13 - 000396088 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-16 17:11 - 2019-05-03 13:55 - 000123392 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-16 17:11 - 2019-05-03 13:54 - 000177664 ____N (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-16 17:11 - 2019-05-03 13:52 - 000119808 ____N (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-16 17:11 - 2019-05-03 13:49 - 001288704 ____N (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-16 17:11 - 2019-05-03 13:49 - 000488448 ____N (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-16 17:11 - 2019-05-03 13:49 - 000210944 ____N (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-16 17:11 - 2019-05-03 13:43 - 001027008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-16 17:11 - 2019-05-03 13:43 - 000662328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-16 17:11 - 2019-05-03 13:30 - 000138752 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-16 17:11 - 2019-05-03 13:30 - 000098304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-16 17:11 - 2019-05-03 13:28 - 000089600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-16 17:11 - 2019-05-03 13:27 - 000176640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-16 17:11 - 2019-05-03 13:26 - 000425472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-16 17:11 - 2019-05-03 08:43 - 000177128 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-16 17:11 - 2019-05-03 08:34 - 000159864 ____N (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-16 17:11 - 2019-05-03 08:33 - 000063072 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-16 17:11 - 2019-05-03 08:32 - 000776784 ____N (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-16 17:11 - 2019-05-03 08:32 - 000493880 ____N (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-16 17:11 - 2019-05-03 08:32 - 000438984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-16 17:11 - 2019-05-03 08:32 - 000209208 ____N (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-16 17:11 - 2019-05-03 08:32 - 000164664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-16 17:11 - 2019-05-03 08:31 - 000545808 ____N (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-16 17:11 - 2019-05-03 08:31 - 000115728 ____N (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-16 17:11 - 2019-05-03 08:20 - 000434704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-16 17:11 - 2019-05-03 08:20 - 000384976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-16 17:11 - 2019-05-03 08:20 - 000192016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-16 17:11 - 2019-05-03 08:20 - 000146920 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-16 17:11 - 2019-05-03 08:19 - 000665224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-16 17:11 - 2019-05-03 08:19 - 000056288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-16 17:11 - 2019-05-03 08:00 - 000120832 ____N (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-16 17:11 - 2019-05-03 08:00 - 000099328 ____N (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-16 17:11 - 2019-05-03 07:59 - 000514560 ____N (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-16 17:11 - 2019-05-03 07:59 - 000204288 ____N (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-16 17:11 - 2019-05-03 07:58 - 000462336 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-16 17:11 - 2019-05-03 07:56 - 000773632 ____N (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-16 17:11 - 2019-05-03 07:55 - 000659968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-16 17:11 - 2019-05-03 07:54 - 000845824 ____N (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-16 17:11 - 2019-05-03 07:54 - 000778752 ____N (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-16 17:11 - 2019-05-03 07:54 - 000776192 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-16 17:11 - 2019-05-03 07:54 - 000669184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-16 17:11 - 2019-05-03 07:54 - 000667136 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-16 17:11 - 2019-05-03 07:53 - 000204800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-16 17:11 - 2019-05-03 07:53 - 000186880 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-16 17:11 - 2019-05-03 07:53 - 000184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-16 17:11 - 2019-05-03 07:53 - 000181760 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-16 17:11 - 2019-04-19 12:54 - 000720200 ____N (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-16 17:11 - 2019-04-19 12:38 - 000058368 ____N (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-16 17:11 - 2019-04-19 12:38 - 000040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-16 17:11 - 2019-04-19 12:36 - 000346112 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-16 17:11 - 2019-04-19 12:34 - 000522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-16 17:11 - 2019-04-19 11:37 - 000607960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-16 17:11 - 2019-04-19 11:30 - 000036864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-16 17:11 - 2019-04-19 11:26 - 002405888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-16 17:11 - 2019-04-19 11:25 - 000423936 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-16 17:11 - 2019-04-19 07:07 - 000985400 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-16 17:11 - 2019-04-19 07:06 - 000798520 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-16 17:11 - 2019-04-19 07:02 - 000831800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-16 17:11 - 2019-04-19 07:01 - 000576016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-16 17:11 - 2019-04-19 06:43 - 000150016 ____N (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-16 17:11 - 2019-04-19 06:41 - 000140288 ____N (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-16 17:11 - 2019-04-19 06:41 - 000095232 ____N (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-16 17:11 - 2019-04-19 06:40 - 000342528 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-16 17:11 - 2019-04-19 06:40 - 000243712 ____N (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-16 17:11 - 2019-04-19 06:40 - 000172544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-16 17:11 - 2019-04-19 06:40 - 000167936 ____N (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-16 17:11 - 2019-04-19 06:40 - 000081408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-16 17:11 - 2019-04-19 06:39 - 000567296 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-16 17:11 - 2019-04-19 06:39 - 000425472 ____N (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-16 17:11 - 2019-04-19 06:39 - 000374784 ____N (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-16 17:11 - 2019-04-19 06:39 - 000361472 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-16 17:11 - 2019-04-19 06:39 - 000204288 ____N (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-16 17:11 - 2019-04-19 06:38 - 000593408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-16 17:11 - 2019-04-19 06:38 - 000391680 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-16 17:11 - 2019-04-19 06:38 - 000304128 ____N (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-16 17:11 - 2019-04-19 06:38 - 000300544 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-16 17:11 - 2019-04-19 06:37 - 000953856 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-16 17:11 - 2019-04-19 06:37 - 000445952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-16 17:11 - 2019-04-19 06:37 - 000397312 ____N (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-16 17:11 - 2019-04-19 06:37 - 000381952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-16 17:11 - 2019-04-19 06:37 - 000221184 ____N (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-16 17:11 - 2019-04-19 06:36 - 001300992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-16 17:11 - 2019-04-19 06:36 - 000827392 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-16 17:11 - 2019-04-19 06:36 - 000546816 ____N (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-16 17:11 - 2019-04-19 06:36 - 000357888 ____N (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-16 17:11 - 2019-04-19 06:36 - 000186368 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 001938944 ____N (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 001156608 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 000784896 ____N (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 000535040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 000523776 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-16 17:11 - 2019-04-19 06:35 - 000312320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-16 17:11 - 2019-04-19 06:34 - 000935936 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-16 17:11 - 2019-04-19 06:34 - 000885760 ____N (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-16 17:11 - 2019-04-19 06:34 - 000653312 ____N (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-16 17:11 - 2019-04-19 05:18 - 000806360 ____N C:\WINDOWS\SysWOW64\locale.nls
2019-05-16 17:11 - 2019-04-19 05:18 - 000806360 ____N C:\WINDOWS\system32\locale.nls
2019-05-16 17:11 - 2019-04-09 03:48 - 000376320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-06-14 13:30 - 2019-01-12 14:25 - 000001260 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002741 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002668 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002668 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002660 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002660 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002654 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2019-06-13 15:04 - 2018-07-14 08:29 - 000002640 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2019-06-13 10:02 - 2018-07-13 18:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-13 10:02 - 2018-07-13 18:57 - 000002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2019-06-13 07:20 - 2019-01-13 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
2019-06-13 07:20 - 2019-01-13 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2019-06-13 07:20 - 2019-01-12 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-06-13 07:20 - 2018-07-14 08:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2019-06-13 07:20 - 2018-07-13 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-06-13 07:20 - 2018-07-13 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-06-12 22:57 - 2018-07-13 18:56 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-06-12 22:30 - 2019-01-12 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-06-12 22:07 - 2018-07-13 18:58 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-12 22:07 - 2018-07-13 18:58 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-12 21:50 - 2018-07-13 18:50 - 000000000 ___RD C:\Users\Surgery\OneDrive
2019-06-12 21:46 - 2019-01-19 19:21 - 000001417 _____ C:\Users\Surgery\Desktop\Microsoft Edge.lnk
2019-06-12 21:45 - 2019-01-19 19:18 - 000000000 ___RD C:\Users\Surgery\3D Objects
2019-06-12 21:45 - 2018-07-13 18:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 21:39 - 2019-01-28 21:24 - 000000000 ____D C:\Users\Surgery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2019-06-12 16:42 - 2019-05-14 19:00 - 000000000 ____D C:\Users\Surgery\Documents\PPL
2019-06-12 16:42 - 2019-05-13 17:29 - 000111425 _____ C:\Users\Surgery\Desktop\TOERISME VOORBLAD TAAK.docx.gerosan
2019-06-12 16:42 - 2019-05-12 14:24 - 029701843 _____ C:\Users\Surgery\Desktop\Geografie-G10-studyguide.pdf.gerosan
2019-06-12 16:42 - 2019-05-12 14:01 - 036976146 _____ C:\Users\Surgery\Desktop\osoon.pdf.gerosan
2019-06-12 16:42 - 2019-05-08 16:17 - 000019402 ____T C:\Users\Surgery\Documents\Hulp met lit opstel (2) (002).docx.gerosan
2019-06-12 16:42 - 2019-05-01 16:32 - 000010932 _____ C:\Users\Surgery\Documents\Book1.xlsx.gerosan
2019-06-12 16:42 - 2019-04-03 23:01 - 000106867 _____ C:\Users\Surgery\Desktop\system scan log file.docx.gerosan
2019-06-12 16:42 - 2019-03-11 15:54 - 000013957 _____ C:\Users\Surgery\Documents\Geografie toet1.docx.gerosan
2019-06-12 16:42 - 2019-03-11 15:10 - 000017609 _____ C:\Users\Surgery\Documents\Geografie toets.docx.gerosan
2019-06-12 16:42 - 2019-03-06 15:07 - 000015971 _____ C:\Users\Surgery\Documents\Maart Engels toets.docx.gerosan
2019-06-12 16:42 - 2019-02-25 07:49 - 000270955 _____ C:\Users\Surgery\Desktop\kaartwerk maart gr 10.pdf.gerosan
2019-06-12 16:42 - 2019-02-25 07:28 - 000311852 _____ C:\Users\Surgery\Desktop\Geografie Gr10 Afbakening kwartaal1 2019.pdf.gerosan
2019-06-12 16:42 - 2019-02-11 21:52 - 000022581 _____ C:\Users\Surgery\Desktop\Toerisme opsommings Les 2.docx.gerosan
2019-06-12 16:42 - 2019-01-28 12:19 - 000013049 _____ C:\Users\Surgery\Documents\Gloria se maklike quiz.docx.gerosan
2019-06-12 16:42 - 2019-01-22 21:52 - 000000000 ____D C:\Users\Surgery\Documents\RTT
2019-06-12 16:42 - 2019-01-20 12:30 - 000354962 _____ C:\Users\Surgery\Desktop\Viva-Afr-Gr-7-Werkkaarte-CD.pdf.gerosan
2019-06-12 16:42 - 2019-01-20 12:25 - 002477323 _____ C:\Users\Surgery\Desktop\afrikaans-huistaal-graad-10-eksamenhersieningsboek.pdf.gerosan
2019-06-12 16:42 - 2019-01-19 12:03 - 000000000 ____D C:\Users\Surgery\Downloads\KP Typing Tutor.zip_files
2019-06-12 16:42 - 2019-01-19 11:49 - 000015631 _____ C:\Users\Surgery\Desktop\Toepassingprogrammatuur_Test.docx.gerosan
2019-06-12 16:42 - 2019-01-19 10:18 - 000000000 ___RD C:\Users\Surgery\Dropbox
2019-06-12 16:42 - 2019-01-16 17:58 - 000909145 _____ C:\Users\Surgery\Desktop\Google Classroom.pdf.gerosan
2019-06-12 16:42 - 2019-01-15 16:19 - 000881617 _____ C:\Users\Surgery\Desktop\woordsoorte1.pptx.gerosan
2019-06-12 16:42 - 2019-01-15 10:45 - 000016844 _____ C:\Users\Surgery\Documents\WOORDSOORTE1.docx.gerosan
2019-06-12 16:42 - 2019-01-14 09:23 - 000013549 _____ C:\Users\Surgery\Documents\HOEKOM HOU EK NIE VAN HOMESCHOOLING BY DIE HUIS NIE.docx.gerosan
2019-06-12 16:42 - 2019-01-13 21:53 - 000074608 _____ C:\Users\Surgery\Documents\saa.docx.gerosan
2019-06-12 16:42 - 2019-01-13 18:32 - 000011577 _____ C:\Users\Surgery\Documents\Hello its is going to rain very hard In Randfontein South Africa.docx.gerosan
2019-06-12 16:42 - 2019-01-13 15:23 - 000000000 ____D C:\Brother
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2019
Ran by Jana_Mostert (15-06-2019 18:24:17)
Running from C:\Users\Surgery\Desktop
Windows 10 Pro Version 1803 17134.829 (X64) (2019-06-12 19:42:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-107219719-2777607667-2193668656-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-107219719-2777607667-2193668656-503 - Limited - Disabled)
Guest (S-1-5-21-107219719-2777607667-2193668656-501 - Limited - Disabled)
Jana_Mostert (S-1-5-21-107219719-2777607667-2193668656-1001 - Administrator - Enabled) => C:\Users\Surgery
WDAGUtilityAccount (S-1-5-21-107219719-2777607667-2193668656-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.80 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.14.304 - SurfRight B.V.)
Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-107219719-2777607667-2193668656-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM-x32\...\{90160000-001F-0422-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM-x32\...\{90160000-001F-0419-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.14.17.0_x86__kgqvnymyfvs32 [2019-06-14] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1530.2.0_x86__kgqvnymyfvs32 [2019-06-14] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-06-12] (Dolby Laboratories)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation) [MS Ad]
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.5.4.0_x64__jb41c8remg0x2 [2019-06-14] (Polarr)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype для бизнеса 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-0000-0000000FF1CE}\lyncicon.exe () <==== Cyrillic
==================== Loaded Modules (Whitelisted) ==============
2019-06-12 22:36 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-06-13 07:02 - 2019-06-13 06:58 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-107219719-2777607667-2193668656-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F1B3979C-61DC-43A2-94BB-43FFA8AEF237}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{22F4D57F-16D0-4717-A3AF-F2CF98469BF0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8DB960B9-FCBD-4264-8A9C-D02431220A15}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{103228BC-8EF1-46B7-9F5E-C6AB4A0978E6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E4E75A19-7FCC-4396-88D6-9A290BB64603}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
13-06-2019 09:02:08 Windows Update
==================== Faulty Device Manager Devices =============
Name: Broadcom USH w/swipe sensor
Description: Broadcom USH w/swipe sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2019 06:06:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (06/15/2019 04:09:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry
Error: (06/15/2019 04:05:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (06/15/2019 03:14:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (06/15/2019 03:13:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (06/15/2019 02:51:33 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Kaspersky Free - Update 'KIS 2019 MP0 family (Patch e)' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\MSIce703.LOG.
Error: (06/15/2019 02:16:50 PM) (Source: MsiInstaller) (EventID: 1013) (User: DESKTOP-J7HTNHM)
Description: Product: SuspendedBypass -- <<29017>>
Error: (06/15/2019 01:21:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
System errors:
=============
Error: (06/15/2019 06:18:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-J7HTNHM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-J7HTNHM\Jana_Mostert SID (S-1-5-21-107219719-2777607667-2193668656-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (06/15/2019 06:16:46 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-J7HTNHM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-J7HTNHM\Jana_Mostert SID (S-1-5-21-107219719-2777607667-2193668656-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (06/15/2019 06:09:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (06/15/2019 06:08:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (06/15/2019 06:08:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (06/15/2019 06:07:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (06/15/2019 06:05:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (06/15/2019 06:03:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2019-06-14 11:33:26.398
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CC2A931B-EE67-42C5-917E-FEEE14936F55}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-06-13 09:19:22.183
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: High
Category: Tool
Path: containerfile:_E:\Office Collection {2003,2007,2010,2013,2016} - [CrackzSoft]\Office\KMSpico Active.exe; file:_E:\Office Collection {2003,2007,2010,2013,2016} - [CrackzSoft]\Office\KMSpico Active.exe->(VFS:AutoPico.$$A)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.295.571.0, AS: 1.295.571.0, NIS: 1.295.571.0
Engine Version: AM: 1.1.16000.6, NIS: 1.1.16000.6
Date: 2019-06-13 09:18:57.601
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: High
Category: Tool
Path: containerfile:_E:\Office Collection {2003,2007,2010,2013,2016} - [CrackzSoft]\Office\KMSpico Active.exe; file:_E:\Office Collection {2003,2007,2010,2013,2016} - [CrackzSoft]\Office\KMSpico Active.exe->(VFS:AutoPico.$$A)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.295.571.0, AS: 1.295.571.0, NIS: 1.295.571.0
Engine Version: AM: 1.1.16000.6, NIS: 1.1.16000.6
Date: 2019-06-13 09:18:50.659
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: High
Category: Tool
Path: file:_E:\Office Collection {2003,2007,2010,2013,2016} - [CrackzSoft]\Office\KMSpico Active.exe->(VFS:AutoPico.$$A)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.295.571.0, AS: 1.295.571.0, NIS: 1.295.571.0
Engine Version: AM: 1.1.16000.6, NIS: 1.1.16000.6
Date: 2019-06-13 07:26:07.090
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanDownloader:Win32/Socelar
ID: 2147734469
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Windows.old\Users\Surgery\AppData\Local\Temp\853078\ic-0.89f1aa3117e1e.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.295.571.0, AS: 1.295.571.0, NIS: 1.295.571.0
Engine Version: AM: 1.1.16000.6, NIS: 1.1.16000.6
Date: 2019-06-14 14:02:32.322
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.295.686.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-06-14 11:15:52.712
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.295.686.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-06-14 07:10:47.812
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.295.619.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-06-13 16:08:37.277
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.295.619.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-06-13 13:56:59.615
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.295.619.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
==================== Memory info ===========================
BIOS: Dell Inc. A11 12/17/2008
Motherboard: Dell Inc. 0RX493
Processor: Intel® Core2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 68%
Total physical RAM: 4047.9 MB
Available physical RAM: 1256.66 MB
Total Virtual: 5455.9 MB
Available Virtual: 2227.36 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.15 GB) (Free:249.38 GB) NTFS
\\?\Volume{ff9d08ff-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{ff9d08ff-0000-0000-0000-a0684a000000}\ () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: FF9D08FF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=464 MB) - (Type=27)
==================== End of Addition.txt ============================